Table: aws_cloudwatch_log_subscription_filter - Query AWS CloudWatch Log Subscription Filters using SQL
The AWS CloudWatch Log Subscription Filter is a feature of Amazon CloudWatch Logs that enables you to route data from any log group to an AWS resource for real-time processing of log data. This feature can be used to stream data to AWS Lambda for custom processing or to Amazon Kinesis for storage, analytics, and machine learning. The subscription filter defines the pattern to match in the log events and the destination AWS resource where the matching events should be delivered.
Table Usage Guide
The aws_cloudwatch_log_subscription_filter
table in Steampipe provides you with information about AWS CloudWatch Log Subscription Filters. This table enables you, as a DevOps engineer, data analyst, or other technical professional, to query subscription filter-specific details, including the associated log group, filter pattern, and destination ARN. You can utilize this table to gather insights on filters, such as the type of log events each filter is designed to match, the destination to which matched events are delivered, and more. The schema outlines the various attributes of the log subscription filter for you, including the filter name, filter pattern, role ARN, and associated tags.
Examples
Basic info
Gain insights into the creation and configuration of your AWS CloudWatch log subscription filters. This can be used to monitor and analyze the logs for patterns, ensuring efficient resource utilization and system health.
select name, log_group_name, creation_time, filter_pattern, destination_arnfrom aws_cloudwatch_log_subscription_filter;
select name, log_group_name, creation_time, filter_pattern, destination_arnfrom aws_cloudwatch_log_subscription_filter;
List the cloudwatch subscription filters that sends error logs to cloudwatch log groups
Identify instances where Cloudwatch subscription filters are set up to send error logs to specific log groups, which can be beneficial in maintaining system health and troubleshooting issues.
select name, log_group_name, filter_patternfrom aws_cloudwatch_log_subscription_filterwhere filter_pattern ilike '%error%';
select name, log_group_name, filter_patternfrom aws_cloudwatch_log_subscription_filterwhere filter_pattern like '%error%';
Number of subscription filters attached to each cloudwatch log group
Analyze your AWS Cloudwatch setup to understand the distribution of subscription filters across different log groups. This can help in optimizing log management by identifying log groups that may have too many or too few subscription filters.
select log_group_name, count(name) as subscription_filter_countfrom aws_cloudwatch_log_subscription_filtergroup by log_group_name;
select log_group_name, count(name) as subscription_filter_countfrom aws_cloudwatch_log_subscription_filtergroup by log_group_name;
Schema for aws_cloudwatch_log_subscription_filter
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The AWS Account ID in which the resource is located. |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
creation_time | timestamp with time zone | The creation time of the subscription filter. | |
destination_arn | text | The Amazon Resource Name (ARN) of the destination. | |
distribution | text | The method used to distribute log data to the destination. | |
filter_pattern | text | A symbolic description of how CloudWatch Logs should interpret the data in each log event. | |
log_group_name | text | = | The name of the log group. |
name | text | = | The name of the subscription filter. |
partition | text | The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov). | |
region | text | The AWS Region in which the resource is located. | |
role_arn | text | The role associated to the filter. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
title | text | Title of the resource. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws
You can pass the configuration to the command with the --config
argument:
steampipe_export_aws --config '<your_config>' aws_cloudwatch_log_subscription_filter