# CloudWatchQuery

> Building and executing queries to CloudWatch Logs

## Query CloudWatchLogs 

CloudWatch Logs support a [simple query language](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html), which we can use to search for different pattern in the logs.

We will start with some examples and then create the classes and functions to perform these queries.

In [None]:
simple_query = f'''
fields @timestamp, @message
| sort @timestamp desc
| limit 20 
'''

In [None]:
complex_query = f'''
filter @message like /GOING TO RUN SKILL/ 
| parse @message '"*" for SESSION *:* with PARAMETERS' as @skill, @channel, @id 
| stats count(@channel) by @skill
'''

In [None]:
from datetime import datetime, timedelta
import time


In [None]:
%pip install --upgrade boto3 awswrangler --quiet

Note: you may need to restart the kernel to use updated packages.


In [None]:
import awswrangler as wr
import pandas as pd
from datetime import datetime

In [None]:
LOG_GROUP_NAME = '/aws/apigateway/welcome'

In [None]:
import boto3
boto3.setup_default_session(region_name="us-east-2")

In [None]:
df = wr.cloudwatch.read_logs(
    log_group_names=[LOG_GROUP_NAME],
    query="fields @timestamp, @message | sort @timestamp desc | limit 5",
    boto3_session = boto3.Session(region_name="us-west-2")
)

In [None]:
df

Unnamed: 0,timestamp,message,ptr
0,2021-12-20 11:03:13.568,Cloudwatch logs enabled for API Gateway,CmAKKAokMzI3MTYzODM3MDU1Oi9hd3MvYXBpZ2F0ZXdheS...
1,2021-11-24 15:10:19.572,Cloudwatch logs enabled for API Gateway,CmAKKAokMzI3MTYzODM3MDU1Oi9hd3MvYXBpZ2F0ZXdheS...
2,2021-11-01 15:57:57.790,Cloudwatch logs enabled for API Gateway,CmAKKAokMzI3MTYzODM3MDU1Oi9hd3MvYXBpZ2F0ZXdheS...
3,2021-11-01 15:37:36.574,Cloudwatch logs enabled for API Gateway,CmAKKAokMzI3MTYzODM3MDU1Oi9hd3MvYXBpZ2F0ZXdheS...
4,2021-10-30 23:10:28.807,Cloudwatch logs enabled for API Gateway,CmAKKAokMzI3MTYzODM3MDU1Oi9hd3MvYXBpZ2F0ZXdheS...


In [None]:
#| default_exp CloudWatchQuery

In [None]:
#| hide
from nbdev.showdoc import *

In [None]:
#| export

import awswrangler as wr
import pandas as pd
import boto3

class CloudWatchQuery:
    "Configure a  CloudWatch query"
    def __init__(self, query, log_group): 
        self.query = query 
        self.log_group = log_group
        
    def get_df(self):
        "Execute the query"
        df = wr.cloudwatch.read_logs(
            log_group_names=[self.log_group],
            query=self.query,
            boto3_session = boto3.Session(region_name="us-west-2")
        )
        return df

In [None]:
cwq = CloudWatchQuery(simple_query, LOG_GROUP_NAME)

In [None]:
cwq.get_df()

Unnamed: 0,timestamp,message,ptr
0,2021-12-20 11:03:13.568,Cloudwatch logs enabled for API Gateway,CmAKKAokMzI3MTYzODM3MDU1Oi9hd3MvYXBpZ2F0ZXdheS...
1,2021-11-24 15:10:19.572,Cloudwatch logs enabled for API Gateway,CmAKKAokMzI3MTYzODM3MDU1Oi9hd3MvYXBpZ2F0ZXdheS...
2,2021-11-01 15:57:57.790,Cloudwatch logs enabled for API Gateway,CmAKKAokMzI3MTYzODM3MDU1Oi9hd3MvYXBpZ2F0ZXdheS...
3,2021-11-01 15:37:36.574,Cloudwatch logs enabled for API Gateway,CmAKKAokMzI3MTYzODM3MDU1Oi9hd3MvYXBpZ2F0ZXdheS...
4,2021-10-30 23:10:28.807,Cloudwatch logs enabled for API Gateway,CmAKKAokMzI3MTYzODM3MDU1Oi9hd3MvYXBpZ2F0ZXdheS...
5,2021-10-25 17:55:32.019,Cloudwatch logs enabled for API Gateway,CmAKKAokMzI3MTYzODM3MDU1Oi9hd3MvYXBpZ2F0ZXdheS...
6,2021-10-25 15:46:26.526,Cloudwatch logs enabled for API Gateway,CmAKKAokMzI3MTYzODM3MDU1Oi9hd3MvYXBpZ2F0ZXdheS...
7,2021-09-15 23:43:55.393,Cloudwatch logs enabled for API Gateway,CmAKKAokMzI3MTYzODM3MDU1Oi9hd3MvYXBpZ2F0ZXdheS...
8,2021-08-25 07:53:40.904,Cloudwatch logs enabled for API Gateway,CmAKKAokMzI3MTYzODM3MDU1Oi9hd3MvYXBpZ2F0ZXdheS...
9,2021-07-22 15:23:43.083,Cloudwatch logs enabled for API Gateway,CmAKKAokMzI3MTYzODM3MDU1Oi9hd3MvYXBpZ2F0ZXdheS...


In [None]:
#| hide
import nbdev; nbdev.nbdev_export()