Search code examples
python-3.xamazon-web-servicesaws-lambdaboto3amazon-cloudwatchlogs

AWS Lambda Function Boto 3 filter_log_events Cannot Use endTime Parameter

I'm trying to extract information from Cloudwatch logs to send a more customised email from an alert based on a metric. I'm creating a lambda function to try and extract information at a specified timeframe. However, when I specify a startTime and endTime, nothing comes back in the repsonse. I've looked at the documentation for Boto3 but it doesn't say much. I'm relatively new to python and AWS so any help would be great. An example of the code can be seen below:

import boto3
import json
import time
from datetime import datetime
from calendar import timegm

# Create CloudWatch client
clw = boto3.client('logs')


def lambda_handler(event, context):

    # User defined for testing purposes
    name = 'Error Log Metric'
    namespace = 'User Defined Metrics'

    response = clw.describe_metric_filters(metricName=name,
            metricNamespace=namespace)

    LogGroupName = response['metricFilters'][0]['logGroupName']
    FilterPattern = response['metricFilters'][0]['filterPattern']

    StartTime = timegm(time.strptime('2020-06-15T00:00:00.000Z',
                       '%Y-%m-%dT%H:%M:%S.%fZ'))
    EndTime = timegm(time.strptime('2020-06-16T23:59:59.000Z',
                     '%Y-%m-%dT%H:%M:%S.%fZ'))

    filteredLogs = clw.filter_log_events(logGroupName=LogGroupName,
            filterPattern=FilterPattern,
            logStreamNamePrefix='TEST_PREFIX_NAME',
            startTime=StartTime, endTime=EndTime)

    print(filteredLogs)

Response

Response:
null

Request ID:
"610a2849-3fef-46b2-b75e-450c4f37ec25"

Function Logs:
START RequestId: 610a2849-3fef-46b2-b75e-450c4f37ec25 Version: $LATEST
{'events': [], 'searchedLogStreams': [], 'ResponseMetadata': {'RequestId': '04d59cfe-9069-4bb4-ad3b-7135a649d2e6', 'HTTPStatusCode': 200, 'HTTPHeaders': {'x-amzn-requestid': '04d59cfe-9069-4bb4-ad3b-7135a649d2e6', 'content-type': 'application/x-amz-json-1.1', 'content-length': '121', 'date': 'Tue, 16 Jun 2020 00:42:23 GMT'}, 'RetryAttempts': 0}}
END RequestId: 610a2849-3fef-46b2-b75e-450c4f37ec25
REPORT RequestId: 610a2849-3fef-46b2-b75e-450c4f37ec25  Duration: 299.88 ms Billed Duration: 300 ms Memory Size: 128 MB Max Memory Used: 71 MB  Init Duration: 315.90 ms
Solution

  • I think the issue is that timegm returns timestamps in seconds, not milliseconds as required by filter_log_events.

    Assuming everything else is correct (all log streams names, dates, prefix), a quick fix could be:

        filteredLogs = clw.filter_log_events(logGroupName=LogGroupName,
            filterPattern=FilterPattern,
            logStreamNamePrefix='TEST_PREFIX_NAME',
            startTime=StartTime*1000, endTime=EndTime*1000)