3 Answers
- Newest
- Most votes
- Most comments
0
I find Athena the best way to query CloudTrail logs. See the AWS Docs for how to set this up from the CloudTrail console: https://docs.aws.amazon.com/athena/latest/ug/cloudtrail-logs.html#create-cloudtrail-table-ct
answered 2 years ago
0
If you are also outputting CloudTrail logs to cloudwatch logs, you can use log insights to search in a similar way to grep.
fields @timestamp, @message, @logStream, @log
| filter @message like /AccessDenied/
| sort @timestamp desc
| limit 20
0
Search only errors and output only chosen fields:
aws cloudtrail lookup-events --output text --region eu-central-1 --start-time 2023-03-21T09:00Z --end-time 2023-03-21T10:00Z --query 'Events[].CloudTrailEvent' | jq -r ' . | select(.errorCode != null) | [.eventTime,.eventID,.eventName,.errorCode,.errorMessage] | @csv'
in a fixed time interval.
answered 2 years ago
Relevant content
- asked 8 months ago
- asked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 8 months ago
I will try but I'm more comfortable with CLI tools, like AWS CLI, jq, grep, etc