Menu
I have managed to push my application logs to AWS Cloudwatch by using the AWS CloudWatch log agent. But the CloudWatch web console does not seem to provide a button to allow you to download/export the log data from it.
Any idea how I can achieve this goal?
708
Change log data retention in CloudWatch Logs By default, log data is stored in CloudWatch Logs indefinitely. However, you can configure how long to store log data in a log group. Any data older than the current retention setting is deleted. You can change the log retention for each log group at any time.
Log retention – By default, logs are kept indefinitely and never expire. You can adjust the retention policy for each log group, keeping the indefinite retention, or choosing a retention period between 10 years and one day. Archive log data – You can use CloudWatch Logs to store your log data in highly durable storage.
There is no in-built capability to export Amazon CloudWatch metrics to CSV. There are API calls available to extract metrics, but you would need to write a program to call the API, receive the metrics and store it in a suitable format.
The latest AWS CLI has a CloudWatch Logs cli, that allows you to download the logs as JSON, text file or any other output supported by AWS CLI.
For example to get the first 1MB up to 10,000 log entries from the stream a in group A to a text file, run:
aws logs get-log-events \ --log-group-name A --log-stream-name a \ --output text > a.log The command is currently limited to a response size of maximum 1MB (up to 10,000 records per request), and if you have more you need to implement your own page stepping mechanism using the --next-token parameter. I expect that in the future the CLI will also allow full dump in a single command.
Here's a small Bash script to list events from all streams in a specific group, since a specified time:
#!/bin/bash function dumpstreams() { aws $AWSARGS logs describe-log-streams \ --order-by LastEventTime --log-group-name $LOGGROUP \ --output text | while read -a st; do [ "${st[4]}" -lt "$starttime" ] && continue stname="${st[1]}" echo ${stname##*:} done | while read stream; do aws $AWSARGS logs get-log-events \ --start-from-head --start-time $starttime \ --log-group-name $LOGGROUP --log-stream-name $stream --output text done } AWSARGS="--profile myprofile --region us-east-1" LOGGROUP="some-log-group" TAIL= starttime=$(date --date "-1 week" +%s)000 nexttime=$(date +%s)000 dumpstreams if [ -n "$TAIL" ]; then while true; do starttime=$nexttime nexttime=$(date +%s)000 sleep 1 dumpstreams done fi That last part, if you set TAIL will continue to fetch log events and will report newer events as they come in (with some expected delay).
82
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
