:doc:`CloudWatchLogs <../../logs>` / Client / describe_log_groups

*******************
describe_log_groups
*******************



.. py:method:: CloudWatchLogs.Client.describe_log_groups(**kwargs)

  

  Returns information about log groups, including data sources that ingest into each log group. You can return all your log groups or filter the results by prefix. The results are ASCII-sorted by log group name.

   

  CloudWatch Logs doesn't support IAM policies that control access to the ``DescribeLogGroups`` action by using the ``aws:ResourceTag/key-name`` condition key. Other CloudWatch Logs actions do support the use of the ``aws:ResourceTag/key-name`` condition key to control access. For more information about using tags to control access, see `Controlling access to Amazon Web Services resources using tags <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html>`__.

   

  If you are using CloudWatch cross-account observability, you can use this operation in a monitoring account and view data from the linked source accounts. For more information, see `CloudWatch cross-account observability <https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html>`__.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeLogGroups>`_  


  **Request Syntax**
  ::

    response = client.describe_log_groups(
        accountIdentifiers=[
            'string',
        ],
        logGroupNamePrefix='string',
        logGroupNamePattern='string',
        nextToken='string',
        limit=123,
        includeLinkedAccounts=True|False,
        logGroupClass='STANDARD'|'INFREQUENT_ACCESS'|'DELIVERY',
        logGroupIdentifiers=[
            'string',
        ]
    )
    
  :type accountIdentifiers: list
  :param accountIdentifiers: 

    When ``includeLinkedAccounts`` is set to ``true``, use this parameter to specify the list of accounts to search. You can specify as many as 20 account IDs in the array.

    

  
    - *(string) --* 

    

  :type logGroupNamePrefix: string
  :param logGroupNamePrefix: 

    The prefix to match.

     

    .. note::

      

      ``logGroupNamePrefix`` and ``logGroupNamePattern`` are mutually exclusive. Only one of these parameters can be passed.

      

    

  
  :type logGroupNamePattern: string
  :param logGroupNamePattern: 

    If you specify a string for this parameter, the operation returns only log groups that have names that match the string based on a case-sensitive substring search. For example, if you specify ``DataLogs``, log groups named ``DataLogs``, ``aws/DataLogs``, and ``GroupDataLogs`` would match, but ``datalogs``, ``Data/log/s`` and ``Groupdata`` would not match.

     

    If you specify ``logGroupNamePattern`` in your request, then only ``arn``, ``creationTime``, and ``logGroupName`` are included in the response.

     

    .. note::

      

      ``logGroupNamePattern`` and ``logGroupNamePrefix`` are mutually exclusive. Only one of these parameters can be passed.

      

    

  
  :type nextToken: string
  :param nextToken: 

    The token for the next set of items to return. (You received this token from a previous call.)

    

  
  :type limit: integer
  :param limit: 

    The maximum number of items returned. If you don't specify a value, the default is up to 50 items.

    

  
  :type includeLinkedAccounts: boolean
  :param includeLinkedAccounts: 

    If you are using a monitoring account, set this to ``true`` to have the operation return log groups in the accounts listed in ``accountIdentifiers``.

     

    If this parameter is set to ``true`` and ``accountIdentifiers`` contains a null value, the operation returns all log groups in the monitoring account and all log groups in all source accounts that are linked to the monitoring account.

     

    The default for this parameter is ``false``.

    

  
  :type logGroupClass: string
  :param logGroupClass: 

    Use this parameter to limit the results to only those log groups in the specified log group class. If you omit this parameter, log groups of all classes can be returned.

     

    Specifies the log group class for this log group. There are three classes:

     

    
    * The ``Standard`` log class supports all CloudWatch Logs features.
     
    * The ``Infrequent Access`` log class supports a subset of CloudWatch Logs features and incurs lower costs.
     
    * Use the ``Delivery`` log class only for delivering Lambda logs to store in Amazon S3 or Amazon Data Firehose. Log events in log groups in the Delivery class are kept in CloudWatch Logs for only one day. This log class doesn't offer rich CloudWatch Logs capabilities such as CloudWatch Logs Insights queries.
    

     

    For details about the features supported by each class, see `Log classes <https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch_Logs_Log_Classes.html>`__

    

  
  :type logGroupIdentifiers: list
  :param logGroupIdentifiers: 

    Use this array to filter the list of log groups returned. If you specify this parameter, the only other filter that you can choose to specify is ``includeLinkedAccounts``.

     

    If you are using this operation in a monitoring account, you can specify the ARNs of log groups in source accounts and in the monitoring account itself. If you are using this operation in an account that is not a cross-account monitoring account, you can specify only log group names in the same account as the operation.

