aws logs create-log-group \ --log-group-name /aws/applogs/gateway-service aws logs create-log-stream \ --log-group-name /aws/applogs/gateway-service \ --log-stream-name test-stream #!/bin/bash LOG_GROUP="/aws/applogs/my-service" LOG_STREAM="myapp-log-stream" DURATION=1800 # 300 seconds = 5 minutes TOKEN="" END=$((SECONDS + DURATION)) echo "Pushing logs into $LOG_GROUP/$LOG_STREAM for 5 minutes..." while [ $SECONDS -lt $END ]; do TIMESTAMP=$(date +%s%3N) # Pick a random log type LEVELS=("INFO" "WARN" "ERROR" "DEBUG") MESSAGES=( "Gateway-service received API request /login" "User authentication successful for user=demo" "Database query executed in 120ms" "Payment transaction initiated txn_id=TXN$(date +%s)" "External API call to inventory-service failed with timeout" "Cache miss for product_id=1234" "User logged out user=demo" "Order created successfully order_id=ORD$(date +%s)" "WARN: High latency detected in upstream service" "ERROR: Null pointer exception in OrderController.java line 42" ) LEVEL=${LEVELS[$RANDOM % ${#LEVELS[@]}]} MESSAGE=${MESSAGES[$RANDOM % ${#MESSAGES[@]}]} LOG_MSG="[$LEVEL] $MESSAGE" if [ -z "$TOKEN" ]; then RESP=$(aws logs put-log-events \ --log-group-name "$LOG_GROUP" \ --log-stream-name "$LOG_STREAM" \ --log-events "[{\"timestamp\":$TIMESTAMP, \"message\":\"$LOG_MSG\"}]") else RESP=$(aws logs put-log-events \ --log-group-name "$LOG_GROUP" \ --log-stream-name "$LOG_STREAM" \ --log-events "[{\"timestamp\":$TIMESTAMP, \"message\":\"$LOG_MSG\"}]" \ --sequence-token "$TOKEN") fi TOKEN=$(echo $RESP | jq -r '.nextSequenceToken') sleep 3 # push every 3 seconds done echo "✅ Finished pushing logs for 5 minutes" ======================================================================================================== Example 2 ======================================================================================================== #!/bin/bash LOG_GROUP="/aws/applogs/gateway-service" LOG_STREAM="gateway-log-stream" DURATION=600 TOKEN="" END=$((SECONDS + DURATION)) # ensure stream exists and get token aws logs create-log-stream --log-group-name "$LOG_GROUP" --log-stream-name "$LOG_STREAM" >/dev/null 2>&1 || true TOKEN=$(aws logs describe-log-streams \ --log-group-name "$LOG_GROUP" \ --log-stream-name-prefix "$LOG_STREAM" \ --query 'logStreams[0].uploadSequenceToken' --output text 2>/dev/null) echo "Pushing healthcare logs into $LOG_GROUP/$LOG_STREAM for $DURATION seconds..." while [ $SECONDS -lt $END ]; do TIMESTAMP=$(date +%s%3N) LEVELS=("INFO" "WARN" "ERROR" "ALERT" "CRITICAL" "DEBUG") LEVEL=${LEVELS[$RANDOM % ${#LEVELS[@]}]} TAGS=("tenant:hospitalA" "tenant:hospitalB" "clinic:cardiology" "clinic:emergency" "clinic:oncology" "env:prod" "env:staging") TAG=${TAGS[$RANDOM % ${#TAGS[@]}]} PATIENT_ID="PID$((100000 + RANDOM % 900000))" ENCOUNTER_ID="ENC$((10000 + RANDOM % 90000))" CLINICIAN="dr_$((RANDOM % 1000))" ROOM=$((100 + RANDOM % 900)) MESSAGES=( "ADMISSION patient_id=${PATIENT_ID} encounter=${ENCOUNTER_ID} clinician=${CLINICIAN} room=${ROOM} reason='chest pain' tags=${TAG}" "VITALS patient_id=${PATIENT_ID} encounter=${ENCOUNTER_ID} hr=$((60 + RANDOM % 80)) bpm=${ROOM}bpm bp=$((100 + RANDOM % 30))/ $((60 + RANDOM % 20)) spo2=$((90 + RANDOM % 10)) tags=${TAG}" "MED_ADMIN patient_id=${PATIENT_ID} encounter=${ENCOUNTER_ID} med='Heparin' dose='5000IU' route=iv clinician=${CLINICIAN} tags=${TAG}" "LAB_RESULT patient_id=${PATIENT_ID} encounter=${ENCOUNTER_ID} test='CBC' result='WBC:$((RANDOM % 15)).$((RANDOM % 9)) K/uL' status=final tags=${TAG}" "ORDER patient_id=${PATIENT_ID} encounter=${ENCOUNTER_ID} order='CT Chest' status='placed' clinician=${CLINICIAN} tags=${TAG}" "ALERT patient_id=${PATIENT_ID} encounter=${ENCOUNTER_ID} type='rapid_response' reason='sudden hypotension' clinician=${CLINICIAN} tags=${TAG}" "DISCHARGE patient_id=${PATIENT_ID} encounter=${ENCOUNTER_ID} disposition='home' summary='stable' clinician=${CLINICIAN} tags=${TAG}" "TRANSFER patient_id=${PATIENT_ID} from='ER' to='ICU' reason='respiratory failure' clinician=${CLINICIAN} tags=${TAG}" "SCHEDULE_UPDATE patient_id=${PATIENT_ID} sched='followup' date='2025-12-15' clinician=${CLINICIAN} tags=${TAG}" "SYSTEM patient_id=${PATIENT_ID} encounter=${ENCOUNTER_ID} msg='HL7 ingestion success' msg_id=MSG$((RANDOM % 100000)) tags=${TAG}" ) MESSAGE=${MESSAGES[$RANDOM % ${#MESSAGES[@]}]} LOG_MSG="[$LEVEL] $MESSAGE" # Escape double-quotes for JSON ESC_MSG=${LOG_MSG//\"/\\\"} PAYLOAD="[{\"timestamp\":$TIMESTAMP,\"message\":\"$ESC_MSG\"}]" if [ -z "$TOKEN" ]; then RESP=$(aws logs put-log-events \ --log-group-name "$LOG_GROUP" \ --log-stream-name "$LOG_STREAM" \ --log-events "$PAYLOAD" 2>&1) else RESP=$(aws logs put-log-events \ --log-group-name "$LOG_GROUP" \ --log-stream-name "$LOG_STREAM" \ --log-events "$PAYLOAD" \ --sequence-token "$TOKEN" 2>&1) fi # grab nextSequenceToken if present if command -v jq >/dev/null 2>&1; then TOKEN=$(echo "$RESP" | jq -r '.nextSequenceToken // empty') else TOKEN=$(echo "$RESP" | sed -n 's/.*"nextSequenceToken"[[:space:]]*:[[:space:]]*"\([^"]*\)".*/\1/p') fi # show error if any echo "$RESP" | grep -i "error" >/dev/null 2>&1 && echo "AWS CLI response: $RESP" sleep 3 done echo "✅ Finished pushing healthcare logs for $DURATION seconds" dd_resource_key:arn:aws:logs:us-east-1:869310686590:log-group:/aws/applogs/my-service ============Cloudwatch Log Filter==== "[ERROR]"