Logs

CloudWatch Logs is AWS's centralised logging service.

Concepts

  • Logs are configurations of sources.
  • Log Streams are instances of a given log.
  • Log Groups are a collection of streams with the same retention time, monitoring and access control rules.

Integrations

Most AWS services have integrations with CloudWatch logs:

Metric filters

JSON records can be filtered using JSON path syntax (of the form { SELECTOR OPERATOR VALUE }, where selector is expressed in the form $.objects[0].property, the $. anchoring the expression to the root of the object):

{ $.eventName = "x" }

These can be used to filter logs to create custom metrics (based on matching log record volume) for visualisation and alerting.

Insights

Log Insights provides search, analysis and visualisation tools for fast, interactive querying of log data. It uses a pay-as-you-go pricing model.

The following fields are added by default:

  • @timestamp
  • @logStream
  • @message

Commands

Pipe (|) delimited series of operations on a pipeline. Examples:

  • fields x, y, z
  • filter x = 1
  • filter like /regexp/
  • stats sum(y) by z as @sumYByZ
  • sort by @sumYByZ desc
  • limit 10
  • parse @field "[*]" as @severity | stats count(*) by @severity

Children
  1. Logs Agent

Backlinks