awslogs

List log groups

$ awslogs groups

$ awslogs streams [/var/log/syslog]

$ awslogs get [/var/log/syslog] [[-s|--start]] '[2h ago]' [[-e|--end]] '[1h ago]'

$ awslogs get [/aws/lambda/my_lambda_group] --filter-pattern '[ERROR]'

$ awslogs get [/var/log/syslog] ALL --watch

awslogs <subcommand> [options] [<log-group-name>] [<log-stream-name>]

Common subcommands include:
  awslogs get <log-group-name> [<log-stream-name>] [options]
  awslogs tail <log-group-name> [options]
  awslogs groups [options]
  awslogs streams <log-group-name> [options]

--start
    Retrieve logs starting from this time. Can be relative (e.g., '10m ago') or absolute (e.g., '2023-01-01 10:00:00').

--end
    Retrieve logs up to this time. Similar format to --start.

-f, --follow
    (For tail subcommand) Continuously stream new log events as they arrive, similar to tail -f.

--filter-pattern
    Filter log events using a CloudWatch Logs filter pattern syntax.

--limit
    Limit the number of log events returned.

--profile
    Use a specific AWS named profile from your AWS credentials file.

--region
    Specify the AWS region to interact with (e.g., us-east-1).

--no-color
    Disable colored output for log events.

awslogs is a command-line utility designed to interact with Amazon CloudWatch Logs. It allows users to retrieve, filter, and tail log events from CloudWatch Log Groups and Log Streams directly from their terminal. Unlike standard Linux commands that operate on local files, awslogs provides a convenient way to access centralized cloud logs, making it invaluable for monitoring, debugging, and troubleshooting applications deployed on AWS.

It often acts as a wrapper around the AWS CloudWatch Logs API, providing a user-friendly interface for tasks like real-time log monitoring (similar to tail -f) or fetching historical log data within specified time ranges. It's typically a Python-based utility, requiring valid AWS credentials and configuration to function.

Requires valid AWS credentials and configuration (e.g., ~/.aws/credentials, ~/.aws/config) to access CloudWatch Logs.
Not a default system utility; must be installed separately (e.g., via pip).
Operations may incur AWS API request costs and data transfer charges depending on usage volume.
Subject to CloudWatch Logs API rate limits.
The exact command syntax and available options can vary slightly based on the specific version or implementation (e.g., standalone awslogs vs. AWS CLI's aws logs). This analysis focuses on the commonly understood standalone utility.

awslogs operates primarily through subcommands, each performing a specific function:
  get: Retrieves historical log events from a specified log group and optional log stream within a given time range.
  tail: Continuously streams new log events from a log group, providing real-time monitoring capabilities similar to tail -f for local files.
  groups: Lists all CloudWatch Log Groups accessible to the configured AWS account and region.
  streams: Lists log streams within a specified log group.

awslogs is typically installed using Python's package manager, pip:
  pip install awslogs
Users should ensure they have pip and Python installed on their system before attempting installation.

The awslogs utility emerged as a popular standalone Python script to simplify interaction with Amazon CloudWatch Logs, often complementing or predating the comprehensive `aws logs` commands available in the official AWS CLI. Its development was driven by the need for a more tail -f-like experience for cloud-based logs, which was not natively available when CloudWatch Logs first launched. It quickly became a go-to tool for developers and operations teams due to its ease of use and focused functionality for log retrieval and monitoring.

aws(1), grep(1), tail(1), less(1), jq(1)