使用Insights查询、灵活的时间范围和命令行日志组名称中的通配符搜索AWS CloudWatch日志。
qaws的Python项目详细描述
qaws-查询AWS日志
用于在AWS CloudWatch日志中搜索的命令行实用程序,具有Insights查询和灵活的时间范围。在
- 通过pip:https://pypi.org/project/qaws安装最新版本。在
- 您需要Python3.8(可以尝试较低版本-未测试)
- 确保在$PATH中有Python的Bin目录
- 在命令行中执行“qaws”。在
状态
改进建议
- 通配符应保证组的名称不区分大小写。在
- 默认值为-t设置为1天。在
- -q的默认值设置为“fields@timestamp,@message | limit 9999”
- 添加开关以在输出中显示组名称。在
- -g的默认值是否设置为所有组?在
- 解决方案组金额限制?在
- 解决方法“限制9999”限制?在
- 把许可证换成啤酒许可证?在
- 验证用户输入。在
手册
NAME
qaws -- Query AWS CloudWatch logs
SYNOPSIS
qaws [-g groups...]
[-t starttime | starttime endtime]
[-q query]
DESCRIPTION
-h --help
Get this manual.
-g --groups groups ...
Specify 1 to N logging groups like "/ecs/someservice1". Wildcard * can be used like "*ecs*some*1".
If you specify only -g flag then it will print all groups in CloudWatch
-t --time starttime | starttime endtime
Specify starttime in history to more recent endtime in present.
Possible formats for time specification is:
ISO time: "2000-01-01T00:00:00"
Epoch in seconds: "1590314700"
Time relative to Now:
"1h" 1 hour ago
"1h 60m" 2 hours ago
"1h 60m 3600s" 3 hours ago
"3600s 60m 1h" 3 hours ago as well (order doesn't matter)
"3600s 3600s 3600s" 3 hours ago as well (items are repeatable)
"1y 1mo 1w 1d 1h 1m 1s" is possible as well
-g --query query
Query exactly as it is usually written in AWS CloudWatch Insights in Web Console:
fields @timestamp, @message
| filter @message like 'event'
| limit 10"
- It can take few minutes (~2 minutes) until logs appears in CloudWatch and therefore fetching logs
with '-t "1m"' may not return any results
- Even if you set '|limit 1' in --query then CloudWatch will anyway search over entire specified e.g. '-t "10d"'
history which can take lot of time
- When you use wildcard * in group names then it will take longer to finish query as all the log group names has to be fetched from AWS
EXAMPLES
- Prints all log groups in CloudWatch:
qaws \\
--groups
- Prints all log groups in CloudWatch matching wildcard:
qaws \\
--groups "*service*"
- Basic querying:
qaws \\
--groups "/ecs/myservice0" \\
--time "1h" \\
--query "fields @message"
- Multiple groups specified with one containing wildcard:
qaws \\
--groups "*ecs*service0" "/ecs/myservice1" "/ecs/myservice2" \\
--time "1d 1h 30m" \\
--query "fields @message"
- Query logs in between past 5 and 1 hour with wildcard:
qaws \\
--groups "/ecs/*" \\
--time "5h" "1h" \\
--query "fields @timestamp @message | filter @message like 'event' | limit 9000"
- Query logs in between two ISO dates:
qaws \\
--groups "/ecs/*" \\
--time "2020-05-24T00:00:00" "2020-05-24T12:00:00" \\
--query "fields @message | filter @message like 'event' | limit 9000"
- Combine relative time with ISO date:
qaws \\
--groups "/ecs/*" \\
--time "1y" "2020-05-24T00:00:00" \\
--query "fields @message | filter @message like 'event' | limit 9000"
AUTHORS
Jiri Kacirek (kacirek.j@gmail.com) 2020
IMPLEMENTATION
Python 3.8
- 项目
标签:
欢迎加入QQ群-->: 979659372
