1

How to do request to cloudwatch logs insights?

For example I do this request in AWS cloudwatch console. How to do the same request in redash?

fields @timestamp,body.id,body.to_pause_months,@message
| filter ispresent(body.id)
| sort @timestamp desc
| limit 20

2

Which version of Redash are you running?

3

Hi thank for your reply
I have version 9.0.0 alpha (dev)

5

I haven’t used Cloud Watch personally. And since V9 is not released yet we don’t have documentation for this one.

But its query runner accepts YAML input and passes the key-value-pairs directly into Amazon’s boto3 Python adapter. There’s some examples in this SO question. You’ll need to provide a logGroupName. So your query would look like this:

logGroupName: <whatever log group you need>
startTime: <your desired startTime string>
queryString: fields @timestamp,body.id,body.to_pause_months,@message | filter ispresent(body.id) | sort @timestamp desc | limit 20

I believe you can insert newline characters in the queryString without impacting the query (which helps readability).

If you don’t provide an endTime key-value-pairt it’s implicitly the time of execution.

6

I’m trying out this functionality at the moment with a very recent dev build (commit 733bc1c109f1b72250f67c14cd5fb50d6a46593a on master). I have been able to run a Cloudwatch Log Insights query, specifying an integer value for startTime.
In general, how could an integer value determined from a date be passed in the Redash query?

An example of a value for startTime of 3hrs ago would be

int((datetime.utcnow() - timedelta(hours=3)).timestamp())

But how could something like that be built in to the Redash query?

My working Redash query looks something like this,

{
    logGroupName: '<my log group name>',
    startTime: 1590926139,
    queryString: '
        fields @timestamp,@message |
        sort @timestamp desc |
        limit 5
    '
}
7

Redash doesn’t support this at the moment. Speaking generally, I think a UDF would be the right solution.

You could also use the API to “fake” this behavior. Just calculate the interval in your script language of choice and then force the refresh that way…:thinking:

8

Thanks for the reply, @jesse.

I like the idea of a UDF as the general approach. I’ve had a quick poke around and found some references to UDF support for Big Query. It would be really convenient to be able to embed calls to UDFs in a query, with passing query parameters to the UDF as a bonus.

In the meantime, a periodic API call could be made to manually run a query with a calculated startTime, as you suggest. The obvious downside is that there is another moving part (running process with a schedule, program run from cron, etc.) that needs to be managed.

9

Exactly.

That said, if you (like me) already have a bunch of scheduled scripts then what’s one more added to the queue? :wink:

10

That said, if you (like me) already have a bunch of scheduled scripts then what’s one more added to the queue?

Oeff!