例如(level:ERROR AND pid:1234) AND service:test为2层嵌套,可正常执行检索;而下面的语句为11层嵌套,执行检索将会报错status:"499" AND ("0.000" AND (request_length:"528" AND ("https" AND (url:"/api" AND (version:"HTTP/1.1" AND ("2021" AND ("0" AND (upstream_addr:"169.254.128.14" AND (method:"GET" AND (remote_addr:"114.86.92.100"))))))))))
内存占用量(分析)
统计分析每次所占用的服务端内存不能超过3GB
通常在使用 group by、distinct()、count(distinct()) 时可能触发该限制,是由于被统计的字段在通过 group by 或 distinct() 去重后值过多导致的。建议优化查询语句,使用值更少的字段对数据进行分组统计;或使用 approx_distinct() 替代 count(distinct())
59.x.x.x - - [06/Aug/2019:12:12:19 +0800]"GET /nginx-logo.png HTTP/1.1"200368"http://119.x.x.x/""Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36""-"
多行日志示例:
java.net.SocketTimeoutException:Receive timed out
at j.n.PlainDatagramSocketImpl.receive0(Native Method)[na:1.8.0_151]
at j.n.AbstractPlainDatagramSocketImpl.receive(AbstractPlainDatagramSocketImpl.java:143)[^]
at j.n.DatagramSocket.receive(DatagramSocket.java:812)[^]
at o.s.n.SntpClient.requestTime(SntpClient.java:213)[classes/]
at o.s.n.SntpClient$1.call(^:145)[^]
at ^.call(^:134)[^]
at o.s.f.SyncRetryExecutor.call(SyncRetryExecutor.java:124)[^]
at o.s.f.RetryPolicy.call(RetryPolicy.java:105)[^]
at o.s.f.SyncRetryExecutor.call(SyncRetryExecutor.java:59)[^]
at o.s.n.SntpClient.requestTimeHA(SntpClient.java:134)[^]
at ^.requestTimeHA(^:122)[^]
at o.s.n.SntpClientTest.test2h(SntpClientTest.java:89)[test-classes/]
at s.r.NativeMethodAccessorImpl.invoke0(Native Method)[na:1.8.0_151]
