[ aws . logs ]

get-query-results

Description

Returns the results from the specified query.

Only the fields requested in the query are returned, along with a @ptr field, which is the identifier for the log record. You can use the value of @ptr in a GetLogRecord operation to get the full log record.

GetQueryResults does not start a query execution. To run a query, use StartQuery .

If the value of the Status field in the output is Running , this operation returns only partial results. If you see a value of Scheduled or Running for the status, you can retry the operation later to see the final results.

See also: AWS API Documentation

See ‘aws help’ for descriptions of global parameters.

Synopsis

  get-query-results
--query-id <value>
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]

Options

--query-id (string)

The ID number of the query.

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command. The generated JSON skeleton is not stable between versions of the AWS CLI and there are no backwards compatibility guarantees in the JSON skeleton generated.

See ‘aws help’ for descriptions of global parameters.

Output

results -> (list)

The log events that matched the query criteria during the most recent time it ran.

The results value is an array of arrays. Each log event is one object in the top-level array. Each of these log event objects is an array of field /value pairs.

(list)

(structure)

Contains one field from one log event returned by a CloudWatch Logs Insights query, along with the value of that field.

For more information about the fields that are generated by CloudWatch logs, see Supported Logs and Discovered Fields .

field -> (string)

The log event field.

value -> (string)

The value of this field.

statistics -> (structure)

Includes the number of log events scanned by the query, the number of log events that matched the query criteria, and the total number of bytes in the log events that were scanned. These values reflect the full raw results of the query.

recordsMatched -> (double)

The number of log events that matched the query string.

recordsScanned -> (double)

The total number of log events scanned during the query.

bytesScanned -> (double)

The total number of bytes in the log events scanned during the query.

status -> (string)

The status of the most recent running of the query. Possible values are Cancelled , Complete , Failed , Running , Scheduled , Timeout , and Unknown .

Queries time out after 15 minutes of execution. To avoid having your queries time out, reduce the time range being searched or partition your query into a number of queries.