I am trying to create a monthly AWS CloudWatch Log Insights report using Terraform. I want a relative filter by timestamp so that I am only getting the logs between (30 days ago) and (now).
Here is my resource:
resource "aws_cloudwatch_query_definition" "audit_connections" {
name = "audit_connections"
log_group_names = ["/aws/rds/instance/stuff"]
query_string = <<EOF
fields @timestamp, @message
| filter @message like /application_name/ and not (@message like /AUDIT/)
(FILTER BY TIMESTAMP HERE)
EOF
}
Similar to this question, but the answer/solution was "just use the buttons at the top", whereas I need to do the timestamp in Terraform. All examples I have seen have absolute between date and date, and I need mine to be relative as it's based on a monthly CRON.