2025/12/02 - Amazon CloudWatch Logs - 5 new2 updated api methods
Changes CloudWatch Logs adds managed S3 Tables integration to access logs using other analytical tools, as well as facets and field indexing to simplify log analytics in CloudWatch Logs Insights.
Discovers available fields for a specific data source and type. The response includes any field modifications introduced through pipelines, such as new fields or changed field types.
See also: AWS API Documentation
Request Syntax
client.get_log_fields(
dataSourceName='string',
dataSourceType='string'
)
string
[REQUIRED]
The name of the data source to retrieve log fields for.
string
[REQUIRED]
The type of the data source to retrieve log fields for.
dict
Response Syntax
{
'logFields': [
{
'logFieldName': 'string',
'logFieldType': {
'type': 'string',
'element': {'... recursive ...'},
'fields': {'... recursive ...'}
}
},
]
}
Response Structure
(dict) --
logFields (list) --
The list of log fields for the specified data source, including field names and their data types.
(dict) --
Represents a log field with its name and data type information for a specific data source.
logFieldName (string) --
The name of the log field.
logFieldType (dict) --
The data type information for the log field.
type (string) --
The data type of the log field.
element (dict) --
For array or collection types, specifies the element type information.
fields (list) --
For complex types, contains the nested field definitions.
Returns an aggregate summary of all log groups in the Region grouped by specified data source characteristics. Supports optional filtering by log group class, name patterns, and data sources. If you perform this action in a monitoring account, you can also return aggregated summaries of log groups from source accounts that are linked to the monitoring account. For more information about using cross-account observability to set up monitoring accounts and source accounts, see CloudWatch cross-account observability.
The operation aggregates log groups by data source name and type and optionally format, providing counts of log groups that share these characteristics. The operation paginates results. By default, it returns up to 50 results and includes a token to retrieve more results.
See also: AWS API Documentation
Request Syntax
client.list_aggregate_log_group_summaries(
accountIdentifiers=[
'string',
],
includeLinkedAccounts=True|False,
logGroupClass='STANDARD'|'INFREQUENT_ACCESS'|'DELIVERY',
logGroupNamePattern='string',
dataSources=[
{
'name': 'string',
'type': 'string'
},
],
groupBy='DATA_SOURCE_NAME_TYPE_AND_FORMAT'|'DATA_SOURCE_NAME_AND_TYPE',
nextToken='string',
limit=123
)
list
When includeLinkedAccounts is set to true, use this parameter to specify the list of accounts to search. You can specify as many as 20 account IDs in the array.
(string) --
boolean
If you are using a monitoring account, set this to true to have the operation return log groups in the accounts listed in accountIdentifiers.
If this parameter is set to true and accountIdentifiers contains a null value, the operation returns all log groups in the monitoring account and all log groups in all source accounts that are linked to the monitoring account.
The default for this parameter is false.
string
Filters the results by log group class to include only log groups of the specified class.
string
Use this parameter to limit the returned log groups to only those with names that match the pattern that you specify. This parameter is a regular expression that can match prefixes and substrings, and supports wildcard matching and matching multiple patterns, as in the following examples.
Use ^ to match log group names by prefix.
For a substring match, specify the string to match. All matches are case sensitive
To match multiple patterns, separate them with a | as in the example ^/aws/lambda|discovery
You can specify as many as five different regular expression patterns in this field, each of which must be between 3 and 24 characters. You can include the ^ symbol as many as five times, and include the | symbol as many as four times.
list
Filters the results by data source characteristics to include only log groups associated with the specified data sources.
(dict) --
Filter criteria for data sources, used to specify which data sources to include in operations based on name and type.
name (string) -- [REQUIRED]
The name pattern to filter data sources by.
type (string) --
The type pattern to filter data sources by.
string
[REQUIRED]
Specifies how to group the log groups in the summary.
string
The token for the next set of items to return. The token expires after 24 hours.
integer
The maximum number of aggregated summaries to return. If you omit this parameter, the default is up to 50 aggregated summaries.
dict
Response Syntax
{
'aggregateLogGroupSummaries': [
{
'logGroupCount': 123,
'groupingIdentifiers': [
{
'key': 'string',
'value': 'string'
},
]
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
aggregateLogGroupSummaries (list) --
The list of aggregate log group summaries grouped by the specified data source characteristics.
