awslogs

awslogs is a simple command-line tool for querying groups, streams, and events from Amazon CloudWatch logs.

One of the most powerful features is to query events from several streams and consume them (ordered) in pseudo-real time using your favorite tools such as grep:

$ awslogs get /var/log/syslog ip-10-1.* –start=’2h ago’ | grep ERROR

Features

• Aggregate logs from across streams.
  • Aggregate all streams in a group.
  • Aggregate streams matching a regular expression.
• Colored output.
• List existing groups
  • $ awslogs groups
• List existing streams
  • $ awslogs streams /var/log/syslog
• Watch logs as they are created
  • $ awslogs get /var/log/syslog ALL –watch
• Human-friendly time filtering:
  • –start=’23/1/2015 14:23′
  • –start=’2h ago’
  • –start=’2d ago’
  • –start=’2w ago’
  • –start=’2d ago’ –end=’1h ago’
• Retrieve event metadata:
  • –timestamp Prints the creation timestamp of each event.
  • –ingestion-time Prints the ingestion time of each event.

How to provide AWS credentials to awslogs

Although the most straightforward thing to do might be used –aws-access-key-id and –aws-secret-access-key, this will eventually become a pain in the ass.

• If you only have one AWS account, my personal recommendation would be to configure aws-cli. awslogs will use those credentials if available. If you have multiple AWS profiles managed by aws-cli, just add –profile [PROFILE_NAME] at the end of every awslogs command to use those credentials, or set the AWS_PROFILE env variable.
• If you don’t want to setup aws-cli, I would recommend you to use envdir in order to make AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY available to awslogs.

Changelog v0.13

• – Use the configured region when using “–profile“.
• – Drop support for Python 2
• – Test against Python 3.7 and 3.8.

Installation

pip install awslogs

Use

Copyright (c) 2015 Benito Jorge Bastida