在 python 中使用 boto3 查询 cloudwatch 日志以获取不同的值

Question

I have a lambda function that writes metrics to Cloudwatch .我有一个将指标写入Cloudwatch的 lambda 函数。 While, it writes metrics, It generates some logs in a log-group.虽然它写入指标，但它会在日志组中生成一些日志。

INFO:: username: simran+test@abc.com ClinicID: 7667 nodename: MacBook-Pro-2.local

INFO:: username: simran+test2@abc.com ClinicID: 7669 nodename: MacBook-Pro-3.local

INFO:: username: simran+test@abc.com ClinicID: 7668 nodename: MacBook-Pro-4.local

INFO:: username: simran+test3@abc.com ClinicID: 7667 nodename: MacBook-Pro-5.local

INFO:: username: simran+test3@abc.com ClinicID: 7667 nodename: MacBook-Pro-2.local

I need an efficient way to get distinct values of nodename for a given ClinicId .我需要一种有效的方法来为给定的ClinicId获取nodename不同值。 For example, I pass in 7667 for ClinicId and I expect例如，我为ClinicId传递了7667并且我期望

['MacBook-Pro-2.local', 'MacBook-Pro-5.local']

This is what I tried:这是我尝试过的：

 query = "fields @timestamp, @message | parse @message \"username: * ClinicID: * nodename: *\" as username, ClinicID, nodename | filter ClinicID = "+ clinic_id

 start_query_response = client.start_query(
        logGroupName=log_group,
        startTime=int(time.mktime((Util.utcnow() - timedelta(hours=hours)).timetuple())),
        endTime=int(time.mktime(Util.utcnow().timetuple())),
        queryString=query,
    )

I considered iterating start_query_response in Python but I do not like that idea.我考虑start_query_response在 Python 中迭代start_query_response ，但我不喜欢这个想法。 Since it is logs for over 7 days that I will be looking at, I need an efficient way instead of having to iterate each log from past 7 days for the given ClinicID .由于我将查看超过7 days日志，因此我需要一种有效的方法，而不必为给定的ClinicID迭代过去7 days每个日志。

Answer 1

You can pipe you expression to the stat command and count occurrences of each nodename.您可以将表达式通过管道传输到stat命令并计算每个节点名的出现次数。

Add this to the end of your query:将此添加到查询的末尾：

| stats count(*) by nodename

Result will be:结果将是：

{
  'results': [
    [
      {
        'field': 'nodename',
        'value': 'MacBook-Pro-2.local\n'
      },
      {
        'field': 'count(*)',
        'value': '2'
      }
    ],
    [
      {
        'field': 'nodename',
        'value': 'MacBook-Pro-5.local\n'
      },
      {
        'field': 'count(*)',
        'value': '1'
      }
    ]
  ]
}

See here for more details on various commands: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html有关各种命令的更多详细信息，请参见此处： https : //docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html

在 python 中使用 boto3 查询 cloudwatch 日志以获取不同的值

问题描述

1 个解决方案

解决方案1
3 已采纳 2019-12-13 00:36:06

在 python 中使用 boto3 查询 cloudwatch 日志以获取不同的值

问题描述

1 个解决方案

解决方案1 3 已采纳 2019-12-13 00:36:06

解决方案1
3 已采纳 2019-12-13 00:36:06