- Release Notes and Announcements
- User Tutorial
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Resource Management
- Permission Management
- Log Collection
- Collection Overview
- Collection by LogListener
- Uploading Log via Kafka
- Uploading Logs via Logback Appender
- Uploading Logs via Loghub log4j Appender
- Collection via SDK
- Importing Data
- Tencent Cloud Service Log Access
- Log Storage
- Log Search and Analytic
- Overview and Syntax Rules
- Configuring Index
- Analysis Syntax
- Analytic Functions
- String Function
- Date and Time Functions
- IP Geographic Function
- URL Function
- Mathematical Calculation Functions
- Mathematical Statistical Function
- General Aggregate Functions
- Geospatial Function
- Binary String Function
- Estimation Function
- Type Conversion Function
- Logical Function
- Operators
- Bitwise Operation
- Regular Expression Function
- Lambda Function
- Conditional Expressions
- Array Functions
- Interval-Valued Comparison and Periodicity-Valued Comparison Functions
- JSON Functions
- Window Functions
- Quick Analysis
- Context Search and Analysis
- Downloading Log
- Visual Analysis
- Data Processing
- Creating a Processing Task
- Viewing Data Processing Details
- Data Processing Functions
- Function Overview
- Key-Value Extraction Functions
- Enrichment Functions
- Flow Control
- Row Processing Functions
- Field Processing Functions
- Value Structuring Functions
- Regular Expression Processing Functions
- Time Value Processing Functions
- String Processing Functions
- Type Conversion Functions
- Logical Expression Functions
- Processing Cases
- Log Shipping
- Monitoring Alarm
- Function Processing
- Historical Documentation
- Best Practices
- Developer Guide
- API Documentation
- History
- API Category
- Making API Requests
- Log Topic APIs
- Logset APIs
- Topic Partition APIs
- Collection APIs
- Index APIs
- Log APIs
- Alarm Policy APIs
- Collection Configuration APIs
- COS Shipping Task APIs
- CKafka Shipping Task APIs
- Native Kafka Production and Consumption APIs
- Data Types
- Error Codes
- CLS API 2017
- Request Signature
- API Overview
- Collection Configuration
- Consumption Management
- Common Request Headers
- Common Response Headers
- Log Management
- Logset Management
- Log Topic Management
- Shipping Task Management (COS)
- Shipping Task Management (SCF)
- Shipping Task Management (CKafka)
- Machine Group Management
- Consumption Management
- Index Management
- Error Codes
- FAQs
- CLS Service Level Agreement
- Contact Us
- Glossary
- Release Notes and Announcements
- User Tutorial
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Resource Management
- Permission Management
- Log Collection
- Collection Overview
- Collection by LogListener
- Uploading Log via Kafka
- Uploading Logs via Logback Appender
- Uploading Logs via Loghub log4j Appender
- Collection via SDK
- Importing Data
- Tencent Cloud Service Log Access
- Log Storage
- Log Search and Analytic
- Overview and Syntax Rules
- Configuring Index
- Analysis Syntax
- Analytic Functions
- String Function
- Date and Time Functions
- IP Geographic Function
- URL Function
- Mathematical Calculation Functions
- Mathematical Statistical Function
- General Aggregate Functions
- Geospatial Function
- Binary String Function
- Estimation Function
- Type Conversion Function
- Logical Function
- Operators
- Bitwise Operation
- Regular Expression Function
- Lambda Function
- Conditional Expressions
- Array Functions
- Interval-Valued Comparison and Periodicity-Valued Comparison Functions
- JSON Functions
- Window Functions
- Quick Analysis
- Context Search and Analysis
- Downloading Log
- Visual Analysis
- Data Processing
- Creating a Processing Task
- Viewing Data Processing Details
- Data Processing Functions
- Function Overview
- Key-Value Extraction Functions
- Enrichment Functions
- Flow Control
- Row Processing Functions
- Field Processing Functions
- Value Structuring Functions
- Regular Expression Processing Functions
- Time Value Processing Functions
- String Processing Functions
- Type Conversion Functions
- Logical Expression Functions
- Processing Cases
- Log Shipping
- Monitoring Alarm
- Function Processing
- Historical Documentation
- Best Practices
- Developer Guide
- API Documentation
- History
- API Category
- Making API Requests
- Log Topic APIs
- Logset APIs
- Topic Partition APIs
- Collection APIs
- Index APIs
- Log APIs
- Alarm Policy APIs
- Collection Configuration APIs
- COS Shipping Task APIs
- CKafka Shipping Task APIs
- Native Kafka Production and Consumption APIs
- Data Types
- Error Codes
- CLS API 2017
- Request Signature
- API Overview
- Collection Configuration
- Consumption Management
- Common Request Headers
- Common Response Headers
- Log Management
- Logset Management
- Log Topic Management
- Shipping Task Management (COS)
- Shipping Task Management (SCF)
- Shipping Task Management (CKafka)
- Machine Group Management
- Consumption Management
- Index Management
- Error Codes
- FAQs
- CLS Service Level Agreement
- Contact Us
- Glossary
Overview
A log with full text in a single line means a line is a full log. When CLS collects logs, it uses the line break \n to mark the end of a log. For easier structural management, a default key value __CONTENT__ is given to each log, but the log data itself will no longer be structured, nor will the log field be extracted. The time attribute of a log is determined by the collection time.