    

  
    - *(string) --* 

    

  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'logGroups': [
              {
                  'logGroupName': 'string',
                  'creationTime': 123,
                  'retentionInDays': 123,
                  'metricFilterCount': 123,
                  'arn': 'string',
                  'storedBytes': 123,
                  'kmsKeyId': 'string',
                  'dataProtectionStatus': 'ACTIVATED'|'DELETED'|'ARCHIVED'|'DISABLED',
                  'inheritedProperties': [
                      'ACCOUNT_DATA_PROTECTION',
                  ],
                  'logGroupClass': 'STANDARD'|'INFREQUENT_ACCESS'|'DELIVERY',
                  'logGroupArn': 'string',
                  'deletionProtectionEnabled': True|False
              },
          ],
          'nextToken': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **logGroups** *(list) --* 

        An array of structures, where each structure contains the information about one log group.

        
        

        - *(dict) --* 

          Represents a log group.

          
          

          - **logGroupName** *(string) --* 

            The name of the log group.

            
          

          - **creationTime** *(integer) --* 

            The creation time of the log group, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.

            
          

          - **retentionInDays** *(integer) --* 

            The number of days to retain the log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, and 3653.

             

            To set a log group so that its log events do not expire, use `DeleteRetentionPolicy <https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteRetentionPolicy.html>`__.

            
          

          - **metricFilterCount** *(integer) --* 

            The number of metric filters.

            
          

          - **arn** *(string) --* 

            The Amazon Resource Name (ARN) of the log group. This version of the ARN includes a trailing ``:*`` after the log group name.

             

            Use this version to refer to the ARN in IAM policies when specifying permissions for most API actions. The exception is when specifying permissions for `TagResource <https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_TagResource.html>`__, `UntagResource <https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UntagResource.html>`__, and `ListTagsForResource <https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListTagsForResource.html>`__. The permissions for those three actions require the ARN version that doesn't include a trailing ``:*``.

            
          

          - **storedBytes** *(integer) --* 

            The number of bytes stored.

            
          

          - **kmsKeyId** *(string) --* 

            The Amazon Resource Name (ARN) of the KMS key to use when encrypting log data.

            
          

          - **dataProtectionStatus** *(string) --* 

            Displays whether this log group has a protection policy, or whether it had one in the past. For more information, see `PutDataProtectionPolicy <https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDataProtectionPolicy.html>`__.

            
          

          - **inheritedProperties** *(list) --* 

            Displays all the properties that this log group has inherited from account-level settings.

            
            

            - *(string) --* 
        
          

          - **logGroupClass** *(string) --* 

            This specifies the log group class for this log group. There are three classes:

             

            
            * The ``Standard`` log class supports all CloudWatch Logs features.
             
            * The ``Infrequent Access`` log class supports a subset of CloudWatch Logs features and incurs lower costs.
             
            * Use the ``Delivery`` log class only for delivering Lambda logs to store in Amazon S3 or Amazon Data Firehose. Log events in log groups in the Delivery class are kept in CloudWatch Logs for only one day. This log class doesn't offer rich CloudWatch Logs capabilities such as CloudWatch Logs Insights queries.
            

             

            For details about the features supported by the Standard and Infrequent Access classes, see `Log classes <https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch_Logs_Log_Classes.html>`__

            
          

          - **logGroupArn** *(string) --* 

            The Amazon Resource Name (ARN) of the log group. This version of the ARN doesn't include a trailing ``:*`` after the log group name.

             

            Use this version to refer to the ARN in the following situations:

             

            
            * In the ``logGroupIdentifier`` input field in many CloudWatch Logs APIs.
             
            * In the ``resourceArn`` field in tagging APIs
             
            * In IAM policies, when specifying permissions for `TagResource <https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_TagResource.html>`__, `UntagResource <https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_UntagResource.html>`__, and `ListTagsForResource <https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListTagsForResource.html>`__.
            

            
          

          - **deletionProtectionEnabled** *(boolean) --* 

            Indicates whether deletion protection is enabled for this log group. When enabled, deletion protection blocks all deletion operations until it is explicitly disabled.

            
      
    
      

      - **nextToken** *(string) --* 

        The token for the next set of items to return. The token expires after 24 hours.

        
  
  **Exceptions**
  
  *   :py:class:`CloudWatchLogs.Client.exceptions.InvalidParameterException`

  
  *   :py:class:`CloudWatchLogs.Client.exceptions.ServiceUnavailableException`

  