{"id":37183129,"url":"https://github.com/bananaumai/query-aws-logs","last_synced_at":"2026-01-14T21:08:46.734Z","repository":{"id":99557567,"uuid":"393890012","full_name":"bananaumai/query-aws-logs","owner":"bananaumai","description":"A tool helping you to explore logs in AWS CloudWatch Logs.","archived":false,"fork":false,"pushed_at":"2023-08-27T00:54:18.000Z","size":43,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-08-09T21:38:29.384Z","etag":null,"topics":["aws","aws-cloudwatch-logs","go"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bananaumai.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-08-08T07:24:20.000Z","updated_at":"2023-08-27T00:54:22.000Z","dependencies_parsed_at":null,"dependency_job_id":"c512c48f-4860-4f9d-8755-2d948b48aa06","html_url":"https://github.com/bananaumai/query-aws-logs","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/bananaumai/query-aws-logs","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bananaumai%2Fquery-aws-logs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bananaumai%2Fquery-aws-logs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bananaumai%2Fquery-aws-logs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bananaumai%2Fquery-aws-logs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bananaumai","download_url":"https://codeload.github.com/bananaumai/query-aws-logs/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bananaumai%2Fquery-aws-logs/sbom","scorecard":{"id":224976,"data":{"date":"2025-08-11","repo":{"name":"github.com/bananaumai/query-aws-logs","commit":"667764a2252b3e6a835d25dea577b3300a388fe6"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/bananaumai/query-aws-logs/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/bananaumai/query-aws-logs/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/bananaumai/query-aws-logs/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/bananaumai/query-aws-logs/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/bananaumai/query-aws-logs/test.yml/master?enable=pin","Info:   0 out of   4 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Code-Review","score":0,"reason":"Found 0/22 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: topLevel 'contents' permission set to 'write': .github/workflows/release.yml:9","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.0.5 not signed: https://api.github.com/repos/bananaumai/query-aws-logs/releases/48728903","Warn: release artifact v0.0.4 not signed: https://api.github.com/repos/bananaumai/query-aws-logs/releases/47572957","Warn: release artifact v0.0.3 not signed: https://api.github.com/repos/bananaumai/query-aws-logs/releases/47515689","Warn: release artifact v0.0.2 not signed: https://api.github.com/repos/bananaumai/query-aws-logs/releases/47494922","Warn: release artifact v0.0.1 not signed: https://api.github.com/repos/bananaumai/query-aws-logs/releases/47494197","Warn: release artifact v0.0.5 does not have provenance: https://api.github.com/repos/bananaumai/query-aws-logs/releases/48728903","Warn: release artifact v0.0.4 does not have provenance: https://api.github.com/repos/bananaumai/query-aws-logs/releases/47572957","Warn: release artifact v0.0.3 does not have provenance: https://api.github.com/repos/bananaumai/query-aws-logs/releases/47515689","Warn: release artifact v0.0.2 does not have provenance: https://api.github.com/repos/bananaumai/query-aws-logs/releases/47494922","Warn: release artifact v0.0.1 does not have provenance: https://api.github.com/repos/bananaumai/query-aws-logs/releases/47494197"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":8,"reason":"2 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2022-0635","Warn: Project is vulnerable to: GO-2022-0646"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-17T03:34:08.294Z","repository_id":99557567,"created_at":"2025-08-17T03:34:08.294Z","updated_at":"2025-08-17T03:34:08.294Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28434574,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T18:57:19.464Z","status":"ssl_error","status_checked_at":"2026-01-14T18:52:48.501Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-cloudwatch-logs","go"],"created_at":"2026-01-14T21:08:45.793Z","updated_at":"2026-01-14T21:08:46.712Z","avatar_url":"https://github.com/bananaumai.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Query AWS CloudWatch Logs\n\nquery-aws-logs is a wrapper tool for [CloudWatch Logs Insights Query API](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html) that help your CloudWatch Logs investigation.\nYou can retrieve the CloudWatch Logs Insights Query result in JSON format more easily than using aws-cli.\nAdditionally, you can retrieve the logs around the logs which exactly match query.\nThis would be helpful when you try investigating the logs in CloudWatch Logs.\n\nThe query result will be returned JSON array which is easily manipulated by the JSON tools like `jq`.\n\n## Installation\n\n### macOS\n\n```\n$ brew install bananaumai/query-aws-logs/query-aws-logs\n```\n\n### Other platform\n\nIf you are using [Go](https://golang.org/), perform the following command.\n\n```\n$ go get github.com/bananaumai/query-aws-logs\n```\n\nOtherwise, go to [release page](https://github.com/bananaumai/query-aws-logs/releases/latest)\nand download the binary appropriate for your platform.