DocsICP FilingConsole
官方文档
首页

How do I perform a fuzzy query on logs?

更新时间:
复制 MD 格式
产品详情
我的收藏

This topic describes different ways to perform a fuzzy query.

Use query syntax for fuzzy queries

Query principle

  1. Simple Log Service queries the first 100 words that match the fuzzy match condition.

  2. It then uses these 100 words to retrieve the log entries that contain them.

Because the service queries only the first 100 matching words, the results may be inaccurate. This can occur if the prefix is short and matches more than 100 words in the logs. If you also use a NOT statement, some log entries may not be filtered as expected. For example, if you run the query statement not abcd*, words that start with abcd might still appear in the results.

Usage

In the Simple Log Service query syntax, the asterisk (*) represents zero or more characters, and the question mark (?) represents a single character. For example, abc* queries for words that start with abc. ab?d queries for words that start with ab, end with d, and have a single character in the middle. For more information, see Query syntax and features.

Use the SQL LIKE clause for precise fuzzy queries

The LIKE clause follows standard SQL LIKE syntax. In the LIKE syntax, the percent sign (%) represents zero or more characters, and the underscore (_) represents a single character.

For example, to query for all logs where the key starts with abcd, use the following query and analysis statement. 

* | select * from log where key like 'abcd%'

To query for all logs where the key does not start with abcd:

* | select * from log where key not like 'abcd%'

Use SQL regular expression functions for fuzzy queries

You can use regular expression functions to query for multiple words with a single expression. Regular expressions offer more powerful semantics than the LIKE syntax, allowing you to search for words that contain numbers or specific characters. For more information, see Regular expression functions.

Examples:

  • * | select * from log where regexp_like(key, abc*) : Queries for words that start with abc.

  • * | select * from log where regexp_like(key, abc\d+) : Queries for words that start with abc and are followed by one or more digits.

  • * | select * from log where regexp_like(key, abc[xyz]): Queries for words that start with abc and are followed by x, y, or z.

Previous:Log consumption vs. log queryNext:How do I query logs by exact match?