amazon-web-services amazon-cloudwatchlogs aws-cloudwatch-log-insights

CloudWatch Logs Insights IS不找到LogStream中存在的数据

发布于 2025-02-12 03:40:46 字数 541 浏览 1 评论 0原文

我在EKS群集上运行Fluent-Bit作为边缘，以便将应用程序日志文件尾随并将事件写入CloudWatch日志。通过CloudWatch Logs Insights，我设置了一些查询和仪表板来分析这些日志。这一切都很好。

从过去的一周中，我有一些较旧的日志，从我能够使此设置工作之前。在流利的尾部输入中，如果发现新文件，它可以选择完全从顶部读取新文件。使用此选项，我能够将较旧的日志加载到与最新日志事件同一日志组中的CloudWatch日志中。

如果我进入AWS控制台并进入我的日志组，我可以看到列出的所有日志流。我可以单击每个事件，然后查看事件并浏览它们。所有人看起来都正确。但是，当我尝试使用洞察力查询较旧的流时，不会出现结果。我已经证实了我为查询设置了一个应该包括事件的时间段。

当我运行此查询时，我没有得到结果：

filter @logStream = 'myfile.log'
 | fields @timestamp, @message

是否没有自动将带有旧时间戳的日志事件自动进入见解？该数据可用之前是否有很长的延迟？我在文档中没有看到任何内容。

原文

I am running fluent-bit as a sidecar on my EKS cluster for an application to tail application log files and write events to CloudWatch Logs. Through CloudWatch Logs Insights, I then set up some queries and dashboards to analyze those logs. This all works fine.

I have some older logs over the past week from before I was able to get this setup working. In fluent-bit tail input, it has an option to read new files entirely from the top if it discovers a new file. Using this option, I was able to get the older logs loaded into CloudWatch Logs in the same log group as the up-to-the minute log events.

If I go into the AWS console and into my log group, I can see all of the log streams listed. I can click into each one and see the events and search through them. All looks right. However, when I try to use Insights to query the older streams, no results appear. I have verified that I set a time period for my query that should include the events.

When I run this query, I get no results:

filter @logStream = 'myfile.log'
 | fields @timestamp, @message

Do log events with older timestamps not automatically get pulled into Insights? Is there a long delay before that data becomes available? I don't see anything in the documentation about it.

分享到QQ

分享到微博