esweeney-cg · July 11, 2023 23:58
diff --git a/startq_day.sh b/startq_day.sh
 #!/usr/bin/env bash

 # Check if username argument is passed
 if [ -z "$1" ]
  then
    echo "No argument supplied. Please provide username as an argument."
    exit 1
 fi

 username="$1"  # The username is taken from the first command line argument

 mkdir -p out

 # Set log group name
 log_group_name='/aws/eks/saas-green/cluster' # replace with your log group name

 # Get current date and date 7 days ago in Unix timestamp (seconds)
 end_time=$(date +%s)
 start_time=$(date -v-7d +%s)

 # Convert time to milliseconds
 end_time=$((end_time*1000))
 start_time=$((start_time*1000))

 # Calculate a single day's worth of time in milliseconds
 one_day=$((24*60*60*1000))

 for day in $(seq 0 6); do
  # Calculate start and end times for this day
  day_start_time=$((start_time + day*one_day))
  day_end_time=$((day_start_time + one_day))

  # Start the query
  query_id=$(aws logs start-query --log-group-name $log_group_name --start-time $day_start_time --end-time $day_end_time --query-string "fields @timestamp, @message | filter user.username=\"${username}\"" --query queryId --output text)

  # Allow the query to execute (can take several seconds to minutes depending on amount of logs)
  echo "Waiting for query results..."
  sleep 15

  # Fetch the query results
  aws logs get-query-results --query-id $query_id | jq -r '.results[] | .[] | select(.field == "@message") | .value' >> out/"$username".jsonl

  jq -r '[if .user.username|type == "array" then (.user.username | join(";")) else .user.username end, if .user.extra.arn|type == "array" then (.user.extra.arn | join(";")) else .user.extra.arn end, if .user.extra.sessionName|type == "array" then (.user.extra.sessionName | join(";")) else .user.extra.sessionName end, if .userAgent|type == "array" then (.userAgent | join(";")) else .userAgent end, if .requestReceivedTimestamp|type == "array" then (.requestReceivedTimestamp | join(";")) else .requestReceivedTimestamp end] | @csv' out/"$username".jsonl > out/"$username".csv

 done
	#!/usr/bin/env bash

	# Check if username argument is passed
	if [ -z "$1" ]
	then
	echo "No argument supplied. Please provide username as an argument."
	exit 1
	fi

	username="$1" # The username is taken from the first command line argument

	mkdir -p out

	# Set log group name
	log_group_name='/aws/eks/saas-green/cluster' # replace with your log group name

	# Get current date and date 7 days ago in Unix timestamp (seconds)
	end_time=$(date +%s)
	start_time=$(date -v-7d +%s)

	# Convert time to milliseconds
	end_time=$((end_time*1000))
	start_time=$((start_time*1000))

	# Calculate a single day's worth of time in milliseconds
	one_day=$((246060*1000))

	for day in $(seq 0 6); do
	# Calculate start and end times for this day
	day_start_time=$((start_time + day*one_day))
	day_end_time=$((day_start_time + one_day))

	# Start the query
	query_id=$(aws logs start-query --log-group-name $log_group_name --start-time $day_start_time --end-time $day_end_time --query-string "fields @timestamp, @message \| filter user.username=\"${username}\"" --query queryId --output text)

	# Allow the query to execute (can take several seconds to minutes depending on amount of logs)
	echo "Waiting for query results..."
	sleep 15

	# Fetch the query results
	aws logs get-query-results --query-id $query_id \| jq -r '.results[] \| .[] \| select(.field == "@message") \| .value' >> out/"$username".jsonl

	jq -r '[if .user.username\|type == "array" then (.user.username \| join(";")) else .user.username end, if .user.extra.arn\|type == "array" then (.user.extra.arn \| join(";")) else .user.extra.arn end, if .user.extra.sessionName\|type == "array" then (.user.extra.sessionName \| join(";")) else .user.extra.sessionName end, if .userAgent\|type == "array" then (.userAgent \| join(";")) else .userAgent end, if .requestReceivedTimestamp\|type == "array" then (.requestReceivedTimestamp \| join(";")) else .requestReceivedTimestamp end] \| @csv' out/"$username".jsonl > out/"$username".csv

	done