#!/usr/bin/env bash
#  vim:ts=4:sts=4:sw=4:et
#
#  Author: Hari Sekhon
#  Date: 2021-12-23 12:14:19 +0000 (Thu, 23 Dec 2021)
#
#  https://github.com/HariSekhon/bash-tools
#
#  License: see accompanying Hari Sekhon LICENSE file
#
#  If you're using my code you're welcome to connect with me on LinkedIn and optionally send me feedback to help steer this or other code I publish
#
#  https://www.linkedin.com/in/HariSekhon
#

set -euo pipefail
[ -n "${DEBUG:-}" ] && set -x
srcdir="$(dirname "${BASH_SOURCE[0]}")"

# shellcheck disable=SC1090
. "$srcdir/lib/aws.sh"

# shellcheck disable=SC2034,SC2154
usage_description="
Search CloudWatch Logs, inserting a more human friendly hours ago optional args to generate the --start-time and --end-time epochs in milliseconds

Defaults to finding logs in the last 24 hours but can optionally take an hours argument to search the last N hours

You must supply the --log-group-name and --filter-pattern arguments in addition to potentially supplying the hours ago args at the start

Examples:

    ${0##*/} --log-group-name aws-controltower/CloudTrailLogs --filter-pattern '{ ($.eventSource = \"batch.amazonaws.com\") && ($.eventName = \"SubmitJob\") }'

    ${0##*/} 48 ...    # start 48 hours ago to present

    ${0##*/} 24 3 ...  # start 24 hours ago up to to 3 hours ago

    ${0##*/} --start-time \"\$(date +%s --date='2021-12-21')000\" --end-time \"\$(date +%s --date='2021-12-23')000\"  ... # explicitly calculated dates, using standard AWS CLI options (now you see why I default to the simple hours ago optional args)


Output Format in AWS JSON


$usage_aws_cli_required
"

# used by usage() in lib/utils.sh
# shellcheck disable=SC2034
usage_args="[<hours_ago_start> <hours_ago_end> <aws_cli_options>]"

help_usage "$@"

min_args 4 "$@"

export AWS_DEFAULT_OUTPUT=json

hours_ago_start=24
hours_ago_end=0

if [ -n "${1:-}" ] &&
   ! [[ "${1:-}" =~ ^- ]]; then
    hours_ago_start="$1"
    shift || :
fi

if [ -n "${1:-}" ] &&
   ! [[ "${1:-}" =~ ^- ]]; then
    hours_ago_end="$1"
    shift || :
fi

if ! [[ "$hours_ago_start" =~ ^[[:digit:]]+$ ]]; then
    usage "invalid value given for hours ago start argument, must be an integer"
fi

if ! [[ "$hours_ago_end" =~ ^[[:digit:]]+$ ]]; then
    usage "invalid value given for hours ago end argument, must be an integer"
fi

if ! [[ "$*" =~ --start-time ]]; then
    args+=( --start-time "$(date '+%s' --date="$hours_ago_start hours ago")000" )
fi
if ! [[ "$*" =~ --end-time ]]; then
    args+=( --end-time "$(date '+%s' --date="$hours_ago_end hours ago")000" )
fi

aws logs filter-log-events ${args[@]:+"${args[@]}"} \
                           "$@"
                           #--max-items 1 \
                           # --region eu-west-2  # set AWS_DEFAULT_REGION or pass --region via $@
                           #--end-time "$(date '+%s')000" \