Prerequisites
Assume that the raw data of a log is as follows:
Tue Jan 22 12:08:15 CST 2019 Installed: libjpeg-turbo-static-1.2.90-6.el7.x86_64
The log is eventually structured by CLS as follows:
__CONTENT__:Tue Jan 22 12:08:15 CST 2019 Installed: libjpeg-turbo-static-1.2.90-6.el7.x86_64
Directions
Logging in to the console
- Log in to the CLS console.
- In the left sidebar, click Log Topic to go to the log topic management page.
Creating a log topic
- Click Create Log Topic.
- In the pop-up, enter
test_fullas Log Topic Name and click OK.
Managing the machine group
- After the log topic is created successfully, click its name to go to the log topic management page.
- Click the Collection Configuration tab and click the format in which you need to collect logs.
- On the Machine Group Management page, select the machine group to which to bind the current log topic and click Next to proceed to collection configuration.
For more information, please see Machine Group Management.
Configuring collection
Configuring the log file collection path
On the Collection Configuration page, set Collection Path according to the log collection path format as shown below:
Log collection path format: [directory prefix expression]/**/[filename expression].
After the log collection path is entered, LogListener will match all common prefix paths that meet the [directory prefix expression] rule and listen for all log files in the directories (including subdirectories) that meet the [filename expression] rule. The parameters are as detailed below:
| Parameter | Description |
|---|---|
| Directory prefix | Directory structure of the log file prefix. Only wildcards \* and ? are supported.
|
| /**/ | Current directory and all its subdirectories. |
| Filename | Log filename. Only wildcards \* and ? are supported.
|
Common configuration modes are as follows:
- [Common directory prefix]/**/[common filename prefix]*
- [Common directory prefix]/**/*[common filename suffix]
- [Common directory prefix]/**/[common filename prefix]*[common filename suffix]
- [Common directory prefix]/**/*[common string]*
Below are examples:
| No. | Directory Prefix Expression | Filename Expression | Description |
|---|---|---|---|
| 1. | /var/log/nginx | access.log | In this example, the log path is configured as /var/log/nginx/**/access.log. LogListener will listen for log files named access.log in all subdirectories in the /var/log/nginx prefix path. |
| 2. | /var/log/nginx | *.log | In this example, the log path is configured as /var/log/nginx/**/*.log. LogListener will listen for log files suffixed with .log in all subdirectories in the /var/log/nginx prefix path. |
| 3. | /var/log/nginx | error* | In this example, the log path is configured as /var/log/nginx/**/error*. LogListener will listen for log files prefixed with error in all subdirectories in the /var/log/nginx prefix path. |
Note:
- Only LogListener 2.3.9 and above support adding multiple collection paths.
- The system does not support uploading logs with contents in multiple text formats, which may cause write failures, such as
key:"{"substream":XXX}".- You are advised to configure the collection path as
log/*.logand rename the old file after log rotation aslog/*.log.xxxx.- By default, a log file can only be collected by one log topic. If you want to have multiple collection configurations for the same file, please add a soft link to the source file and add it to another collection configuration.
Configuring the "full text in a single line" mode
In the Collection Configuration page, select Full text in a single line as the Extraction Mode.
Configuring the collection policy
- Full collection: when LogListener collects a file, it starts reading data from the beginning of the file.
- Incremental collection: when LogListener collects a file, it starts reading data 1 MB ahead of the end of the file (for a file less than 1 MB, incremental collection is equivalent to full collection).
Configuring filter rules
Filters are designed to help you extract valuable log data by adding log collection filter rules based on your business needs. If the filter rule is a Perl regular expression, the created filter rule will be used for matching; in other words, only logs that match the regular expression will be collected and reported.
By default, this "full text in a single line" mode uses __CONTENT__ as the key name of a log. Assume that a sample log is Tue Jan 22 12:08:15 CST 2019 Installed: libjpeg-turbo-static-1.2.90-6.el7.x86_64, and you want to collect all logs on Jan 22, then enter __CONTENT__ in Key and Tue Jan 22.* in Filter Rule.
Note:The relationship logic between multiple filter rules is "AND". If multiple filter rules are configured for the same key name, previous rules will be overwritten.
Configuring indexes
Click Next to go to the Index Configuration page.
On the Index Configuration page, set the following information:
- Index Status: select whether to enable it.
- Full-Text Index: select whether to set it to case-sensitive.
- Full-Text Delimiter: the default value is
@&()='",;:<>[]{}/ \n\t\rand can be modified as needed. - Key-Value Index: disabled by default. You can configure the field type, delimiters, and whether to enable statistical analysis according to the key name as needed. To enable key-value index, you can set
to 
.
Note:Index configuration must be enabled before you can perform searches.
Click OK to finish collection configuration.
Related Operations
Log search
- Log in to the CLS console.
- On the left sidebar, click Search and Analysis to enter the search and analysis page.
- Select the region, logset, and log topic as needed, and click Search and Analysis to search for logs according to the set query rules.
Yes
No
Was this page helpful?