aws-cli icon indicating copy to clipboard operation
aws-cli copied to clipboard

Published 20 hours ago verified publisher icon aws

Example of how to retrieve all logs from a log group stream

Open kaihendry opened this issue 1 year ago • 7 comments
trafficstars

Describe the feature

Say you wanted to retrieve all slow logs and any future new slow logs from:

aws logs get-log-events --log-group-name "/aws/rds/instance/$dbname/slowquery" --log-stream-name "$dbname" >> slow.log

Currently, by default if you re-run the command you will get duplicates and not all the old logs.

Use Case

I'm always frustrated when I don't get all the slow logs.

Proposed Solution

Have some example shell in the documentation at the very least to demonstrate how to use the nextForwardToken

Other Information

No response

Acknowledgements

  • [ ] I may be able to implement this feature request
  • [ ] This feature might incur a breaking change

CLI version used

aws-cli/2.17.0

Environment details (OS name and version, etc.)

Python/3.11.9 Darwin/23.5.0 source/arm64

kaihendry avatar Jul 22 '24 20:07 kaihendry

Thanks for reaching out. As an alternative have you tried using the start-query command with dedup in the query syntax to avoid getting duplicate results? Or using subscriptions for real-time processing of the logs?

tim-finnigan avatar Jul 26 '24 17:07 tim-finnigan

Be good if you had a fully-fledged example with start-query dedup 😬

kaihendry avatar Aug 02 '24 16:08 kaihendry

@kaihendry have you tried something like this?

aws logs start-query \
  --log-group-name my-log-group \
  --query-string "fields @message | dedup @message" \
  --start-time 1596300000 \
  --end-time 1596400000

tim-finnigan avatar Aug 02 '24 19:08 tim-finnigan

But that's not idempotent, in the sense I'd have to figure out the start/end time, right?

kaihendry avatar Aug 05 '24 08:08 kaihendry

Yes the StartQuery API requires parameters for start and end times. But that's a way to remove duplicates. In terms of streaming logs you can try start-live-tail (See example in User Guide) or tail and use the --follow parameter to poll for new logs.

tim-finnigan avatar Aug 05 '24 23:08 tim-finnigan

Tailing doesn't help me. I just want all the logs in the log group / stream on my disk. When the slow logs for example get appended to, I want my local disk to be in sync. This use case seems incredibly difficult with the AWS cli right now.

kaihendry avatar Aug 06 '24 10:08 kaihendry

Thanks for following up. I think the limitations here are with the CloudWatch Logs APIs that the AWS CLI commands use. Do you want to request an update to an existing API, propose a new API? Please specify your use case in full detail and we can bring it to the CloudWatch Logs team for consideration. What you're trying to do may be possible with a bash script like this and a cron job to keep your logs in sync.

tim-finnigan avatar Aug 27 '24 23:08 tim-finnigan

Greetings! It looks like this issue hasn’t been active in longer than five days. We encourage you to check if this is still an issue in the latest release. In the absence of more information, we will be closing this issue soon. If you find that this is still a problem, please feel free to provide a comment or upvote with a reaction on the initial post to prevent automatic closure. If the issue is already closed, please feel free to open a new one.

github-actions[bot] avatar Sep 07 '24 00:09 github-actions[bot]