Understanding AWS API Gateway Cloudwatch logging

1
votes

I am finding it hard to understand how AWS API Gateway writes to AWS CloudWatch log streams.
There is a column under each AWS CloudWatch Log Group called Last Event Time

So based on the Last Event Time one might think the CloudWatch log stream would have the logs up to the time mentioned in "Last Event Time",
while the starting time would be the "Last Event Time" of the stream before

So ideally the auto-generated log streams expected are like eg. 

2020-02-12 11:15 UTC+8
2020-02-12 11:00 UTC+8
2020-02-12 10:45 UTC+8

So I assume the logs at 11:10, would be in the steam of 2020-02-12 11:00 UTC+8

For AWS API Gateway logs, multiple log streams are created for the same time,
But for AWS Lambda's Cloud Watch logs, I've noticed the streams are proper
ie. log streams only for different time ranges like the example
Why not for API Gateway?

enter image description here

From the above chaotic log streams,
I don't know in which log stream will I find my log of time 11:05?
There are 9, but there could be 50 streams for the same time
Does AWS really expect us to check in each stream?

2
amazon-web-servicesamazon-cloudwatchamazon-cloudwatchlogs

2 Answers

1
votes

No, I would not use the CloudWatch LogStreams to understand what is going on (they are to "chaotic" as you have already said).

Instead use CloudWatch Log Insights and filter for needed data over all log streams. There it is easy to get needed log entries around a specific timestamp, no matter on how much log streams they are stored.

I use this also for lambda logs to filter for single executions instead of getting parallel entries for the same timestamp of multiple executions (as it is stored in the lambda log streams).

0
votes

A log stream is a sequence of log events that share the same source.

Because of this, when your API gateway runs on multiple containers, it will create multiple stream group.

https://docs.aws.amazon.com/mediastore/latest/ug/monitoring-cloudwatch-logs.html