Document querying AWS Accelerator Central Logs - CloudWatch Logs
Opened this issue · 1 comments
Is your feature request related to a problem? Please describe.
I am trying to query AWS Accelerator Central Logs to determine if a specific CloudWatch Log group exists and if it's data is being correctly captured. I can see it's possible to view each AWSAcc entry by adding an extension to the file name (#312) however to do this en masse would take a significant amount of time to determine if 1 CW Log group is being captured.
Describe the feature you'd like
https://awslabs.github.io/landing-zone-accelerator-on-aws/latest/user-guide/logging/ to be updated with an example of querying logs sent to AWS Accelerator, like AWS Athena create table, query table
Additional context
Add any other context or screenshots about the feature request here.
Looking into querying via AWS Athena, it seems that the files must have relevant file extensions in order for Athena to understand that the data is compressed before it can query.
So it seems like this method isn't viable unless the data put into aws-accelerator-central-logs-ACC_ID-AWS_REGION)/CloudWatchLogs/ has file extension / file name suffix like .gz, .zip or however