Awsflow CloudWatch Logs

Query CloudWatch log groups, streams, events, run Insights queries, and open the interactive log viewer.

When to Use This Skill

Use this skill when the user:

• Asks about CloudWatch logs or log groups
• Wants to search log events or filter by pattern
• Needs to run CloudWatch Insights queries
• Wants to find logs from Lambda, API Gateway, Glue, or other services
• Needs to inspect metric filters, subscriptions, or query definitions
• Wants to open the interactive CloudWatch Log Viewer

Tool: CloudWatchLogTool

Execute CloudWatch Logs commands including Insights queries. ALWAYS provide params object.

Commands

DescribeLogGroups

List log groups with optional prefix filter.

{ "command": "DescribeLogGroups", "params": { "logGroupNamePrefix": "/aws/lambda/", "limit": 50 } }

Parameters:

DescribeLogStreams

List log streams in a log group.

{ "command": "DescribeLogStreams", "params": { "logGroupName": "/aws/lambda/my-function", "orderBy": "LastEventTime", "descending": true, "limit": 10 } }

Parameters:

GetLogEvents

Get log events from a specific stream.

{ "command": "GetLogEvents", "params": { "logGroupName": "/aws/lambda/my-function", "logStreamName": "2024/01/01/[$LATEST]abc123", "limit": 100 } }

Parameters:

FilterLogEvents

Search/filter log events across streams in a log group.

{ "command": "FilterLogEvents", "params": { "logGroupName": "/aws/lambda/my-function", "filterPattern": "ERROR" } }

Parameters:

StartQuery

Start a CloudWatch Insights query.

{
  "command": "StartQuery",
  "params": {
    "logGroupName": "/aws/lambda/my-function",
    "queryString": "fields @timestamp, @message | filter @message like /ERROR/ | sort @timestamp desc | limit 20",
    "startTime": 1704067200000,
    "endTime": 1704153600000
  }
}

Parameters:

GetQueryResults

Get results of a CloudWatch Insights query.

{ "command": "GetQueryResults", "params": { "queryId": "12345678-1234-1234-1234-123456789012" } }

Parameters:

GetLogGroupFields

Discover fields in a log group for Insights queries.

{ "command": "GetLogGroupFields", "params": { "logGroupName": "/aws/lambda/my-function" } }

Parameters:

DescribeMetricFilters

List metric filters for a log group.

{ "command": "DescribeMetricFilters", "params": { "logGroupName": "/aws/lambda/my-function" } }

Parameters:

DescribeQueryDefinitions

List saved CloudWatch Insights query definitions.

{ "command": "DescribeQueryDefinitions", "params": {} }

Parameters:

DescribeSubscriptionFilters

List subscription filters for a log group.

{ "command": "DescribeSubscriptionFilters", "params": { "logGroupName": "/aws/lambda/my-function" } }

Parameters:

DescribeDestinations

List log destinations.

{ "command": "DescribeDestinations", "params": {} }

Parameters:

OpenCloudWatchLogView

Open the interactive CloudWatch Log Viewer in VS Code.

{ "command": "OpenCloudWatchLogView", "params": { "logGroupName": "/aws/lambda/my-function", "logStreamName": "2024/01/01/[$LATEST]abc123" } }

Parameters:

CloudWatch Log Group Naming Conventions

Use these patterns to find logs from specific AWS services:

Useful Insights Query Examples

Find errors across Lambda functions:

fields @timestamp, @message
| filter @message like /ERROR/
| sort @timestamp desc
| limit 50

Count errors by function:

stats count(*) as errorCount by @logStream
| filter @message like /ERROR/
| sort errorCount desc

Latency analysis:

filter @type = "REPORT"
| stats avg(@duration) as avgDuration, max(@duration) as maxDuration, min(@duration) as minDuration by bin(1h)

Related Services

• CloudWatch → Lambda: Lambda logs at /aws/lambda/{functionName}. Use LambdaTool GetFunctionConfiguration to get function details
• CloudWatch → API Gateway: Execution logs at API-Gateway-Execution-Logs_{id}/{stage}. Use APIGatewayTool GetRestApis to find API IDs
• CloudWatch → Glue: Job logs at /aws-glue/jobs/output. Use GlueTool GetJobRuns to correlate job runs with log timestamps
• CloudWatch → RDS: Database logs at /aws/rds/instance/{id}/{type}. Use RDSTool DescribeDBInstances to find instance IDs
• CloudWatch → EC2: VPC Flow Logs deliver to CloudWatch. Use EC2Tool DescribeFlowLogs to find log group
• CloudWatch → Step Functions: Execution logs at /aws/vendedlogs/states/{name}. Use StepFuncTool to find state machine details