(dict) --
Contains an aggregate summary of log groups grouped by data source characteristics, including the count of log groups and their grouping identifiers.
logGroupCount (integer) --
The number of log groups in this aggregate summary group.
groupingIdentifiers (list) --
An array of key-value pairs that identify the data source characteristics used to group the log groups.
The size and content of this array depends on the groupBy parameter specified in the request.
(dict) --
A key-value pair that identifies how log groups are grouped in aggregate summaries.
key (string) --
The key that identifies the grouping characteristic. The format of the key uses dot notation. Examples are, dataSource.Name, dataSource.Type, and dataSource.Format.
value (string) --
The value associated with the grouping characteristic. Examples are amazon_vpc, flow, and OCSF.
nextToken (string) --
The token for the next set of items to return. The token expires after 24 hours.
Disassociates a data source from an S3 Table Integration, removing query access and deleting all associated data from the integration.
See also: AWS API Documentation
Request Syntax
client.disassociate_source_from_s3_table_integration(
identifier='string'
)
string
[REQUIRED]
The unique identifier of the association to remove between the data source and S3 Table Integration.
dict
Response Syntax
{
'identifier': 'string'
}
Response Structure
(dict) --
identifier (string) --
The unique identifier of the association that was removed.
Associates a data source with an S3 Table Integration for query access in the 'logs' namespace. This enables querying log data using analytics engines that support Iceberg such as Amazon Athena, Amazon Redshift, and Apache Spark.
See also: AWS API Documentation
Request Syntax
client.associate_source_to_s3_table_integration(
integrationArn='string',
dataSource={
'name': 'string',
'type': 'string'
}
)
string
[REQUIRED]
The Amazon Resource Name (ARN) of the S3 Table Integration to associate the data source with.
dict
[REQUIRED]
The data source to associate with the S3 Table Integration. Contains the name and type of the data source.
name (string) -- [REQUIRED]
The name of the data source.
type (string) --
The type of the data source.
dict
Response Syntax
{
'identifier': 'string'
}
Response Structure
(dict) --
identifier (string) --
The unique identifier for the association between the data source and S3 Table Integration.
Returns a list of data source associations for a specified S3 Table Integration, showing which data sources are currently associated for query access.
See also: AWS API Documentation
Request Syntax
client.list_sources_for_s3_table_integration(
integrationArn='string',
maxResults=123,
nextToken='string'
)
string
[REQUIRED]
The Amazon Resource Name (ARN) of the S3 Table Integration to list associations for.
integer
The maximum number of associations to return in a single call. Valid range is 1 to 100.
string
The token for the next set of items to return. The token expires after 24 hours.
dict
Response Syntax
{
'sources': [
{
'identifier': 'string',
'dataSource': {
'name': 'string',
'type': 'string'
},
'status': 'ACTIVE'|'UNHEALTHY'|'FAILED'|'DATA_SOURCE_DELETE_IN_PROGRESS',
'statusReason': 'string',
'createdTimeStamp': 123
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
sources (list) --
The list of data source associations for the specified S3 Table Integration.
(dict) --
Represents a data source association with an S3 Table Integration, including its status and metadata.
identifier (string) --
The unique identifier for this data source association.
dataSource (dict) --
The data source associated with the S3 Table Integration.
name (string) --
The name of the data source.
type (string) --
The type of the data source.
status (string) --
The current status of the data source association.
statusReason (string) --
Additional information about the status of the data source association.
createdTimeStamp (integer) --
The timestamp when the data source association was created.
nextToken (string) --
The token for the next set of items to return. The token expires after 24 hours.
{'fieldIndexes': {'type': 'FACET | FIELD_INDEX'}}
Returns a list of custom and default field indexes which are discovered in log data. For more information about field index policies, see PutIndexPolicy.
See also: AWS API Documentation
Request Syntax
client.describe_field_indexes(
logGroupIdentifiers=[
'string',
],
nextToken='string'
)
list
[REQUIRED]
An array containing the names or ARNs of the log groups that you want to retrieve field indexes for.
(string) --
string
The token for the next set of items to return. The token expires after 24 hours.
dict
Response Syntax
{
'fieldIndexes': [
{
'logGroupIdentifier': 'string',
'fieldIndexName': 'string',
'lastScanTime': 123,
'firstEventTime': 123,
'lastEventTime': 123,
'type': 'FACET'|'FIELD_INDEX'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
fieldIndexes (list) --
An array containing the field index information.
(dict) --
This structure describes one log event field that is used as an index in at least one index policy in this account.
logGroupIdentifier (string) --
If this field index appears in an index policy that applies only to a single log group, the ARN of that log group is displayed here.
fieldIndexName (string) --
The string that this field index matches.
lastScanTime (integer) --
The most recent time that CloudWatch Logs scanned ingested log events to search for this field index to improve the speed of future CloudWatch Logs Insights queries that search for this field index.
firstEventTime (integer) --
The time and date of the earliest log event that matches this field index, after the index policy that contains it was created.
lastEventTime (integer) --
The time and date of the most recent log event that matches this field index.
type (string) --
The type of index. Specify FACET for facet-based indexing or FIELD_INDEX for field-based indexing. This determines how the field is indexed and can be queried.
nextToken (string) --
The token for the next set of items to return. The token expires after 24 hours.
{'dataSources': [{'name': 'string', 'type': 'string'}],
'fieldIndexNames': ['string']}
Returns a list of log groups in the Region in your account. If you are performing this action in a monitoring account, you can choose to also return log groups from source accounts that are linked to the monitoring account. For more information about using cross-account observability to set up monitoring accounts and source accounts, see CloudWatch cross-account observability.
You can optionally filter the list by log group class, by using regular expressions in your request to match strings in the log group names, by using the fieldIndexes parameter to filter log groups based on which field indexes are configured, by using the dataSources parameter to filter log groups by data source types, and by using the fieldIndexNames parameter to filter by specific field index names.
This operation is paginated. By default, your first use of this operation returns 50 results, and includes a token to use in a subsequent operation to return more results.
See also: AWS API Documentation
Request Syntax
client.list_log_groups(
logGroupNamePattern='string',
logGroupClass='STANDARD'|'INFREQUENT_ACCESS'|'DELIVERY',
includeLinkedAccounts=True|False,
accountIdentifiers=[
'string',
],
nextToken='string',
limit=123,
dataSources=[
{
'name': 'string',
'type': 'string'
},
],
fieldIndexNames=[
'string',
]
)
string
Use this parameter to limit the returned log groups to only those with names that match the pattern that you specify. This parameter is a regular expression that can match prefixes and substrings, and supports wildcard matching and matching multiple patterns, as in the following examples.
Use ^ to match log group names by prefix.
For a substring match, specify the string to match. All matches are case sensitive
To match multiple patterns, separate them with a | as in the example ^/aws/lambda|discovery
You can specify as many as five different regular expression patterns in this field, each of which must be between 3 and 24 characters. You can include the ^ symbol as many as five times, and include the | symbol as many as four times.
string
Use this parameter to limit the results to only those log groups in the specified log group class. If you omit this parameter, log groups of all classes can be returned.
boolean
If you are using a monitoring account, set this to true to have the operation return log groups in the accounts listed in accountIdentifiers.
If this parameter is set to true and accountIdentifiers contains a null value, the operation returns all log groups in the monitoring account and all log groups in all source accounts that are linked to the monitoring account.
The default for this parameter is false.
list
When includeLinkedAccounts is set to true, use this parameter to specify the list of accounts to search. You can specify as many as 20 account IDs in the array.
(string) --
string
The token for the next set of items to return. The token expires after 24 hours.
integer
The maximum number of log groups to return. If you omit this parameter, the default is up to 50 log groups.
list
An array of data source filters to filter log groups by their associated data sources. You can filter by data source name, type, or both. Multiple filters within the same dimension are combined with OR logic, while filters across different dimensions are combined with AND logic.
(dict) --
Filter criteria for data sources, used to specify which data sources to include in operations based on name and type.
name (string) -- [REQUIRED]
The name pattern to filter data sources by.
type (string) --
The type pattern to filter data sources by.
list
An array of field index names to filter log groups that have specific field indexes. Only log groups containing all specified field indexes are returned. You can specify 1 to 20 field index names, each with 1 to 512 characters.
(string) --
dict
Response Syntax
{
'logGroups': [
{
'logGroupName': 'string',
'logGroupArn': 'string',
'logGroupClass': 'STANDARD'|'INFREQUENT_ACCESS'|'DELIVERY'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
logGroups (list) --
An array of structures, where each structure contains the information about one log group.
(dict) --
This structure contains information about one log group in your account.
logGroupName (string) --
The name of the log group.
logGroupArn (string) --
The Amazon Resource Name (ARN) of the log group.
logGroupClass (string) --
The log group class for this log group. For details about the features supported by each log group class, see Log classes
nextToken (string) --
The token for the next set of items to return. The token expires after 24 hours.