tencent cloud

Tencent Container Security Service

Release Notes
Product Introduction
Overview
Strengths
Use Cases
Features and Versions
Purchase Guide
Applying for Trial
Purchasing Pro Edition
Purchasing Image Scan
Purchasing Log Analysis
Getting Started
Operation Guide
Security Overview
Asset Management
Vulnerability Detection
Image Risk Management
Cluster Risk Management
Baseline Management
Runtime Security
Advanced Defense
Policy Management
Protection Switch
Alarm Settings
Log Analysis
Hybrid Cloud Installation Guide
Compromised Container Isolation
Log Field Data Parsing
Practical Tutorial
Mirror Vulnerability Scanning and Vulnerability Management
Troubleshooting
Offline Linux Client
Troubleshooting for Cluster Access
API Documentation
History
Introduction
API Category
Making API Requests
Network Security APIs
Cluster Security APIs
Security Compliance APIs
Runtime security - High-risk syscalls
Runtime Security - Reverse Shell APIs
Runtime Security APIs
Alert Settings APIs
Advanced prevention - K8s API abnormal requests
Asset Management APIs
Security Operations - Log Analysis APIs
Runtime Security - Trojan Call APIs
Runtime Security - Container Escape APIs
Image Security APIs
Billing APIs
Data Types
Error Codes
FAQs
TCSS Policy
Privacy Policy
Data Processing And Security Agreement
Contact Us
Glossary
DocumentationTencent Container Security ServiceOperation GuideLog AnalysisQuerying Log

Querying Log

PDF
Focus Mode
Font Size
Last updated: 2024-01-23 15:44:44
1. Log in to the TCSS console and click Security Operations > Log Analysis on the left sidebar.
2. On the Log Analysis page, filter log analysis results and perform appropriate operations.
Filter logs by time or type: At the top of the Log Analysis page, filter log analysis results by time (last 15 minutes, last hour, last 12 hours, last 24 hours, today, last 7 days, last 14 days, last 30 days, last 90 days, or a custom period) or by log type and click OK.

Filter logs by record field: At the top of the Log Analysis page, filter logs by field, which can be entered manually or automatically.
Manually enter the field: Enter the target field in the format of field name and field value and click Search. The search syntax description is as shown below.

Automatically enter the field: Click Filter templates and select the target template name, or click the historical record in the input box as shown above. To reuse a query template, click Save filter when manually entering a query statement to save the current configuration (log type and keyword).

Quickly view the log trend chart:
Method 1: To view logs within a specified period, scroll the mouse wheel to quickly view the blue bar chart above the log trend chart, which displays the statistical period and number of logs.
Method 2: Click the blue bar chart above the log trend chart to view more details.
3. On the Log Analysis page, fields are displayed in the log list based on the Displayed fields. If Displayed fields is Raw log (_source), all log fields are listed. Up to 60,000 data entries can be listed in the console.
Customize fields to be displayed or hidden:
Add to view: Move the cursor to a hidden field and click Add to view on the right to add it to the displayed fields. Only selected displayed fields are listed, and hidden fields are not.

Hide: Move the cursor to a displayed field and click Remove on the right to remove it from the displayed fields. The list on the right will no longer display this field.

Export: Click Export all in the top-left corner of the field details, and log analysis will export 60,000 logs meeting the search condition as a file and download it through the browser to a local directory.

Switch the display mode: Click Switch view in the top-right corner of the field details to display the displayed fields in a table column.

Previous Topic: OverviewNext Topic: Configuring Log

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback