Questions tagged [aws-cloudwatch-log-insights]
301 questions
134
votes
5 answers
AWS Log Insights query with string contains
how do I query with contains string in AWS Log insights
fields @timestamp, @message
filter @message = "user not found"
| sort @timestamp desc
| limit 20
fields @timestamp, @message
filter @message strcontains("User not found")
| sort @timestamp…
kumar
- 8,207
- 20
- 85
- 176
66
votes
3 answers
How to get additional lines of context in a CloudWatch Insights query?
I typically run a query like
fields @timestamp, @message
| filter @message like /ERROR/
| sort @timestamp desc
| limit 20
Is there any way to get additional lines of context around the messages containing "ERROR"? Similar to the A, B, and C flags…
feus4177
- 1,193
- 1
- 11
- 15
57
votes
2 answers
Filter by timestamp query on AWS Cloudwatch Logs Insights
I am trying to use AWS Cloudwatch Logs insights in order to search in some quite old logs of our lambda functions. I am reading this guide on AWS docs, but nowhere is documented how you can filter by timestamp. I have tried the below:
fields…
babis21
- 1,515
- 1
- 16
- 29
43
votes
4 answers
AWS CloudWatch Logs Insights - export full query result?
I have a CloudWatch Logs Insights query, which shows "7000 records matched", but when I try Actions -> Download query results (CSV), only 1000 records are exported (same as shown in the console). I cannot find any way to export the "full" query…
lznt
- 2,330
- 2
- 22
- 27
40
votes
4 answers
Aggregate logs by field value and plot as multiple series using AWS CloudWatch Insights
Analysing some log files using AWS CloudWatch Insights, I can plot a count aggregated in time bins with:
| stats count(*) by bin(1h)
This produces a graph, as expected, aggregating all logs in each time bin.
I want to split this data by a 'group'…
Tom Dufall
- 871
- 1
- 10
- 21
37
votes
1 answer
How can I sort results by aggregate in Cloudwatch Log Insights?
I have a pretty straightforward query:
fields @timestamp, req.url, msg
| sort @timestamp desc
| filter msg = "request completed"
| stats count() by req.url
It presents all requests served by my app aggregated by url. However, I would also like to…
Max Yankov
- 12,551
- 12
- 67
- 135
35
votes
2 answers
How to filter CloudWatch Log Insights with ispresent() function
I'm trying to perform a really simple query on the not so new AWS Cloudwatch Log Insights
I'm following their documentation to filter my logs using ispresent function.
The query is the following:
fields @timestamp, status
| filter ispresent(status)…
Gustavo Lopes
- 3,794
- 4
- 17
- 57
33
votes
15 answers
Is there a way to generate the AWS Console URLs for CloudWatch Log Group filters?
I would like to send my users directly to a specific log group and filter but I need to be able to generate the proper URL format. For example, this URL…
Richard Hurt
- 2,049
- 24
- 32
32
votes
2 answers
How to query distinct from AWS log insights
I need to query data from lambda using AWS Cloudwatch log insights.
The query syntax provide by aws doesn't have distinct.
Only support (count_distinct(fieldname))
ref.…
PKS
- 321
- 1
- 3
- 3
25
votes
1 answer
How to run a group by in AWS Cloud Watch Logs Insights
I have CWL Entries as below. Showing entries in SQL Type for clarity
Name City
1 Chicago
2 Wuhan
3 Chicago
4 Wuhan
5 Los Angeles
Now I want to get below output
City Count
Chicago 2
Wuhan 2
Los Angeles …
Unbreakable
- 7,776
- 24
- 90
- 171
22
votes
1 answer
AWS Cloudwatch Logs Insights find logs close to another log or timestamp
On AWS Cloudwatch Log Insights, often after you filter your logs and find an interesting log message you want to see what was happening right before or after that message.
What is the best way to find log messages right next to another message?
I…
Ali
- 18,665
- 21
- 103
- 138
20
votes
0 answers
Parsing a timestamp to use with CW Log Insights functions
Attempting to use a built-in Cloudwatch Log function like "date_floor" with a 8601 timestamp string like "2020-03-24T19:03:34.645Z" gives back an "Invalid date" error in Cloudwatch Log Insights.
Does anyone know what is required to parse/cast…
scolestock
- 717
- 6
- 17
20
votes
6 answers
CloudWatch Insights: get logs of errored lambdas
A lambda can have a result that is either a success or an error.
I want to see the logs of lambda that errored. I am trying to do that via a CloudWatch Insights query.
How can I do this?
Matthieu Napoli
- 48,448
- 45
- 173
- 261
19
votes
2 answers
AWS CloudWatch Logs Insights alarms
Is it possible to set alarms based on CloudWatch Logs Insights queries? In this page it says the following: In addition, you can publish log-based metrics, create alarms, and correlate logs and metrics together in CloudWatch Dashboards for complete…
jimmone
- 446
- 1
- 6
- 15
18
votes
2 answers
Display empty bin as a zero value in AWS Log Insights graph
With this count query by bin:
filter @message like / error /
| stats count() as exceptionCount by bin(30m)
I get a discontinuous graph, which is hard to grasp:
Is is possible for AWS Cloudwatch Log Insights to consider the empty bin as zero count…
pba
- 700
- 8
- 18