Skip to content

Instantly share code, notes, and snippets.

@josegomezr

josegomezr/pull_cloudwatch_log.sh

Created May 11, 2020 17:24
Show Gist options
  • Save josegomezr/d31b77056afe2cfe8c03b07fb12fd8fd to your computer and use it in GitHub Desktop.
Save josegomezr/d31b77056afe2cfe8c03b07fb12fd8fd to your computer and use it in GitHub Desktop.
Download ZIP
Pull a complete cloudwatch logstream to your local machine
Raw
pull_cloudwatch_log.sh
# usage bash pull_cloudwatch_log.sh <log-group name> <log-stream-name> [<output-file>]
LOG_GROUP="${1:-log-group-name}"
LOG_STREAM="${2:-log-stream-name}"
OUTFILE="${3:-output.log}"
echo "Fetching logstream: $LOG_STREAM"
LOGOUTPUT="$(aws logs get-log-events --log-group-name $LOG_GROUP --log-stream-name $LOG_STREAM --output text --start-from-head)"
echo "Flushing chunk on $OUTFILE"
echo "$LOGOUTPUT" >> $OUTFILE
OLD_TOKEN=
NEW_TOKEN=$(echo "$LOGOUTPUT" | head -n1 | grep -o 'f/.\+')
while [[ "$OLD_TOKEN" != "$NEW_TOKEN" ]]; do
echo "Next token: $NEW_TOKEN"
echo "Fetching logstream: $LOG_STREAM"
LOGOUTPUT="$(aws logs get-log-events --next-token $NEW_TOKEN --log-group-name $LOG_GROUP --log-stream-name $LOG_STREAM --output text --start-from-head)"
echo "Flushing chunk on $OUTFILE"
echo "$LOGOUTPUT" >> $OUTFILE
OLD_TOKEN=$NEW_TOKEN
NEW_TOKEN=$(echo "$LOGOUTPUT" | head -n1 | grep -o 'f/.\+')
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment