LoginSignup
16

More than 3 years have passed since last update.

Amazon CloudWatch LogsのログをAWS CLIでいい感じに取得する

Posted at

Amazon CloudWatch LogsにあるログをAWS CLIでいい感じに取得する方法を毎回忘れている気がするのでメモ。

コマンド

とある環境でUnixBenchを走らせた際のログがあったのでそれを取得してみました。
ポイントは--query "events[].[message]" でログだけを抽出して、--output text でテキスト形式にします。

> aws logs get-log-events \
  --log-group-name <ロググループ名> \
  --log-stream-name <ストリーム名> \
  --query "events[].[message]" \
  --output text

   #    #  #    #  #  #    #          #####   ######  #    #   ####   #    #
   #    #  ##   #  #   #  #           #    #  #       ##   #  #    #  #    #
   #    #  # #  #  #    ##            #####   #####   # #  #  #       ######
   #    #  #  # #  #    ##            #    #  #       #  # #  #       #    #
   #    #  #   ##  #   #  #           #    #  #       #   ##  #    #  #    #
    ####   #    #  #  #    #          #####   ######  #    #   ####   #    #
   Version 5.1.3                      Based on the Byte Magazine Unix Benchmark
   Multi-CPU version                  Version 5 revisions by Ian Smith,
                                      Sunnyvale, CA, USA
   January 13, 2011                   johantheghost at yahoo period com
1 x Dhrystone 2 using register variables  1 2 3 4 5 6 7 8 9 10
1 x Double-Precision Whetstone  1 2 3 4 5 6 7 8 9 10
1 x Execl Throughput  1 2 3
1 x File Copy 1024 bufsize 2000 maxblocks  1 2 3
1 x File Copy 256 bufsize 500 maxblocks  1 2 3
1 x File Copy 4096 bufsize 8000 maxblocks  1 2 3
1 x Pipe Throughput  1 2 3 4 5 6 7 8 9 10
1 x Pipe-based Context Switching  1 2 3 4 5 6 7 8 9 10
1 x Process Creation  1 2 3
1 x System Call Overhead  1 2 3 4 5 6 7 8 9 10
1 x Shell Scripts (1 concurrent)  1 2 3
1 x Shell Scripts (8 concurrent)  1 2 3
2 x Dhrystone 2 using register variables  1 2 3 4 5 6 7 8 9 10
2 x Double-Precision Whetstone  1 2 3 4 5 6 7 8 9 10
2 x Execl Throughput  1 2 3
2 x File Copy 1024 bufsize 2000 maxblocks  1 2 3
2 x File Copy 256 bufsize 500 maxblocks  1 2 3
2 x File Copy 4096 bufsize 8000 maxblocks  1 2 3
2 x Pipe Throughput  1 2 3 4 5 6 7 8 9 10
2 x Pipe-based Context Switching  1 2 3 4 5 6 7 8 9 10
2 x Process Creation  1 2 3
2 x System Call Overhead  1 2 3 4 5 6 7 8 9 10
2 x Shell Scripts (1 concurrent)  1 2 3
2 x Shell Scripts (8 concurrent)  1 2 3

いい感じじゃない例

オプション指定なし

JSON形式で、ログメッセージ以外の項目があります。またnextForwardTokennextBackwardToken でページングしつつ取得することになります。
ローカルの`jq`コマンドを使って加工するならこの状態でも良いかもです。

> aws logs get-log-events \
  --log-group-name <ロググループ名> \
  --log-stream-name <ストリーム名>

{
    "nextForwardToken": "f/35067999245249879332392031329876277123727621361937743943",
    "events": [
        {
            "ingestionTime": 1572499609423,
            "timestamp": 1572499604566,
            "message": "gcc -o ./pgms/arithoh -DTIME -Wall -pedantic -ansi -O2 -fomit-frame-pointer -fforce-addr -ffast-math -Wall -Darithoh ./src/arith.c"
        },
        {
            "ingestionTime": 1572499609423,
            "timestamp": 1572499604652,
            "message": "gcc -o ./pgms/register -DTIME -Wall -pedantic -ansi -O2 -fomit-frame-pointer -fforce-addr -ffast-math -Wall -Ddatum='register int' ./src/arith.c"
        },
        {
            "ingestionTime": 1572499609423,
            "timestamp": 1572499604691,
            "message": "gcc -o ./pgms/short -DTIME -Wall -pedantic -ansi -O2 -fomit-frame-pointer -fforce-addr -ffast-math -Wall -Ddatum=short ./src/arith.c"
        },
(略)

改行がない

--query 指定をミスってる例。惜しいんですがちょっと違う。

> aws logs get-log-events \
  --log-group-name <ロググループ名> \
  --log-stream-name <ストリーム名> \
  --query "events[].message" \
  --output text

#    #  #    #  #  #    #          #####   ######  #    #   ####   #    #       #    #  ##   #  #   #  #           #    #  #       ##   #  #    #  #    #     #    #  # #  #  #    ##            #####   #####   # #  #  #       ######       #    #  #  # #  #    ##            #    #  #       #  # #  #       #    #     #    #  #   ##  #   #  #           #    #  #       #   ##  #    #  #    #     ####   #    #  #  #    #          #####   ######  #    #   ####   #    #        Version 5.1.3                      Based on the Byte Magazine Unix Benchmark          Multi-CPU version                  Version 5 revisions by Ian Smith,                                       Sunnyvale, CA, USA         January 13, 2011                   johantheghost at yahoo period com 1 x Dhrystone 2 using register variables  1 2 3 4 5 6 7 8 9 10        1 x Double-Precision Whetstone  1 2 3 4 5 6 7 8 9 10    1 x Execl Throughput  1 2 3     1 x File Copy 1024 bufsize 2000 maxblocks  1 2 3      1 x File Copy 256 bufsize 500 maxblocks  1 2 3  1 x File Copy 4096 bufsize 8000 maxblocks  1 2 3      1 x Pipe Throughput  1 2 3 4 5 6 7 8 9 10       1 x Pipe-based Context Switching  1 2 3 4 5 6 7 8 9 10  1 x Process Creation  1 2 3   1 x System Call Overhead  1 2 3 4 5 6 7 8 9 10  1 x Shell Scripts (1 concurrent)  1 2 3 1 x Shell Scripts (8 concurrent)  1 2 3       2 x Dhrystone 2 using register variables  1 2 3 4 5 6 7 8 9 10  2 x Double-Precision Whetstone  1 2 3 4 5 6 7 8 9 10 2 x Execl Throughput  1 2 3      2 x File Copy 1024 bufsize 2000 maxblocks  1 2 3        2 x File Copy 256 bufsize 500 maxblocks  1 2 32 x File Copy 4096 bufsize 8000 maxblocks  1 2 3        2 x Pipe Throughput  1 2 3 4 5 6 7 8 9 10       2 x Pipe-based Context Switching  1 2 3 4 5 6 7 8 9 10        2 x Process Creation  1 2 3     2 x System Call Overhead  1 2 3 4 5 6 7 8 9 10  2 x Shell Scripts (1 concurrent)  1 2 3       2 x Shell Scripts (8 concurrent)  1 2 3 

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
16