query_logs
Query and analyze log data from Alibaba Cloud SLS logstores to debug issues, investigate errors, and perform log analysis using time ranges and filter queries.
Instructions
Query log data from an SLS logstore with a time range and optional filter query. Returns formatted log entries. Use for debugging, error investigation, and log analysis. Supports SLS query syntax like "level: ERROR", "content: timeout", "status: 500 AND method: POST".
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| project | Yes | SLS project name | |
| logstore | Yes | SLS logstore name | |
| query | No | SLS query statement. Examples: "*" for all logs, "level: ERROR", "content: timeout", "level: ERROR AND status: 500" | * |
| time_range | No | Relative time range. Formats: 1m, 5m, 15m, 30m, 1h, 2h, 6h, 12h, 1d, 3d, 7d | 15m |
| from | No | Start time as Unix timestamp (seconds). Overrides time_range if provided. | |
| to | No | End time as Unix timestamp (seconds). Used with from parameter. | |
| max_logs | No | Maximum number of logs to return (1-500). Default: 50 | |
| region | No | Alibaba Cloud region ID, e.g. cn-hangzhou. Defaults to SLS_REGION env variable. |
Implementation Reference
- src/tools/query-logs.ts:64-109 (handler)The handleQueryLogs function implements the core logic for the "query_logs" tool, processing inputs, executing the query, and formatting the results.
export async function handleQueryLogs(input: QueryLogsInput): Promise<string> { let from: number; let to: number; if (input.from && input.to) { from = input.from; to = input.to; } else { const range = parseTimeRange(input.time_range); from = range.from; to = range.to; } const result = await queryLogs({ project: input.project, logstore: input.logstore, query: input.query, from, to, maxLogs: input.max_logs, region: input.region, }); const fromStr = formatTimestamp(from); const toStr = formatTimestamp(to); const header = [ `## SLS Query Results`, `**Project**: ${input.project} / **Logstore**: ${input.logstore}`, `**Time**: ${fromStr} → ${toStr}`, `**Query**: \`${input.query}\``, `**Returned**: ${result.logs.length} logs${result.hasMore ? ` (more available, total count: ${result.count})` : ` / total: ${result.count}`}`, ].join('\n'); if (result.logs.length === 0) { return `${header}\n\nNo logs found matching the query.`; } const logEntries = result.logs.map((log, i) => formatLogEntry(log, i)).join('\n\n---\n\n'); const footer = result.hasMore ? `\n\n> **Note**: Results truncated at ${input.max_logs}. Increase \`max_logs\` or narrow the query/time range.` : ''; return `${header}\n\n${logEntries}${footer}`; } - src/tools/query-logs.ts:4-35 (schema)The Zod schema definition for the input parameters of the "query_logs" tool.
export const queryLogsSchema = z.object({ project: z.string().describe('SLS project name'), logstore: z.string().describe('SLS logstore name'), query: z .string() .default('*') .describe( 'SLS query statement. Examples: "*" for all logs, "level: ERROR", "content: timeout", "level: ERROR AND status: 500"' ), time_range: z .string() .default('15m') .describe('Relative time range. Formats: 1m, 5m, 15m, 30m, 1h, 2h, 6h, 12h, 1d, 3d, 7d'), from: z .number() .optional() .describe('Start time as Unix timestamp (seconds). Overrides time_range if provided.'), to: z .number() .optional() .describe('End time as Unix timestamp (seconds). Used with from parameter.'), max_logs: z .number() .min(1) .max(500) .default(50) .describe('Maximum number of logs to return (1-500). Default: 50'), region: z .string() .optional() .describe('Alibaba Cloud region ID, e.g. cn-hangzhou. Defaults to SLS_REGION env variable.'), }); - src/index.ts:90-92 (registration)Registration and invocation logic for the "query_logs" tool within the main server file.
case 'query_logs': { const input = queryLogsSchema.parse(args); text = await handleQueryLogs(input);