\n\n## Usage\n\n```\n$ query-aws-logs [-h] [-v] [-d] [-s start] [-e end] [-l limit] [-b before] [-a after] -g group(s) -q query\n```\n\n### Required options:\n\n* -q\tQuery string. Consolidating with CloudWatch Logs Insights query syntax.\n* -g\tLog group name(s). If you want to specify multiple log groups, delimit each log group by \",\"(comma). \n\nSee [official documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html) for the detailed syntax.\nNote \"limit\" won't work instead use -l options to limit the number of the logs events to be returned.\n\n### Non-required options:\n\n* -h    Help flag. If specified, the command usage will be displayed. False by default.\n* -v    Version flag. If specified, version information is displayed. False by default.\n* -d    Debug flag. If specified, the printDebug print will be output in stderr. False by default.\n* -p    Pretty print flag. If specified, the output JSON will be pretty-printed. False by default.\n* -v    Verbose flag. If specified, the debug print will be output in stderr. False by default.\n* -s\tStart time in RFC3339 format. The logs after this timestamp will be queried. One hour before current time by default.\n* -e\tEnd time in RFC3339 format. The logs before this time stamp will be queried. Current time by default.\n* -l    Limit of the number of returned logs events which match against query. 1000 by default\n* -b    Before. A time duration parameter specifying how long before the query matched log event timestamp to be used to search the logs around.\n* -a    After. A time duration parameter specifying how long after the query matched log event timestamp to be used to search the logs around.\n\nYou are supposed to specify -b and -a option by the duration string: 1s =\u003e 1 second, 1ms =\u003e 1 milli-sec.\n\nQuery results will be JSON array whose element consist of two fields \"result\" and \"surroundings\".\nThe \"result\" field simply reflects the result of the query string that you specify.\nThe \"surroundings\" field reflects the logs around the logs in \"result\" field in the same log stream.\n\n\n## Motivation\n\nActually it's possible to acquire exactly same results, getting CloudWatch Logs Insights query result and\nseeing the related logs from CloudWatch Logs stream, by using `aws-cli` and/or AWS Console.\n\nBut it is a little cumbersome to perform this.\n\nFor example, let's imagine the situation, if you want to get \"ERROR\" logs from a log group\nand you want to see the some amount log lines recorded just before the each \"ERROR\" logs.\n\nIf you use aws-cli for this purpose, you may need to perform the following steps:\n\n```\n$ aws logs start-query --query-string 'fields @timestamp, @message, @log, @logStream | filter @message like \"ERROR\"' --start-time ... --end-time ... --log-group ...\n# query id will be returned\n\n$ aws logs get-query-result --query-id ...\n# try until the query execution status would be \"Complete\"\n# then parse the results json.\n# By parsing each event in the returned json, you need to perform following command.\n\n$ aws logs get-log-events --log-group-name=... --log-stream-name=... --start-time=... --end-time=...\n# you need to translate the AWS CloudWatch Logs Insights query result\n# * @log =\u003e extract log-group-name\n# * @logStream =\u003e use as log-stream-name\n# * @timestamp =\u003e convert to epoch milli seconds\n```\n\n## Notes\n\n### How to get \"surroundings\" fields:\n\nyou may need to follow the following conventions to get \"surroundings\" field properly;\n\n* In -q(query) option, make sure that \"@timestamp\", \"@log\", \"@logStream\" fields are output.\n* Specify either or both of -b(before) and -a(after) options.\n\n### Specify AWS region, profile, credentials by your env vars\n\nquery-aws-logs doesn't provide the way to specify AWS related parameters.\nUse AWS standard env vars to specify them;\ni.e. AWS_DEFAULT_REGION, AWS_PROFILE, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY\n\n## Examples\n\n### Example1 - retrieving logs:\n\n```\n$ query-aws-logs -g my-log-group -q 'fields @timestamp, @message'\n```\n\nThis command would output the JSON looking like below:\n\n```\n[\n  {\n    \"result\": {\n      \"@message\": \"[ERROR] an error log\",\n      \"@timestamp\": \"2021-08-13 00:01:05.923\",\n    }\n  },\n  ...\n]\n```\n\n### Example2 - retrieving logs that contain \"ERROR\" string with surrounding logs:\n\n```\n$ query-aws-logs -g my-log-group -q 'fields @timestamp,@message,@log,@logStream | @message like \"ERROR\"' -b 10ms\n```\n\nThis command would output the JSON looking like below:\n\n```\n[\n  {\n    \"result\": {\n      \"@log\": \"7825xxxxxxxx:my-log-group\",\n      \"@logStream\": \"my/log/stream/2bs4b5b05b0a3ebd1201871s32486f0z\",\n      \"@message\": \"[ERROR] an error log\",\n      \"@timestamp\": \"2021-08-13 00:01:05.923\",\n    },\n    \"surroundings\": [\n      {\n        \"message\": \"[INFO] some logs in 10 ms before a log event that has matched against the query\"\n        \"timestamp\": \"2021-08-13 00:01:05.915\"\n      },\n      ...\n    ]\n  },\n  ...\n]\n```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbananaumai%2Fquery-aws-logs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbananaumai%2Fquery-aws-logs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbananaumai%2Fquery-aws-logs/lists"}