The log search may fail sometimes. In case of a search failure, use the following methods for troubleshooting.
A log search failure is often caused by an incorrect time range or search statement. To address this issue, first select a larger time range (such as
last 30 minutes), leave the search bar empty, and search for logs.
If logs are found, it indicates that the log search is available. We recommend that you check the search syntax and rules or modify the time range.
The index configuration is required for CLS log search. In the top right of the Search Analysis page, click Index Configuration to enable both full-text index and key-value index. For more information, see Enabling Index.
The index configuration takes effect in about 1 minute. The new configuration is only effective for log data written subsequently.
If you’re using CLS’s LogListener client to collect logs, perform the following steps for troubleshooting:
If the server is exceptional, see Server Group Exception.
2. Check if LogListener obtains the collection configuration from the CLS server.
Run the following CLI commands:
If the result returns “[OK] check loglistener config ok” as shown in the following figure, it indicates that the API is successfully called to obtain the configuration from the CLS server. !(https://main.qcloudimg.com/raw/95022fc7832b36e2e8d51b6fe8ed3ab7.jpg) The `logconf` field in the result refers to the collection configuration. If this field is empty, it indicates that no collection configuration is obtained. See [LogListener Use Process](https://intl.cloud.tencent.com/document/product/614/31578) to create a server group and bind the collection configuration via the console.
LogListener earlier than 2.3.0 cannot collect log files in soft links.
etc/loglistener.confconfiguration file and restart LogListener.
Run the following commands to check if logs are successfully reported.
If log information similar to that shown in the following figure is displayed, logs are successfully reported to the CLS server.
tail -f log/loglistener.log | grep "ClsFileProc::readFile" | grep send
If logs are not reported, perform the following steps for troubleshooting:
If logs are reported through HTTP, you can capture packets from port 80 to verify whether logs are successfully reported.
If the configuration has been delivered to LogListener, log information is as follows:
tail -f log/loglistener.log | grep "ClsServerConf::load"
log_typeindicates the log parsing type. Valid values:
minimalist_log(full text in a single line),
json_log(JSON logs), and
regex_log(full text in multi lines).
pathindicates the log collection directory.
grep [Name of the reported log file] log/loglistener.log
grep regex_match log/loglistener.logcommand to search for log information and check whether the regular expression is correctly configured in the console. If the content shown in the following figure is displayed, the file name match based on the regular expression fails. In this case, please log in to the console and change the regular expression.
WARNare the first lines of logs. In addition to
(INFO|ERROR|WARN), the characters following
WARNalso need to be matched.