steampipe plugin install aws

Table: aws_cloudwatch_log_stream - Query AWS CloudWatch Log Stream using SQL

The AWS CloudWatch Log Stream is a feature of AWS CloudWatch service that allows you to monitor, store, and access your log files from Amazon EC2 instances, AWS CloudTrail, and other sources. It provides real-time view of your logs and can store the data for as long as you need. It is useful for troubleshooting operational issues and identifying security incidents.

Table Usage Guide

The aws_cloudwatch_log_stream table in Steampipe provides you with information about each log stream within a log group in AWS CloudWatch. This table empowers you, as a DevOps engineer, to query log stream-specific details, including the creation time, the time of the last log event, and the stored bytes. You can utilize this table to gather insights on log streams, such as identifying log streams with the most recent activity, tracking the growth of log data, and more. The schema outlines the various attributes of the log stream, including the log group name, log stream name, creation time, and stored bytes for you.

Important Notes

  • To enhance performance, it is recommended to utilize the optional qualifiers name, log_stream_name_prefix, descending, and order_by for result set limitation.
  • It's important to note that the columns name and log_stream_name_prefix cannot be specified together. If both are included as query parameters in the where clause, the name parameter value will be overridden by the log_stream_name_prefix parameter value in the input.
  • The value of the order_by column can be either LogStreamName or LastEventTime. If the value is LogStreamName, the results are ordered by log stream name. If the value is LastEventTime, the results are ordered by the event time. The default value is LogStreamName. If you order the results by event time, you cannot specify the logStreamNamePrefix parameter. LastEventTimestamp represents the time of the most recent log event in the log stream in CloudWatch Logs. This number is expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC. lastEventTimestamp updates on an eventual consistency basis. It typically updates in less than an hour from ingestion, but in rare situations might take longer.
  • If the descending key column value is true, results are returned in descending order. If the value is to false, results are returned in ascending order. The default value is false.

Examples

Basic info

Explore which AWS CloudWatch log streams are active across different regions to manage and monitor your AWS resources effectively. This can help identify any regional patterns or irregularities in your log stream distribution.

select
name,
log_group_name,
region
from
aws_cloudwatch_log_stream;
select
name,
log_group_name,
region
from
aws_cloudwatch_log_stream;

Count of log streams per log group

Assess the elements within your AWS Cloudwatch to understand the distribution of log streams across different log groups. This can be useful in identifying groups with excessive streams, potentially indicating areas that require attention or optimization.

select
log_group_name,
count(*) as log_stream_count
from
aws_cloudwatch_log_stream
group by
log_group_name;
select
log_group_name,
count(*) as log_stream_count
from
aws_cloudwatch_log_stream
group by
log_group_name;

Schema for aws_cloudwatch_log_stream

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
arntextThe Amazon Resource Name (ARN) of the log stream.
creation_timetimestamp with time zoneThe creation time of the log stream.
descendingboolean=If the value is true, results are returned in descending order. If the value is to false, results are returned in ascending order. The default value is false.
first_event_timestamptimestamp with time zoneThe time of the first event.
last_event_timestamptimestamp with time zoneThe time of the most recent log event in the log stream in CloudWatch Logs.
last_ingestion_timetimestamp with time zoneSpecifies the last log ingestion time.
log_group_nametext=The name of the log group, in which the log stream belongs.
log_stream_name_prefixtext=The prefix to match the name of the log stream.
nametext=The name of the log stream.
order_bytext=If the value is LogStreamName, the results are ordered by log stream name. If the value is LastEventTime, the results are ordered by the event time. The default value is LogStreamName. If you order the results by event time, you cannot specify the logStreamNamePrefix parameter. LastEventTimestamp represents the time of the most recent log event in the log stream in CloudWatch Logs.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
regiontextThe AWS Region in which the resource is located.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
titletextTitle of the resource.
upload_sequence_tokentextSpecifies the log upload sequence token.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_cloudwatch_log_stream