awsdocs
diff --git a/‎.doc_gen/metadata/cloudwatch-logs_metadata.yaml‎
Lines changed: 36 additions & 0 deletions b/‎.doc_gen/metadata/cloudwatch-logs_metadata.yaml‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎dotnetv3/CloudWatchLogs/README.md‎
Lines changed: 23 additions & 1 deletion b/‎dotnetv3/CloudWatchLogs/README.md‎
Lines changed: 23 additions & 1 deletion
diff --git a/‎dotnetv4/CloudWatchLogs/LargeQuery/README.md‎
Lines changed: 87 additions & 8 deletions b/‎dotnetv4/CloudWatchLogs/LargeQuery/README.md‎
Lines changed: 87 additions & 8 deletions
diff --git a/‎dotnetv4/CloudWatchLogs/LargeQuery/Scenarios/LargeQueryWorkflow.cs‎
Lines changed: 41 additions & 1 deletion b/‎dotnetv4/CloudWatchLogs/LargeQuery/Scenarios/LargeQueryWorkflow.cs‎
Lines changed: 41 additions & 1 deletion
@@ -288,6 +288,14 @@ cloudwatch-logs_PutSubscriptionFilter:
     cloudwatch-logs: {PutSubscriptionFilter}
 cloudwatch-logs_GetQueryResults:
   languages:
+    .NET:
+      versions:
+        - sdk_version: 3
+          github: dotnetv4/CloudWatchLogs/LargeQuery
+          excerpts:
+            - description:
+              snippet_tags:
+                - CloudWatchLogs.dotnetv4.GetQueryResults
     JavaScript:
       versions:
         - sdk_version: 3
@@ -306,8 +314,28 @@ cloudwatch-logs_GetQueryResults:
                 - python.example_code.cloudwatch_logs.get_query_results
   services:
     cloudwatch-logs: {GetQueryResults}
+cloudwatch-logs_PutLogEvents:
+  languages:
+    .NET:
+      versions:
+        - sdk_version: 3
+          github: dotnetv4/CloudWatchLogs/LargeQuery
+          excerpts:
+            - description:
+              snippet_tags:
+                - CloudWatchLogs.dotnetv4.PutLogEvents
+  services:
+    cloudwatch-logs: {PutLogEvents}
 cloudwatch-logs_StartQuery:
   languages:
+    .NET:
+      versions:
+        - sdk_version: 3
+          github: dotnetv4/CloudWatchLogs/LargeQuery
+          excerpts:
+            - description:
+              snippet_tags:
+                - CloudWatchLogs.dotnetv4.StartQuery
     JavaScript:
       versions:
         - sdk_version: 3
@@ -332,6 +360,14 @@ cloudwatch-logs_Scenario_BigQuery:
   synopsis: use &CWL; to query more than 10,000 records.
   category: Scenarios
   languages:
+    .NET:
+      versions:
+        - sdk_version: 3
+          github: dotnetv4/CloudWatchLogs/LargeQuery
+          excerpts:
+            - description: This is the main workflow that demonstrates the large query scenario.
+              snippet_tags:
+                - CloudWatchLogs.dotnetv4.LargeQueryWorkflow
     JavaScript:
       versions:
         - sdk_version: 3
 
@@ -41,6 +41,16 @@ Code excerpts that show you how to call individual service functions.
 - [DeleteLogGroup](DeleteLogGroupExample/DeleteLogGroup.cs#L6)
 - [DescribeExportTasks](DescribeExportTasksExample/DescribeExportTasks.cs#L6)
 - [DescribeLogGroups](DescribeLogGroupsExample/DescribeLogGroups.cs#L6)
+- [GetQueryResults](../../dotnetv4/CloudWatchLogs/LargeQuery/Actions/CloudWatchLogsWrapper.cs#L79)
+- [PutLogEvents](../../dotnetv4/CloudWatchLogs/LargeQuery/Actions/CloudWatchLogsWrapper.cs#L110)
+- [StartQuery](../../dotnetv4/CloudWatchLogs/LargeQuery/Actions/CloudWatchLogsWrapper.cs#L30)
+
+### Scenarios
+
+Code examples that show you how to accomplish a specific task by calling multiple
+functions within the same service.
+
+- [Run a large query](../../dotnetv4/CloudWatchLogs/LargeQuery/Scenarios/LargeQueryWorkflow.cs)
 
 
 <!--custom.examples.start-->
@@ -73,6 +83,18 @@ Alternatively, you can run the example from within your IDE.
 
