query_logs_sql
Execute SQL queries on Alibaba Cloud SLS logs to perform analysis, aggregation, and statistical calculations for monitoring and troubleshooting purposes.
Instructions
Execute a SQL query against an SLS project for log analysis and aggregation. Best for counting, grouping, statistical analysis. Example: "SELECT status, count(*) as cnt FROM WHERE time > 1700000000 GROUP BY status".
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| project | Yes | SLS project name | |
| query | Yes | SQL query with mandatory time range. Must include FROM clause with logstore and time filter using __date__ or __time__. Example: "SELECT status, count(*) as cnt FROM <logstore> WHERE __date__ > '2024-01-01 00:00:00' GROUP BY status ORDER BY cnt DESC" | |
| time_range | No | Relative time range used to fill __time__ filter. Formats: 15m, 1h, 6h, 1d | 1h |
| from | No | Start time as Unix timestamp (seconds). Overrides time_range. | |
| to | No | End time as Unix timestamp (seconds). | |
| region | No | Alibaba Cloud region ID, e.g. cn-hangzhou. Defaults to SLS_REGION env variable. |
Implementation Reference
- src/tools/query-logs-sql.ts:32-71 (handler)The handler function `handleQueryLogsSQL` that executes the SQL query using `queryLogsBySQL`.
export async function handleQueryLogsSQL(input: QueryLogsSQLInput): Promise<string> { let from: number; let to: number; if (input.from && input.to) { from = input.from; to = input.to; } else { const range = parseTimeRange(input.time_range); from = range.from; to = range.to; } const result = await queryLogsBySQL({ project: input.project, query: input.query, from, to, region: input.region, }); const fromStr = formatTimestamp(from); const toStr = formatTimestamp(to); const header = [ `## SLS SQL Query Results`, `**Project**: ${input.project}`, `**Time**: ${fromStr} → ${toStr}`, `**Query**: \`${input.query}\``, `**Rows**: ${result.logs.length}${result.processedRows ? ` (processed ${result.processedRows} rows)` : ''}`, ].join('\n'); if (result.logs.length === 0) { return `${header}\n\nNo results returned.`; } const rows = result.logs.map((row, i) => `[${i + 1}] ${formatRow(row)}`).join('\n'); return `${header}\n\n${rows}`; } - src/tools/query-logs-sql.ts:4-21 (schema)Input validation schema `queryLogsSQLSchema` for `query_logs_sql`.
export const queryLogsSQLSchema = z.object({ project: z.string().describe('SLS project name'), query: z .string() .describe( 'SQL query with mandatory time range. Must include FROM clause with logstore and time filter using __date__ or __time__. Example: "SELECT status, count(*) as cnt FROM <logstore> WHERE __date__ > \'2024-01-01 00:00:00\' GROUP BY status ORDER BY cnt DESC"' ), time_range: z .string() .default('1h') .describe('Relative time range used to fill __time__ filter. Formats: 15m, 1h, 6h, 1d'), from: z.number().optional().describe('Start time as Unix timestamp (seconds). Overrides time_range.'), to: z.number().optional().describe('End time as Unix timestamp (seconds).'), region: z .string() .optional() .describe('Alibaba Cloud region ID, e.g. cn-hangzhou. Defaults to SLS_REGION env variable.'), }); - src/index.ts:38-42 (registration)Registration of the `query_logs_sql` tool definition in the server.
name: 'query_logs_sql', description: 'Execute a SQL query against an SLS project for log analysis and aggregation. Best for counting, grouping, statistical analysis. Example: "SELECT status, count(*) as cnt FROM <logstore> WHERE __time__ > 1700000000 GROUP BY status".', inputSchema: zodToJsonSchema(queryLogsSQLSchema) as Tool['inputSchema'], }, - src/index.ts:95-98 (handler)Request handler branch for `query_logs_sql` in `src/index.ts`.
case 'query_logs_sql': { const input = queryLogsSQLSchema.parse(args); text = await handleQueryLogsSQL(input); break;