steampipe plugin install awssteampipe plugin install aws

Table: aws_cloudwatch_log_subscription_filter - Query AWS CloudWatch Log Subscription Filters using SQL

The AWS CloudWatch Log Subscription Filter is a feature of Amazon CloudWatch Logs that enables you to route data from any log group to an AWS resource for real-time processing of log data. This feature can be used to stream data to AWS Lambda for custom processing or to Amazon Kinesis for storage, analytics, and machine learning. The subscription filter defines the pattern to match in the log events and the destination AWS resource where the matching events should be delivered.

Table Usage Guide

The aws_cloudwatch_log_subscription_filter table in Steampipe provides you with information about AWS CloudWatch Log Subscription Filters. This table enables you, as a DevOps engineer, data analyst, or other technical professional, to query subscription filter-specific details, including the associated log group, filter pattern, and destination ARN. You can utilize this table to gather insights on filters, such as the type of log events each filter is designed to match, the destination to which matched events are delivered, and more. The schema outlines the various attributes of the log subscription filter for you, including the filter name, filter pattern, role ARN, and associated tags.

Examples

Basic info

Gain insights into the creation and configuration of your AWS CloudWatch log subscription filters. This can be used to monitor and analyze the logs for patterns, ensuring efficient resource utilization and system health.

select
  name,
  log_group_name,
  creation_time,
  filter_pattern,
  destination_arn
from
  aws_cloudwatch_log_subscription_filter;

select
  name,
  log_group_name,
  creation_time,
  filter_pattern,
  destination_arn
from
  aws_cloudwatch_log_subscription_filter;

List the cloudwatch subscription filters that sends error logs to cloudwatch log groups

Identify instances where Cloudwatch subscription filters are set up to send error logs to specific log groups, which can be beneficial in maintaining system health and troubleshooting issues.

select
  name,
  log_group_name,
  filter_pattern
from
  aws_cloudwatch_log_subscription_filter
where
  filter_pattern ilike '%error%';

select
  name,
  log_group_name,
  filter_pattern
from
  aws_cloudwatch_log_subscription_filter
where
  filter_pattern like '%error%';

Number of subscription filters attached to each cloudwatch log group

Analyze your AWS Cloudwatch setup to understand the distribution of subscription filters across different log groups. This can help in optimizing log management by identifying log groups that may have too many or too few subscription filters.

select
  log_group_name,
  count(name) as subscription_filter_count
from
  aws_cloudwatch_log_subscription_filter
group by
  log_group_name;

select
  log_group_name,
  count(name) as subscription_filter_count
from
  aws_cloudwatch_log_subscription_filter
group by
  log_group_name;

Query examples

kinesis_streams_for_cloudwatch_log_group

Schema for aws_cloudwatch_log_subscription_filter

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
account_id	text	=, !=, ~~, ~~, !~~, !~~	The AWS Account ID in which the resource is located.
akas	jsonb		Array of globally unique identifier strings (also known as) for the resource.
creation_time	timestamp with time zone		The creation time of the subscription filter.
destination_arn	text		The Amazon Resource Name (ARN) of the destination.
distribution	text		The method used to distribute log data to the destination.
filter_pattern	text		A symbolic description of how CloudWatch Logs should interpret the data in each log event.
log_group_name	text	=	The name of the log group.
name	text	=	The name of the subscription filter.
partition	text		The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
region	text		The AWS Region in which the resource is located.
role_arn	text		The role associated to the filter.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
title	text		Title of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_cloudwatch_log_subscription_filter