Filter by timestamp query on AWS Cloudwatch Logs Insights
I am trying to use AWS Cloudwatch Logs insights in order to search in some quite old logs of our lambda functions. I am reading this guide on AWS docs, but nowhere is documented how you can filter by timestamp. I have tried the below:
fields @timestamp, @message
| filter @timestamp > '2019-12-04T18:09:10.000+01:00'
| limit 200
| sort @timestamp desc
but doesn't work (returns 0 results).
Initially, I was trying to find out if there is a way to sort the log groups by a timestamp column (instead of the default which is the log group name), when I came across this feature request since 2015 - this is not resolved in eu-west-1 and they suggest to use the new log insights, but I can't make this work.
Does anyone know how I can filter logs by timestamp, or if this is even possible with Cloudwatch logs insights?
Thanks!
Answer
Filtering on timestamp is done with the range selector on the top right in the Logs Insights Console or with the startTime and endTime parameters on the StartQuery API.
You could do further filtering using timestamp values in millis (see below for an example), but the overall range still needs to be wider than what you're using in the query itself.
fields @timestamp, @message
| fields tomillis(@timestamp) as millis
| filter millis > 1578182400000 # Sunday, 5. January 2020 0:00:00
and millis < 1578268800000 # Sunday, 6. January 2020 0:00:00