Created
January 25, 2019 08:41
-
-
Save vatshat/be533f6f50c52897b9a5a34b1c1622d7 to your computer and use it in GitHub Desktop.
Analyzing CloudTrail Logs using jq/bash
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############################################################################################################################################################ | |
| # Cloudtrail recursively search through all events in different folders relating to a specific log group which generated # | |
| ############################################################################################################################################################ | |
| find . -name '*.json' -exec cat {} \; | jq '.Records[] | select(.requestParameters.logGroupName=="/mnt/log/communications-delivery-stage")' | jq -s '[ .[] | select(.errorCode=="ResourceAlreadyExistsException") ] | unique_by(.eventName)' | |
| find . -name '*.json' -exec cat {} \; | jq '.Records[] | select(.requestID=="3ddb4d1f-41d2-11e8-8533-1dadb66cbff4")' | |
| -- Count number of Exceptions | |
| find . -name '*.json' -exec cat {} \; | jq '.Records[]' | jq -s '[ .[] | select(.errorCode=="ResourceAlreadyExistsException") ] | length' | |
| ############################################################################## | |
| # Create new JSON object of eventName and eventTime # | |
| ############################################################################## | |
| cat $DESKTOP/logGroupName.txt | jq '.Records[]' | jq -s '[ .[] | select(.errorCode=="ResourceAlreadyExistsException") ] | .[] | { "eventName":.eventName,"eventTime":.eventTime}' | |
| { | |
| "eventName": "CreateLogGroup", | |
| "eventTime": "2018-04-18T00:24:20Z" | |
| } | |
| { | |
| "eventName": "CreateLogGroup", | |
| "eventTime": "2018-04-18T00:46:04Z" | |
| } | |
| { | |
| "eventName": "CreateLogGroup", | |
| "eventTime": "2018-04-18T00:44:54Z" | |
| } | |
| -- Show only unique | |
| cat $DESKTOP/logGroupName.txt | jq '.Records[]' | jq -s '[ .[] | select(.errorCode=="ResourceAlreadyExistsException") ] | unique_by(.eventName)' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment