Help us understand the problem. What is going on with this article?

Amazon CloudWatch LogsのログをAWS CLIでいい感じに取得する

Amazon CloudWatch LogsにあるログをAWS CLIでいい感じに取得する方法を毎回忘れている気がするのでメモ。

コマンド

とある環境でUnixBenchを走らせた際のログがあったのでそれを取得してみました。
ポイントは--query "events[].[message]" でログだけを抽出して、--output text でテキスト形式にします。

> aws logs get-log-events \
  --log-group-name <ロググループ名> \
  --log-stream-name <ストリーム名> \
  --query "events[].[message]" \
  --output text

   #    #  #    #  #  #    #          #####   ######  #    #   ####   #    #
   #    #  ##   #  #   #  #           #    #  #       ##   #  #    #  #    #
   #    #  # #  #  #    ##            #####   #####   # #  #  #       ######
   #    #  #  # #  #    ##            #    #  #       #  # #  #       #    #
   #    #  #   ##  #   #  #           #    #  #       #   ##  #    #  #    #
    ####   #    #  #  #    #          #####   ######  #    #   ####   #    #
   Version 5.1.3                      Based on the Byte Magazine Unix Benchmark
   Multi-CPU version                  Version 5 revisions by Ian Smith,
                                      Sunnyvale, CA, USA
   January 13, 2011                   johantheghost at yahoo period com
1 x Dhrystone 2 using register variables  1 2 3 4 5 6 7 8 9 10
1 x Double-Precision Whetstone  1 2 3 4 5 6 7 8 9 10
1 x Execl Throughput  1 2 3
1 x File Copy 1024 bufsize 2000 maxblocks  1 2 3
1 x File Copy 256 bufsize 500 maxblocks  1 2 3
1 x File Copy 4096 bufsize 8000 maxblocks  1 2 3
1 x Pipe Throughput  1 2 3 4 5 6 7 8 9 10
1 x Pipe-based Context Switching  1 2 3 4 5 6 7 8 9 10
1 x Process Creation  1 2 3
1 x System Call Overhead  1 2 3 4 5 6 7 8 9 10
1 x Shell Scripts (1 concurrent)  1 2 3
1 x Shell Scripts (8 concurrent)  1 2 3
2 x Dhrystone 2 using register variables  1 2 3 4 5 6 7 8 9 10
2 x Double-Precision Whetstone  1 2 3 4 5 6 7 8 9 10
2 x Execl Throughput  1 2 3
2 x File Copy 1024 bufsize 2000 maxblocks  1 2 3
2 x File Copy 256 bufsize 500 maxblocks  1 2 3
2 x File Copy 4096 bufsize 8000 maxblocks  1 2 3
2 x Pipe Throughput  1 2 3 4 5 6 7 8 9 10
2 x Pipe-based Context Switching  1 2 3 4 5 6 7 8 9 10
2 x Process Creation  1 2 3
2 x System Call Overhead  1 2 3 4 5 6 7 8 9 10
2 x Shell Scripts (1 concurrent)  1 2 3
2 x Shell Scripts (8 concurrent)  1 2 3

いい感じじゃない例

オプション指定なし

JSON形式で、ログメッセージ以外の項目があります。またnextForwardTokennextBackwardToken でページングしつつ取得することになります。
ローカルの`jq`コマンドを使って加工するならこの状態でも良いかもです。

> aws logs get-log-events \
  --log-group-name <ロググループ名> \
  --log-stream-name <ストリーム名>

{
    "nextForwardToken": "f/35067999245249879332392031329876277123727621361937743943",
    "events": [
        {
            "ingestionTime": 1572499609423,
            "timestamp": 1572499604566,
            "message": "gcc -o ./pgms/arithoh -DTIME -Wall -pedantic -ansi -O2 -fomit-frame-pointer -fforce-addr -ffast-math -Wall -Darithoh ./src/arith.c"
        },
        {
            "ingestionTime": 1572499609423,
            "timestamp": 1572499604652,
            "message": "gcc -o ./pgms/register -DTIME -Wall -pedantic -ansi -O2 -fomit-frame-pointer -fforce-addr -ffast-math -Wall -Ddatum='register int' ./src/arith.c"
        },
        {
            "ingestionTime": 1572499609423,
            "timestamp": 1572499604691,
            "message": "gcc -o ./pgms/short -DTIME -Wall -pedantic -ansi -O2 -fomit-frame-pointer -fforce-addr -ffast-math -Wall -Ddatum=short ./src/arith.c"
        },
(略)

改行がない

--query 指定をミスってる例。惜しいんですがちょっと違う。

> aws logs get-log-events \
  --log-group-name <ロググループ名> \
  --log-stream-name <ストリーム名> \
  --query "events[].message" \
  --output text

#    #  #    #  #  #    #          #####   ######  #    #   ####   #    #       #    #  ##   #  #   #  #           #    #  #       ##   #  #    #  #    #     #    #  # #  #  #    ##            #####   #####   # #  #  #       ######       #    #  #  # #  #    ##            #    #  #       #  # #  #       #    #     #    #  #   ##  #   #  #           #    #  #       #   ##  #    #  #    #     ####   #    #  #  #    #          #####   ######  #    #   ####   #    #        Version 5.1.3                      Based on the Byte Magazine Unix Benchmark          Multi-CPU version                  Version 5 revisions by Ian Smith,                                       Sunnyvale, CA, USA         January 13, 2011                   johantheghost at yahoo period com 1 x Dhrystone 2 using register variables  1 2 3 4 5 6 7 8 9 10        1 x Double-Precision Whetstone  1 2 3 4 5 6 7 8 9 10    1 x Execl Throughput  1 2 3     1 x File Copy 1024 bufsize 2000 maxblocks  1 2 3      1 x File Copy 256 bufsize 500 maxblocks  1 2 3  1 x File Copy 4096 bufsize 8000 maxblocks  1 2 3      1 x Pipe Throughput  1 2 3 4 5 6 7 8 9 10       1 x Pipe-based Context Switching  1 2 3 4 5 6 7 8 9 10  1 x Process Creation  1 2 3   1 x System Call Overhead  1 2 3 4 5 6 7 8 9 10  1 x Shell Scripts (1 concurrent)  1 2 3 1 x Shell Scripts (8 concurrent)  1 2 3       2 x Dhrystone 2 using register variables  1 2 3 4 5 6 7 8 9 10  2 x Double-Precision Whetstone  1 2 3 4 5 6 7 8 9 10 2 x Execl Throughput  1 2 3      2 x File Copy 1024 bufsize 2000 maxblocks  1 2 3        2 x File Copy 256 bufsize 500 maxblocks  1 2 32 x File Copy 4096 bufsize 8000 maxblocks  1 2 3        2 x Pipe Throughput  1 2 3 4 5 6 7 8 9 10       2 x Pipe-based Context Switching  1 2 3 4 5 6 7 8 9 10        2 x Process Creation  1 2 3     2 x System Call Overhead  1 2 3 4 5 6 7 8 9 10  2 x Shell Scripts (1 concurrent)  1 2 3       2 x Shell Scripts (8 concurrent)  1 2 3 
Why do not you register as a user and use Qiita more conveniently?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
Comments
Sign up for free and join this conversation.
If you already have a Qiita account
Why do not you register as a user and use Qiita more conveniently?
You need to log in to use this function. Qiita can be used more conveniently after logging in.
You seem to be reading articles frequently this month. Qiita can be used more conveniently after logging in.
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away