How to display all CloudWatch logs from log stream if one log has a specific message?

Question

I'm pretty new to AWS CloudWatch logs query syntax and looking for a solution to my problem.

I want to come up with proper CloudWatch query that would display all the logs from a specific log stream if one log in it contains a unique value. It looks like executing 1 query based on the result of the previous.

First one looks like:

fields @message, @logStream 
| filter @message like /UNIQUE_VALUE/

And it yields result in a following form:

#  @message      @logStream
1  UNIQUE_VALUE  log_stream/1a23c4

And the last query:

fields @message
| filter @logStream like "log-stream/1a23c4"
| sort asc

Ideally, I want to make it a parameterised CloudWatch query - I input UNIQUE_VALUE and receive an output of last query.

Answer 1

After doing some research on AWS CloudWatch logs, I've discovered that there is not out-of-the-box solution for my problem.
Here is how that is solved if using SumoLogic.

Custom way of solving it on AWS side would be to use AWS API.
Below is possible solution using python boto3 lib:

1. We create query to search the logs.
2. We poll it for results until we find the value we seek.

It is not what I was seeking for, but it solves my problem, though, with unnecessary complications.

If anyone have other options that I might have missed, I'd be very grateful for sharing your thoughts on the matter.