Logs
CloudWatch Logs is AWS's centralised logging service.
Concepts
- Logs are configurations of sources.
- Log Streams are instances of a given log.
- Log Groups are a collection of streams with the same retention time, monitoring and access control rules.
Integrations
Most AWS services have integrations with CloudWatch logs:
- Config
- EC2 instances logs via an agent
- CloudTrail
Metric filters
JSON records can be filtered using JSON path syntax (of the form { SELECTOR OPERATOR VALUE }
, where selector is expressed in the form $.objects[0].property
, the $.
anchoring the expression to the root of the object):
{ $.eventName = "x" }
These can be used to filter logs to create custom metrics (based on matching log record volume) for visualisation and alerting.
Insights
Log Insights provides search, analysis and visualisation tools for fast, interactive querying of log data. It uses a pay-as-you-go pricing model.
The following fields are added by default:
@timestamp
@logStream
@message
Commands
Pipe (|
) delimited series of operations on a pipeline. Examples:
fields x, y, z
filter x = 1
filter like /regexp/
stats sum(y) by z as @sumYByZ
sort by @sumYByZ desc
limit 10
parse @field "[*]" as @severity | stats count(*) by @severity
Children
Backlinks