mrsarm/applogs.sh

## applogs.sh
#!/usr/bin/env bash
#
# applogs.sh
#
# Show logs from AWS Cloud Watch Logs from a given group/stream
# in a human readable way.
#
# Requires awscli and jq 1.5+, and if you are using Mac OS also
# needs coreutils installed.
#

if [ "$#" == 0 -o "$1" == "-h" -o "$1" == "--help" ]
then
  cat >&2 <<-'EOF'

	Use: applogs.sh [GROUP-NAME (default application-logs)/]STREAM-NAME [TIME (default '5 min ago')] [PATTERN] [REGEX]

	Examples:
	  applogs.sh chk-core-staging                                       Logs since 5 minutes ago from chk-core-staging stream from application-logs group
	  applogs.sh persistent-logs/chk-core-ci '10 min ago'               Logs since 15 minutes ago from chk-core-ci stream from persistent-logs group
	  applogs.sh gifts-core-prod '1 hour ago' 'Saving'                  Logs since 1 hour ago from gifts-core-prod stream with 'Saving' word present
	  applogs.sh api-core-ci '2017-04-25T09:00' '"Saving new"'          Logs since Apr 25 2017 9 AM from api-core-ci stream with "Saving new" message present
	  applogs.sh gifts-core-ci '2 days ago' Gift 'status=(DRAFT|OPEN)'  Logs since 2 days ago from gifts-core-ci stream with "Gift" word present, and then
	                                                                    filter with the regex expression 'status=(DRAFT|OPEN)'

	NOTE: The parameter PATTERN is a plain text, REGEX is a valid regex expression, but PATTERN is applied server side
	      by AWS (faster and less transmitted data), REGEX instead is applied with egrep once the data comes (slower),
	      but you can use both params to improve results.

	EOF
  exit -1
fi

STREAM="$(echo $1 | egrep -o "[[:alnum:]-]*$" | egrep -o "[[:alnum:]-]*")"
GROUP="$(echo $1 | egrep -o "^[[:alnum:]-]*/" | egrep -o "[[:alnum:]-]*")"
if [ "$GROUP" == "" ]
then
  GROUP="application-logs"
fi

PLATFORM=$(uname -s)
DATE_CMD="$(command -v date)"
if [ "$DATE_CMD" == "" -o "$PLATFORM" != "Linux" ]
then
  if [ "$(command -v gdate)" != "" ]
  then
    DATE_CMD="$(command -v gdate)"
  fi
fi
TIME=$($DATE_CMD -d "5 min ago" +"%s000")
if [ "$#" -gt 1 ]
then
  TIME=$($DATE_CMD -d "$2" +"%s000")
fi

PATTERN=""
if [ "$#" -gt 2 ]
then
  PATTERN="$3"
fi

REGEX=""
if [ "$#" -gt 3 ]
then
  REGEX="$4"
fi


# Run awscli
if [ "$REGEX" == "" ]; then
  aws logs filter-log-events --log-group-name $GROUP --log-stream-name "$STREAM" --start-time $TIME \
                             --filter-pattern "$PATTERN"  | jq -r '.events[].message' #| grep -F $PATTERN --color
else
  aws logs filter-log-events --log-group-name $GROUP --log-stream-name "$STREAM" --start-time $TIME \
                             --filter-pattern "$PATTERN"  | jq '.events[].message' | egrep --regexp="$REGEX" |  jq -r . | egrep --color --regexp=$REGEX\|$
fi
	#!/usr/bin/env bash
	#
	# applogs.sh
	#
	# Show logs from AWS Cloud Watch Logs from a given group/stream
	# in a human readable way.
	#
	# Requires awscli and jq 1.5+, and if you are using Mac OS also
	# needs coreutils installed.
	#

	if [ "$#" == 0 -o "$1" == "-h" -o "$1" == "--help" ]
	then
	cat >&2 <<-'EOF'

	Use: applogs.sh [GROUP-NAME (default application-logs)/]STREAM-NAME [TIME (default '5 min ago')] [PATTERN] [REGEX]

	Examples:
	applogs.sh chk-core-staging Logs since 5 minutes ago from chk-core-staging stream from application-logs group
	applogs.sh persistent-logs/chk-core-ci '10 min ago' Logs since 15 minutes ago from chk-core-ci stream from persistent-logs group
	applogs.sh gifts-core-prod '1 hour ago' 'Saving' Logs since 1 hour ago from gifts-core-prod stream with 'Saving' word present
	applogs.sh api-core-ci '2017-04-25T09:00' '"Saving new"' Logs since Apr 25 2017 9 AM from api-core-ci stream with "Saving new" message present
	applogs.sh gifts-core-ci '2 days ago' Gift 'status=(DRAFT\|OPEN)' Logs since 2 days ago from gifts-core-ci stream with "Gift" word present, and then
	filter with the regex expression 'status=(DRAFT\|OPEN)'

	NOTE: The parameter PATTERN is a plain text, REGEX is a valid regex expression, but PATTERN is applied server side
	by AWS (faster and less transmitted data), REGEX instead is applied with egrep once the data comes (slower),
	but you can use both params to improve results.

	EOF
	exit -1
	fi

	STREAM="$(echo $1 \| egrep -o "[[:alnum:]-]$" \| egrep -o "[[:alnum:]-]")"
	GROUP="$(echo $1 \| egrep -o "^[[:alnum:]-]/" \| egrep -o "[[:alnum:]-]")"
	if [ "$GROUP" == "" ]
	then
	GROUP="application-logs"
	fi

	PLATFORM=$(uname -s)
	DATE_CMD="$(command -v date)"
	if [ "$DATE_CMD" == "" -o "$PLATFORM" != "Linux" ]
	then
	if [ "$(command -v gdate)" != "" ]
	then
	DATE_CMD="$(command -v gdate)"
	fi
	fi
	TIME=$($DATE_CMD -d "5 min ago" +"%s000")
	if [ "$#" -gt 1 ]
	then
	TIME=$($DATE_CMD -d "$2" +"%s000")
	fi

	PATTERN=""
	if [ "$#" -gt 2 ]
	then
	PATTERN="$3"
	fi

	REGEX=""
	if [ "$#" -gt 3 ]
	then
	REGEX="$4"
	fi


	# Run awscli
	if [ "$REGEX" == "" ]; then
	aws logs filter-log-events --log-group-name $GROUP --log-stream-name "$STREAM" --start-time $TIME \
	--filter-pattern "$PATTERN" \| jq -r '.events[].message' #\| grep -F $PATTERN --color
	else
	aws logs filter-log-events --log-group-name $GROUP --log-stream-name "$STREAM" --start-time $TIME \
	--filter-pattern "$PATTERN" \| jq '.events[].message' \| egrep --regexp="$REGEX" \| jq -r . \| egrep --color --regexp=$REGEX\\|$
	fi