In this recipe, we used Amazon Athena to query CloudTrail logs in S3. Athena uses queries based on Structured Query Language (SQL) and creates virtual tables. If we are new to Athena, before we can run our queries, we should set up a query result location in Amazon S3. We clicked on the Run advanced queries in Amazon Athena option from within the CloudTrail dashboard and AWS created an Athena table. Then, we went to Athena and ran a preview query. We modified the query and executed it. Finally, we exported the results into a CSV file using an icon from the results screen. 

After, we ran the SELECT * FROM "default"."cloudtrail_logs_aws_sec_cb_trail" limit 2; query. In this query, the "default"."cloudtrail_logs_aws_sec_cb_trail" table was auto-populated when we generated the query. Select * selects all the columns, while limit 2 limits the records that are returned to two.