How do we sort CloudWatch stream logs by 'most recent' in AWS console?

Question

Is there a way to filter CloudWatch log streams by 'most recent' to oldest within the AWS console? I am having to scroll incredibly far down to get to my most recent log messages.

I have tried filtering by 30s - 5mins which works for now, I just thought there may be an easier way to list all of the log streams starting with most recent at the top instead of oldest.

Just clicking on the column headers works for me. Did I miss something in your question ? — Sébastien Stormacq, Feb 02 '19 at 01:00
My columns are not clickable. I wonder if it is a setting I have not yet configured. — Cody Mitchell, Feb 02 '19 at 04:04
@HannonCésar It looks like the problem resolved itself as far as the cloud watch logs goes. I am able to click the top of the columns and it wills sort by most recent. — Cody Mitchell, Apr 11 '19 at 21:59
My columns are not clickable either. I'm in the "Search Log Group" mode, which is where I would need this functionality. — Matthew James Briggs, Sep 19 '19 at 23:09
If I use search all, I need to remember to choose a recent timeframe like 4 hours or 1 day. Otherwise the default appears to be every log in ascending order and the columns are not sortable. — What Would Be Cool, May 28 '22 at 17:51

score 19 · Accepted Answer · edited Jun 30 '20 at 20:22

19

I had the same problem.

Just use CloudWatch Logs Insights.

You should have a sample query provided by Amazon, but the one below works perfectly.

fields @timestamp, @message
| sort @timestamp desc
| limit 200

edited Jun 30 '20 at 20:22

Daniel Serodio

4,229
5
37
33

answered Oct 14 '19 at 13:01

Adam Tomaszewski

378
3
6

1

This doesn't work well when there are multiple log entries for the same timestamp. This is exacerbated by amazon-cloudwatch-agent which ships the logs in batches so even more entries have the same `@timestamp` then otherwise would. Does anyone know how to sort in "natural order"? Like, the order in which they actually appear in the logstream? – brianmearns Aug 11 '20 at 01:17
@brianmearns is right, this shouldn't be an accepted answer – David Nov 15 '20 at 19:36
Although this is not an ideal solution, this is probably the best available solution we have right now, and given the context of the OP (which does not mention having multiple time the same timestamp), I don't see how this could not be the accepted answer until we have something better... Furthermore I also have the "multiple timestamp problem", but it seems I still have a natural order... maybe this has been fixed ? otherwise maybe you could use the "ingested timestamp" if it is available ? – Cyril Duchon-Doris Dec 08 '20 at 13:33
I want to search for a string across all logs for a group and I want them in reverse order. Telling how to add that search string to the insights pattern would answer better. – Samantha Atkins Nov 23 '21 at 20:03
"Just sit down for a day and learn a completely new thing with completely new UI and presentation paradigms. Nevermind that you need a solution RIGHT NOW". – Szczepan Hołyszewski Sep 01 '22 at 10:16

score 0 · Answer 2 · answered May 19 '23 at 15:30

This solution is based on aws-cli, but it does the job:

You need to replace the variables 'group' ad 'stream' with the actual names, and can change the limit according to your needs.

LOGS=$(aws logs get-log-events \
    --log-group-name 'group' \
    --log-stream-name 'stream' \
    --start-from-head \
    --limit 100)

echo $LOGS | jq '.events | .[].message'

You can further modify the variable LOGS with jq to get the data in your desired format.

How do we sort CloudWatch stream logs by 'most recent' in AWS console?

2 Answers2

Linked