Example of how to retrieve all logs from a log group stream

aws / aws-cli

Universal Command Line Interface for Amazon Web Services

Other

15.32k stars 4.07k forks source link

Example of how to retrieve all logs from a log group stream #8811

Open kaihendry opened 1 month ago

kaihendry commented 1 month ago

Describe the feature

Say you wanted to retrieve all slow logs and any future new slow logs from:

aws logs get-log-events --log-group-name "/aws/rds/instance/$dbname/slowquery" --log-stream-name "$dbname" >> slow.log

Currently, by default if you re-run the command you will get duplicates and not all the old logs.

Use Case

I'm always frustrated when I don't get all the slow logs.

Proposed Solution

Have some example shell in the documentation at the very least to demonstrate how to use the nextForwardToken

Other Information

No response

Acknowledgements

[ ] I may be able to implement this feature request
[ ] This feature might incur a breaking change

CLI version used

aws-cli/2.17.0

Environment details (OS name and version, etc.)

Python/3.11.9 Darwin/23.5.0 source/arm64

tim-finnigan commented 1 month ago

Thanks for reaching out. As an alternative have you tried using the start-query command with dedup in the query syntax to avoid getting duplicate results? Or using subscriptions for real-time processing of the logs?

kaihendry commented 1 month ago

Be good if you had a fully-fledged example with start-query dedup 😬

tim-finnigan commented 1 month ago

@kaihendry have you tried something like this?

aws logs start-query \
  --log-group-name my-log-group \
  --query-string "fields @message | dedup @message" \
  --start-time 1596300000 \
  --end-time 1596400000

kaihendry commented 1 month ago

But that's not idempotent, in the sense I'd have to figure out the start/end time, right?

tim-finnigan commented 1 month ago

Yes the StartQuery API requires parameters for start and end times. But that's a way to remove duplicates. In terms of streaming logs you can try start-live-tail (See example in User Guide) or tail and use the --follow parameter to poll for new logs.

kaihendry commented 1 month ago

Tailing doesn't help me. I just want all the logs in the log group / stream on my disk. When the slow logs for example get appended to, I want my local disk to be in sync. This use case seems incredibly difficult with the AWS cli right now.

tim-finnigan commented 1 week ago

Thanks for following up. I think the limitations here are with the CloudWatch Logs APIs that the AWS CLI commands use. Do you want to request an update to an existing API, propose a new API? Please specify your use case in full detail and we can bring it to the CloudWatch Logs team for consideration. What you're trying to do may be possible with a bash script like this and a cron job to keep your logs in sync.

github-actions[bot] commented 2 days ago

Greetings! It looks like this issue hasn’t been active in longer than five days. We encourage you to check if this is still an issue in the latest release. In the absence of more information, we will be closing this issue soon. If you find that this is still a problem, please feel free to provide a comment or upvote with a reaction on the initial post to prevent automatic closure. If the issue is already closed, please feel free to open a new one.