Kingsoft Cloud Elasticsearch Service (KES) provides the log query feature to enable you to view the operational logs of KES clusters. This helps you understand the operating status of clusters and maintain cluster stability.
- KES enables you to query the logs within seven consecutive days at most. You can query logs by using the Lucene syntax. For more information, see Query String Query. Logs can be queried based on the IP address, keyword, or time range.
- You can query main logs, slow search logs, slow indexing logs, and garbage collection (GC) logs.
- Logs are saved for one calendar month in reverse order of time by default. KES returns a maximum of 10,000 logs.
- A log contains the log time, node IP address, and log content.
The log content is composed of the following fields: level, ip, time, and content.
||The log level, which can be INFO, WARN, DEBUG, or ERROR.
||The IP address of the node in the KES cluster.
||The time when the log is generated.
||The content of the log.
- Log in to the KES console.
- In the cluster list, find the cluster for which you want to query logs and click the cluster name to go to the Cluster Details page.
- In the left navigation pane, click Log Query to use the log query feature. You can query logs based on the log type, node IP address, and keyword.
- Specify a keyword, such as heap.
- Specify a keyword for a field, such as content:heap.
- Enter a combination of multiple conditions, such as level:INFO AND ip:172.31.xx.xx.
- Note: The operator AND between multiple conditions must be in uppercase.
- Specify a time range for log query as needed. Click the time control to select the start time and end time for log query.
The search result varies depending on the time range:
- If you select only the start time, the end time is seven days after the start time by default. If the selected start time is less than seven days before the current date, the current time is used as the end time.
- If you select only the end time, the start time is seven days before the end time by default. If the cluster has been running for less than seven days, the time when the cluster starts running is used as the start time.
- If neither the start time nor the end time is selected, the time range is seven days by default.
- If both the start time and the end time are selected, the time range is the duration specified by the start time and end time.
Overview of logs
Main logs describe the level, time, and data in the operational logs of KES clusters.
Slow logs are used to capture and trace query and indexing requests that exceed the preset time thresholds. Generally, the time thresholds for KES to record slow logs are high. As a result, logs may fail to be generated in a timely manner for read and write exceptions. In this case, you cannot troubleshoot faults as early as possible. The solution is reducing the log recording thresholds. You can log in to the Kibana console and run the following commands to reduce the thresholds to capture more logs.