Lists log events from the specified log group. You can list all the log events or filter the results using a filter pattern, a time range, and the name of the log stream. By default, this operation returns as many log events as can fit in 1 MB (up to 10,000 log events) or all the events found within the time range that you specify. If the results include a token, then there are more log events available, and you can get additional results by specifying the token in a subsequent call. This operation can return empty results while there are more log events available through the token. The returned log events are sorted by event timestamp, the timestamp when the event was ingested by CloudWatch Logs, and the ID of the PutLogEvents request.
External DocumentationTo learn more, visit the AWS documentation.

Basic Parameters

ParameterDescription
AWS Region(s)Enter the desired AWS Region(s).

To execute the action in multiple regions, provide a comma-separated list.
For example: us-east-1,eu-west-2.

If you wish to run the action in all available regions, use the asterisk symbol (*) instead.
End TimeThe end of the time range, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.
Events with a timestamp later than this time are not returned.
Filter PatternThe filter pattern to use. For more information, see Filter and Pattern Syntax (https:docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html).
If not provided, all the events are matched.
Log Group NameThe name of the log group to search.
Start TimeThe start of the time range, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.
Events with a timestamp before this time are not returned.

Advanced Parameters

ParameterDescription
Disable XML To JSON Auto ConvertWhen checked, XML responses are not automatically converted into JSON format.
InterleavedIf the value is true, the operation makes a best effort to provide responses that contain events from multiple log streams within the log group, interleaved in a single response.
If the value is false, all the matched log events in the first log stream are searched first, then those in the next log stream, and so on. The default is false.
Important: Starting on June 17, 2019, this parameter is ignored and the value is assumed to be true.
The response from this operation always interleaves events from multiple log streams within a log group.
LimitThe maximum number of items returned. If you don’t specify a value, the default is up to 50 items.
Log Stream Name PrefixFilters the results to include only events from log streams that have names starting with this prefix.
If you specify a value for both logStreamNamePrefix and logStreamNames, but the value for logStreamNamePrefix does not match any log stream names specified in logStreamNames, the action returns an InvalidParameterException error.
Log Stream NamesFilters the results to only logs from the log streams in this list.
If you specify a value for both logStreamNamePrefix and logStreamNames, the action returns an InvalidParameterException error.
Next TokenThe token for the next set of items to return. (You received this token from a previous call.)

Example Output

{
	"events": [
		{
			"eventId": "string",
			"ingestionTime": 0,
			"logStreamName": "[^:*]*",
			"message": "string",
			"timestamp": 0
		}
	],
	"nextToken": "The token for the next set of items to return. The token expires after 24 hours.",
	"searchedLogStreams": [
		{
			"logStreamName": "[^:*]*",
			"searchedCompletely": false
		}
	]
}

Workflow Library Example

Cloudwatch Logs Filter Log Events with Aws and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop