Search AWS CloudWatch Logs with Insights queries, flexible time ranges and wildcards in log group names from your command line.
Project description
qaws - Query AWS Logs
Command line utility for search in AWS CloudWatch Logs with Insights queries and flexible time ranges.
- Install latest via pip: https://pypi.org/project/qaws.
- You need Python 3.8 (you can try lower version - not tested)
- Ensure you have you Python's Bin directory in $PATH
- Execute "qaws" in your command line.
Status
Improvement proposals
- Wildcard should guarantee case insesitive name for group.
- Default walue for -t set to 1 day.
- Default value for -q set to "fields @timestamp, @message | limit 9999"
- Add switch to display group names in output.
- Default value for -g set to all groups?
- Workaround group amount limit?
- Workaround "limit 9999" limit?
- Set License to beer license?
- Validate users input.
Manual
NAME
qaws -- Query AWS CloudWatch logs
SYNOPSIS
qaws [-g groups...]
[-t starttime | starttime endtime]
[-q query]
DESCRIPTION
-h --help
Get this manual.
-g --groups groups ...
Specify 1 to N logging groups like "/ecs/someservice1". Wildcard * can be used like "*ecs*some*1".
If you specify only -g flag then it will print all groups in CloudWatch
-t --time starttime | starttime endtime
Specify starttime in history to more recent endtime in present.
Possible formats for time specification is:
ISO time: "2000-01-01T00:00:00"
Epoch in seconds: "1590314700"
Time relative to Now:
"1h" 1 hour ago
"1h 60m" 2 hours ago
"1h 60m 3600s" 3 hours ago
"3600s 60m 1h" 3 hours ago as well (order doesn't matter)
"3600s 3600s 3600s" 3 hours ago as well (items are repeatable)
"1y 1mo 1w 1d 1h 1m 1s" is possible as well
-g --query query
Query exactly as it is usually written in AWS CloudWatch Insights in Web Console:
fields @timestamp, @message
| filter @message like 'event'
| limit 10"
- It can take few minutes (~2 minutes) until logs appears in CloudWatch and therefore fetching logs
with '-t "1m"' may not return any results
- Even if you set '|limit 1' in --query then CloudWatch will anyway search over entire specified e.g. '-t "10d"'
history which can take lot of time
- When you use wildcard * in group names then it will take longer to finish query as all the log group names has to be fetched from AWS
EXAMPLES
- Prints all log groups in CloudWatch:
qaws \\
--groups
- Prints all log groups in CloudWatch matching wildcard:
qaws \\
--groups "*service*"
- Basic querying:
qaws \\
--groups "/ecs/myservice0" \\
--time "1h" \\
--query "fields @message"
- Multiple groups specified with one containing wildcard:
qaws \\
--groups "*ecs*service0" "/ecs/myservice1" "/ecs/myservice2" \\
--time "1d 1h 30m" \\
--query "fields @message"
- Query logs in between past 5 and 1 hour with wildcard:
qaws \\
--groups "/ecs/*" \\
--time "5h" "1h" \\
--query "fields @timestamp @message | filter @message like 'event' | limit 9000"
- Query logs in between two ISO dates:
qaws \\
--groups "/ecs/*" \\
--time "2020-05-24T00:00:00" "2020-05-24T12:00:00" \\
--query "fields @message | filter @message like 'event' | limit 9000"
- Combine relative time with ISO date:
qaws \\
--groups "/ecs/*" \\
--time "1y" "2020-05-24T00:00:00" \\
--query "fields @message | filter @message like 'event' | limit 9000"
AUTHORS
Jiri Kacirek (kacirek.j@gmail.com) 2020
IMPLEMENTATION
Python 3.8
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
qaws-0.4.1.tar.gz
(5.0 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
qaws-0.4.1-py3-none-any.whl
(6.7 kB
view details)
File details
Details for the file qaws-0.4.1.tar.gz.
File metadata
- Download URL: qaws-0.4.1.tar.gz
- Upload date:
- Size: 5.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.23.0 setuptools/46.4.0 requests-toolbelt/0.9.1 tqdm/4.46.0 CPython/3.8.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7eb19257283c0eea03431e2e22e1549b6f7bdf3cced9dc8e6c1936f06fa76d8c
|
|
| MD5 |
2f27ca0e2df79178a65f3441939285e4
|
|
| BLAKE2b-256 |
99068cf6cbbf767628266a046182ad44f7294d252595dfbb613e38949393546b
|
File details
Details for the file qaws-0.4.1-py3-none-any.whl.
File metadata
- Download URL: qaws-0.4.1-py3-none-any.whl
- Upload date:
- Size: 6.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.23.0 setuptools/46.4.0 requests-toolbelt/0.9.1 tqdm/4.46.0 CPython/3.8.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
20cd7a0584e0a0e1826a56bb3fec9566c64b304ff6756ec5d91b577d6f845408
|
|
| MD5 |
e0a3affd992acbcdbd1c5e6ff4a78a0c
|
|
| BLAKE2b-256 |
7acc53d637932cd8624c6af9a4da71a35fceeb11bdaf681e1aeb3ec431dd4d91
|