 
 
+#### Run a large query
+
+This example shows you how to use CloudWatch Logs to query more than 10,000 records.
+
+
+<!--custom.scenario_prereqs.cloudwatch-logs_Scenario_BigQuery.start-->
+<!--custom.scenario_prereqs.cloudwatch-logs_Scenario_BigQuery.end-->
+
+
+<!--custom.scenarios.cloudwatch-logs_Scenario_BigQuery.start-->
+<!--custom.scenarios.cloudwatch-logs_Scenario_BigQuery.end-->
+
 ### Tests
 
 ⚠ Running tests might result in charges to your AWS account.
@@ -99,4 +121,4 @@ in the `dotnetv3` folder.
 
 Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 
-SPDX-License-Identifier: Apache-2.0
+SPDX-License-Identifier: Apache-2.0
@@ -2,6 +2,17 @@
 
 This folder contains a .NET feature scenario that demonstrates how to perform large-scale queries on Amazon CloudWatch Logs using recursive binary search to retrieve more than the 10,000 result limit.
 
+## Overview
+
+CloudWatch Logs Insights queries have a maximum result limit of 10,000 records per query. This example demonstrates how to overcome this limitation by using a recursive binary search algorithm that splits the time range into smaller segments when the limit is reached.
+
+The scenario performs the following steps:
+
+1. **Setup**: Deploys a CloudFormation stack with a log group and log stream
+2. **Data Generation**: Creates and uploads 50,000 sample log entries
+3. **Query Execution**: Performs recursive queries to retrieve all logs using binary search
+4. **Cleanup**: Removes all created resources
+
 ## Project Structure
 
 ```
@@ -14,7 +25,7 @@ LargeQuery/
 │   ├── README.md                         # Detailed scenario documentation
 │   └── CloudWatchLogsScenario.csproj     # Scenario project file
 ├── Tests/
-│   ├── LargeQueryWorkflowTests.cs        # Unit tests
+│   ├── LargeQueryWorkflowTests.cs        # Integration tests
 │   ├── Usings.cs                         # Global usings
 │   └── CloudWatchLogsTests.csproj        # Test project file
 └── CloudWatchLogsLargeQuery.sln          # Solution file
@@ -23,13 +34,16 @@ LargeQuery/
 ## What This Example Demonstrates
 
 - Deploying AWS resources using CloudFormation
-- Generating and ingesting large volumes of log data
-- Performing CloudWatch Logs Insights queries
+- Generating and ingesting large volumes of log data using PutLogEvents
+- Performing CloudWatch Logs Insights queries with StartQuery and GetQueryResults
 - Using recursive binary search to retrieve more than 10,000 results
+- Handling timestamp precision for accurate query splitting
 - Cleaning up resources after completion
 
 ## Running the Example
 
+### Interactive Mode
+
 1. Navigate to the solution directory:
    ```
    cd dotnetv4/CloudWatchLogs/LargeQuery
@@ -45,22 +59,87 @@ LargeQuery/
    dotnet run --project Scenarios/CloudWatchLogsScenario.csproj
    ```
 
-4. Run the tests:
-   ```
-   dotnet test
-   ```
+4. Follow the prompts to:
+   - Deploy the CloudFormation stack
+   - Generate sample logs
+   - Execute the recursive query
+   - View sample results
+   - Clean up resources
+
+### Non-Interactive Mode (Testing)
+
+Run the integration tests to execute the scenario without user prompts:
+
+```
+dotnet test
+```
+
+The test verifies that the scenario completes without errors and successfully retrieves all 50,000 log entries.
 
 ## Prerequisites
 
 - .NET 8.0 or later
 - AWS credentials configured
-- Permissions for CloudWatch Logs and CloudFormation
+- Permissions for:
+  - CloudWatch Logs (CreateLogGroup, CreateLogStream, PutLogEvents, StartQuery, GetQueryResults, DeleteLogGroup)
+  - CloudFormation (CreateStack, DescribeStacks, DeleteStack)
+
+## How It Works
+
+### Recursive Query Algorithm
+
+The key to retrieving more than 10,000 results is the recursive binary search algorithm:
+
+1. Execute a query with the full date range
+2. If results < 10,000, return them (we have all logs in this range)
+3. If results = 10,000, there may be more logs:
+   - Get the timestamp of the last result
+   - Calculate the midpoint between the last timestamp and end date
+   - Recursively query the first half (last timestamp to midpoint)
+   - Recursively query the second half (midpoint to end date)
+   - Combine all results
+
