alicloud-observability-sls-log-queryQuery and troubleshoot logs in Alibaba Cloud Log Service (SLS) using query|analysis syntax and the Python SDK. Use for time-bounded log search, error investigation, and root-cause analysis workflows.
Install via ClawdBot CLI:
clawdbot install cinience/alicloud-observability-sls-log-queryCategory: service
使用 SLS 的 query|analysis 语法与 Python SDK 做日志检索、过滤与统计分析。
python3 -m venv .venv
. .venv/bin/activate
python -m pip install -U aliyun-log-python-sdk
ALIBABA_CLOUD_ACCESS_KEY_IDALIBABA_CLOUD_ACCESS_KEY_SECRETSLS_ENDPOINT (如 cn-hangzhou.log.aliyuncs.com)SLS_PROJECTSLS_LOGSTOREstatus:500)。查询语句|分析语句。 | SELECT status, count() AS pv GROUP BY status详细语法见 references/query-syntax.md。
import os
import time
from aliyun.log import LogClient, GetLogsRequest
client = LogClient(
os.environ["SLS_ENDPOINT"],
os.environ["ALIBABA_CLOUD_ACCESS_KEY_ID"],
os.environ["ALIBABA_CLOUD_ACCESS_KEY_SECRET"],
)
project = os.environ["SLS_PROJECT"]
logstore = os.environ["SLS_LOGSTORE"]
query = "status:500"
start_time = int(time.time()) - 15 * 60
end_time = int(time.time())
request = GetLogsRequest(project, logstore, start_time, end_time, query=query)
response = client.get_logs(request)
for log in response.get_logs():
print(log.contents)
python skills/observability/sls/alicloud-observability-sls-log-query/scripts/query_logs.py \
--query "status:500" \
--last-minutes 15
Optional args: --project, --logstore, --endpoint, --start, --end, --last-minutes, --limit.
python skills/observability/sls/alicloud-observability-sls-log-query/scripts/troubleshoot.py \
--group-field status \
--last-minutes 30 \
--limit 20
Optional args: --error-query, --group-field, --limit, plus the time range args above.
1) 确认 Logstore 已开启索引(未开启会导致查询/分析失败)。
2) 编写查询语句,必要时追加分析语句。
3) 通过 SDK 或脚本执行查询并查看结果。
4) 用 limit 控制返回行数,必要时缩小时间范围。
references/query-syntax.mdreferences/python-sdk.mdreferences/templates.mdreferences/sources.mdGenerated Mar 1, 2026
Monitor HTTP status codes like 500 errors in real-time to quickly identify and troubleshoot application failures. This helps development teams reduce downtime by analyzing logs from web servers or application frameworks to pinpoint root causes such as database connectivity issues or code bugs.
Query logs for suspicious activities such as failed login attempts or unauthorized access patterns to detect potential security breaches. This enables security teams to perform forensic analysis by filtering logs based on IP addresses, user agents, or specific error messages to enhance threat detection and response.
Analyze system logs from servers or containers to identify performance bottlenecks like high latency or resource exhaustion. Operations teams can use aggregation queries to track metrics over time, helping optimize resource allocation and ensure service reliability in cloud environments.
Retrieve and filter logs to generate reports for regulatory compliance, such as tracking user actions or data access in healthcare or financial services. This supports audit workflows by providing timestamped log entries that demonstrate adherence to data protection standards and internal policies.
Integrate this skill into a SaaS platform offering log management and analytics as a service. Revenue is generated through subscription tiers based on log volume, query frequency, and advanced features like real-time alerts or custom dashboards, targeting businesses needing scalable cloud monitoring.
Use the skill as part of managed IT services to provide proactive log monitoring and troubleshooting for clients. Revenue comes from service contracts or pay-per-use models, where clients outsource their observability needs to reduce operational overhead and improve system uptime.
Embed the skill into DevOps tools or CI/CD pipelines to automate log analysis during deployments or incidents. Revenue is driven by licensing fees for enterprise tools or usage-based pricing in developer platforms, enhancing workflow efficiency for engineering teams.
💬 Integration Tip
Ensure environment variables for Alibaba Cloud credentials and SLS endpoints are securely configured before use to avoid authentication errors in automated workflows.
Automatically update Clawdbot and all installed skills once daily. Runs via cron, checks for updates, applies them, and messages the user with a summary of what changed.
Full desktop computer use for headless Linux servers. Xvfb + XFCE virtual desktop with xdotool automation. 17 actions (click, type, scroll, screenshot, drag,...
Essential Docker commands and workflows for container management, image operations, and debugging.
Tool discovery and shell one-liner reference for sysadmin, DevOps, and security tasks. AUTO-CONSULT this skill when the user is: troubleshooting network issues, debugging processes, analyzing logs, working with SSL/TLS, managing DNS, testing HTTP endpoints, auditing security, working with containers, writing shell scripts, or asks 'what tool should I use for X'. Source: github.com/trimstray/the-book-of-secret-knowledge
Deploy applications and manage projects with complete CLI reference. Commands for deployments, projects, domains, environment variables, and live documentation access.
Monitor topics of interest and proactively alert when important developments occur. Use when user wants automated monitoring of specific subjects (e.g., product releases, price changes, news topics, technology updates). Supports scheduled web searches, AI-powered importance scoring, smart alerts vs weekly digests, and memory-aware contextual summaries.