scenarios/features/cloudwatch_logs_large_query/README.md
This example shows how to use AWS SDKs to perform a query on Amazon CloudWatch Logs and get more than the maximum number of 10,000 logs back.
The CloudWatch Logs API is capped at 10,000 records for requests that read or write. This example breaks down one query into multiple queries if more than the maximum number of records are returned from the query.
The following components are used in this example:
An AWS CloudFormation template exists in the resources folder. The template contains two resources: a CloudWatch log group, and a CloudWatch log stream that will be used as the default log group and stream for the queries made in the example. We recommend deploying a stack with this template.
If you need to, install or update the latest version of the AWS CLI.
To deploy the stack using the template, run the following command:
aws cloudformation deploy --template-file stack.yaml --stack-name LargeQueryStack
To destroy the stack, run the following command:
aws cloudformation delete-stack --stack-name LargeQueryStack
A lot of logs are needed to make a robust example. If you happen to have a log group with over 10,000 logs at the ready, great! If not, there are two resources that can help:
This example is implemented in the following languages:
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. SPDX-License-Identifier: Apache-2.0