AWS::Logs::QueryDefinition
Creates a query definition for CloudWatch Logs Insights. For more information, see Analyzing Log Data with CloudWatch Logs Insights.
Syntax
To declare this entity in your Amazon CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::Logs::QueryDefinition", "Properties" : { "LogGroupNames" :[ String, ... ], "Name" :String, "QueryString" :String} }
YAML
Type: AWS::Logs::QueryDefinition Properties: LogGroupNames:- StringName:StringQueryString:String
Properties
LogGroupNamesUse this parameter if you want the query to query only certain log groups.
Required: No
Type: List of String
Update requires: No interruption
NameA name for the query definition.
Required: Yes
Type: String
Update requires: No interruption
QueryStringThe query string to use for this query definition. For more information, see CloudWatch Logs Insights Query Syntax.
Required: Yes
Type: String
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Reffunction, Refreturns the query definition ID.
For more information about using the Reffunction, see Ref.
Fn::GetAtt
The Fn::GetAttintrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAttintrinsic function, see Fn::GetAtt.
Examples
Query definition example
The following example creates a query definition.
JSON
"myQueryDefinition": { "Type": "AWS::Logs::QueryDefinition", "Properties": { "Name": "myQueryName", "QueryString": "fields @timestamp, @message | sort @timestamp desc | limit 20" } }
YAML
myQueryDefinition: Type: AWS::Logs::QueryDefinition Properties: Name: "myQueryName" QueryString: “fields @timestamp, @message | sort @timestamp desc | limit 20"