How do we sort CloudWatch stream logs by 'most recent' in AWS console?

Asked 2/2, 2019 at 0:46 Answered 19/5, 2023 at 15:30

Solved amazon-web-services aws-lambda amazon-cloudwatchlogs

Is there a way to filter CloudWatch log streams by 'most recent' to oldest within the AWS console? I am having to scroll incredibly far down to get to my most recent log messages.

I have tried filtering by 30s - 5mins which works for now, I just thought there may be an easier way to list all of the log streams starting with most recent at the top instead of oldest.

Wavawave answered 2/2, 2019 at 0:46 Comment(6)

Just clicking on the column headers works for me. Did I miss something in your question ? – Analysand 2/2, 2019 at 1:0

My columns are not clickable. I wonder if it is a setting I have not yet configured. – Wavawave 2/2, 2019 at 4:4

@CodyMitchell did you figure it out? – Intrusive 10/4, 2019 at 11:13

@HannonCésar It looks like the problem resolved itself as far as the cloud watch logs goes. I am able to click the top of the columns and it wills sort by most recent. – Wavawave 11/4, 2019 at 21:59

My columns are not clickable either. I'm in the "Search Log Group" mode, which is where I would need this functionality. – Auberon 19/9, 2019 at 23:9

If I use search all, I need to remember to choose a recent timeframe like 4 hours or 1 day. Otherwise the default appears to be every log in ascending order and the columns are not sortable. – Graphology 28/5, 2022 at 17:51

I had the same problem.

Just use CloudWatch Logs Insights.

You should have a sample query provided by Amazon, but the one below works perfectly.

fields @timestamp, @message
| sort @timestamp desc
| limit 200

Parimutuel answered 14/10, 2019 at 13:1 Comment(5)

This doesn't work well when there are multiple log entries for the same timestamp. This is exacerbated by amazon-cloudwatch-agent which ships the logs in batches so even more entries have the same @timestamp then otherwise would. Does anyone know how to sort in "natural order"? Like, the order in which they actually appear in the logstream? – Ines 11/8, 2020 at 1:17

@Ines is right, this shouldn't be an accepted answer – Menderes 15/11, 2020 at 19:36

Although this is not an ideal solution, this is probably the best available solution we have right now, and given the context of the OP (which does not mention having multiple time the same timestamp), I don't see how this could not be the accepted answer until we have something better... Furthermore I also have the "multiple timestamp problem", but it seems I still have a natural order... maybe this has been fixed ? otherwise maybe you could use the "ingested timestamp" if it is available ? – Plumcot 8/12, 2020 at 13:33

I want to search for a string across all logs for a group and I want them in reverse order. Telling how to add that search string to the insights pattern would answer better. – Perrotta 23/11, 2021 at 20:3

"Just sit down for a day and learn a completely new thing with completely new UI and presentation paradigms. Nevermind that you need a solution RIGHT NOW". – Teratology 1/9, 2022 at 10:16

This solution is based on aws-cli, but it does the job:

You need to replace the variables 'group' ad 'stream' with the actual names, and can change the limit according to your needs.

LOGS=$(aws logs get-log-events \
    --log-group-name 'group' \
    --log-stream-name 'stream' \
    --start-from-head \
    --limit 100)

echo $LOGS | jq '.events | .[].message'

You can further modify the variable LOGS with jq to get the data in your desired format.

Willdon answered 19/5, 2023 at 15:30 Comment(0)

Recommended topics

Hot tags