+This approach ensures all logs are retrieved by progressively narrowing the time ranges until each segment contains fewer than 10,000 results.
+
+### Timestamp Precision
+
+The algorithm uses millisecond precision for timestamps to ensure accurate splitting and prevent duplicate or missing log entries. Each query adjusts the start time by 1 millisecond to avoid overlapping results.
+
+## Expected Output
+
+When running the scenario, you'll see output similar to:
+
+```
+--------------------------------------------------------------------------------
+Welcome to the CloudWatch Logs Large Query Scenario.
+--------------------------------------------------------------------------------
+Preparing the application...
+Deploying CloudFormation stack: CloudWatchLargeQueryStack
+CloudFormation stack creation started: CloudWatchLargeQueryStack
+Waiting for CloudFormation stack creation to complete...
+CloudFormation stack creation complete.
+Stack output RoleARN: arn:aws:iam::123456789012:role/...
+Generating 50,000 sample log entries...
+Batch 1/5: Created 10,000 log entries
+Batch 2/5: Created 10,000 log entries
+...
+Waiting 5 minutes for logs to be fully ingested...
+--------------------------------------------------------------------------------
+Starting recursive query to retrieve all logs...
+Query date range: 2024-01-15T10:00:00.000Z to 2024-01-15T10:05:00.000Z. Found 10000 logs.
+Query date range: 2024-01-15T10:02:30.000Z to 2024-01-15T10:03:45.000Z. Found 10000 logs.
+...
+Queries finished in 8.234 seconds.
+Total logs found: 50000
+--------------------------------------------------------------------------------
+```
 
 ## Related Resources
 
 - [CloudWatch Logs Documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/)
 - [CloudWatch Logs Insights Query Syntax](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html)
 - [AWS SDK for .NET](https://aws.amazon.com/sdk-for-net/)
+- [CloudWatch Logs API Reference](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/)
 
 ---
 
 
@@ -47,7 +47,7 @@ public class LargeQueryWorkflow
     private static long _queryEndDate;
 
     public static bool _interactive = true;
-    private static string _stackName = "CloudWatchLargeQueryStack";
+    public static string _stackName = "CloudWatchLargeQueryStack";
     private static string _stackResourcePath = "../../../../../../../scenarios/features/cloudwatch_logs_large_query/resources/stack.yaml";
 
     public static async Task Main(string[] args)
@@ -107,6 +107,46 @@ public static async Task Main(string[] args)
         Console.WriteLine("CloudWatch Logs Large Query scenario completed.");
     }
 
+    /// <summary>
+    /// Runs the scenario workflow. Used for testing.
+    /// </summary>
+    public static async Task RunScenario()
+    {
+        Console.WriteLine(new string('-', 80));
+        Console.WriteLine("Welcome to the CloudWatch Logs Large Query Scenario.");
+        Console.WriteLine(new string('-', 80));
+        Console.WriteLine("This scenario demonstrates how to perform large-scale queries on");
+        Console.WriteLine("CloudWatch Logs using recursive binary search to retrieve more than");
+        Console.WriteLine("the 10,000 result limit.");
+        Console.WriteLine();
+
+        try
+        {
+            Console.WriteLine(new string('-', 80));
+            var prepareSuccess = await PrepareApplication();
+            Console.WriteLine(new string('-', 80));
+
+            if (prepareSuccess)
+            {
+                Console.WriteLine(new string('-', 80));
+                await ExecuteLargeQuery();
+                Console.WriteLine(new string('-', 80));
+            }
+
+            Console.WriteLine(new string('-', 80));
+            await Cleanup();
+            Console.WriteLine(new string('-', 80));
+        }
+        catch (Exception ex)
+        {
+            _logger.LogError(ex, "There was a problem with the scenario, initiating cleanup...");
+            _interactive = false;
+            await Cleanup();
+        }
+
+        Console.WriteLine("CloudWatch Logs Large Query scenario completed.");
+    }
+
     /// <summary>
     /// Prepares the application by creating the necessary resources.
     /// </summary>