Menu
Is there a way to include N lines before and/or after a matching pattern in AWS CloudWatch Logs?
Let's say I have this query and would like 3 lines before and after each match.
aws logs filter-log-events --log-group-name my-group --filter-pattern "mypattern"
The only work around I have at the moment is to remove the filter pattern and use grep:
aws logs filter-log-events --log-group-name my-group | grep -A 3 -B 3 mypattern
However, I would like to only stream the log events I need and do it as part of the aws log events query.
900
You can search and filter the log data coming into CloudWatch Logs by creating one or more metric filters. Metric filters define the terms and patterns to look for in log data as it is sent to CloudWatch Logs.
Filtering on timestamp is done with the range selector on the top right in the Logs Insights Console or with the startTime and endTime parameters on the StartQuery API.
To run a query with an aggregation function Open the CloudWatch console at https://console.aws.amazon.com/cloudwatch/ . In the navigation pane, choose Logs, and then choose Logs Insights. In the Select log group(s) drop down, choose one or more log groups to query.
This is currently not supported by AWS (confirmed by a contributor), but there is an open GitHub issue for tracking the feature to potentially support this in the future.
In the meantime, you will have to resort to filtering after the logs are streamed as mentioned in the question.
aws logs filter-log-events --log-group-name my-group | grep -A 3 -B 3 mypattern
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With