Stack Overflow
Stack Overflow

Questions tagged [aws-cloudwatch-log-insights]

301 questions
7
votes
0 answers

Cloudwatch dashboard insight graphs - can I set binsize dynamically?

I'm using dashboards to monitor various output stats on AWS. Lets say it looks something like this: stats avg(myfield1), min(myfield2), max(myfield3) by bin(1m) This works fine - however I am by default using a bin size of 1 minute - so the data…
Simm
  • 91
  • 4
7
votes
1 answer

How to configure AWS cloudWatchAgent to collect logs recursively from a folder on an EC2 instance?

I have a logs directory on a EC2 instance and cloud watch agent running over there. In the CloudWatch agent configuration file I have given log file details as below "logs": { "logs_collected": { "files": { "collect_list": [ …
Nish
  • 922
  • 13
  • 31
7
votes
3 answers

CloudWatchLogs line length limit

I was wondering if CLoudWatchLogs has a limit on the length of 1 line of logging. I checked the CloudWatchLogs Limit documentation page, but they do not specify anything regarding line length limit. They do mention the Event size limit (256 KB) ,…
Titulum
  • 9,928
  • 11
  • 41
  • 79
6
votes
1 answer

CloudWatch Logs Insights isn't finding data that exists in logstream

I am running fluent-bit as a sidecar on my EKS cluster for an application to tail application log files and write events to CloudWatch Logs. Through CloudWatch Logs Insights, I then set up some queries and dashboards to analyze those logs. This all…
Mike
  • 1,791
  • 1
  • 17
  • 23
6
votes
0 answers

Multi faceted time series visualisation in CloudWatch Log Insights

I'm trying to create a multi-faceted time series graph in CloudWatch Log Insights. I can create a multi-faceted query which is not a time series, and I can create an unfaceted time series query, but I can't seem to do both. For example: I can do a…
RikSaunderson
  • 3,505
  • 6
  • 32
  • 50
6
votes
1 answer

In CloudWatch Insights, how do I filter out log entries that don't have a parsed value?

Suppose I have the following Insights query fields @timestamp, @message | parse @message 'status=*" as status | display @timestamp, status, @message Some log messages don't have a status. I'd like to filter those out. How do I do that?
kane
  • 5,465
  • 6
  • 44
  • 72
6
votes
2 answers

Filtering AWS CloudWatch raw log events by multiple values / AWS CLI

Given the following query on CloudWatch that extracts logs with messages including "entry 1456" (where 1456 is an ID) how should I extend this to take multiple IDs and what is the corresponding CLI command? fields @message | filter @message like…
OmaymaS
  • 1,671
  • 1
  • 14
  • 18
6
votes
1 answer

Removing specific log events from CloudWatchLogs

I looked through the documentation of CloudWatch Logs, but I could not find any method to manually remove partial data from a log stream. The only way to remove data is to: Remove the log stream, but that will remove all data (not just the data we…
Titulum
  • 9,928
  • 11
  • 41
  • 79
5
votes
2 answers

AWS log Insigts parse NGINX log

I am trying to use aws log insights to run query on my log group that contains nginx log. This is my log format that I have setup on my ec2 machine: log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent…
Aniket Paul
  • 309
  • 1
  • 6
  • 13
5
votes
1 answer

In Amazon Cloudwatch Insights, how do you take a statistic of a statistic?

I am using AWS Cloudwatch Insights and running a query like this: fields @message, @timestamp | filter strcontains(@message, "Something of interest happened") | stats count() as interestCount by bin(10m) as tenMinuteTime | stats max(interestCount)…
TheHans255
  • 2,059
  • 1
  • 19
  • 36
5
votes
1 answer

CloudWatch Insights By Date

I'm trying to create a CloudWatch Insights query for Amazon Connect that will give me call counts by date. I'm able to get the number of log messages by date, however, I need to only count unique ContactId's. The query I have has many duplicated…
TimWagaman
  • 980
  • 1
  • 10
  • 31
5
votes
1 answer

AWS Log insights: specify @timestamp field output format/timezone?

When I use fields @timestamp in a Cloudwatch "log insights" query, it adds a column to the result table that is formatted into my local timezone like 2020-07-01T05:52:15.840+10:00. I don't want it to do the local timezone conversion, I want the…
Shorn
  • 19,077
  • 15
  • 90
  • 168
5
votes
2 answers

Is there a way to truncate a field value in CloudWatch?

Suppose I have a simple Insights query like so fields @timestamp, @message Is there a way to truncate the @message field. For example, say I only want to skip the 1st 50 characters. I know I can use the parse function but is there a simpler way, an…
kane
  • 5,465
  • 6
  • 44
  • 72
5
votes
1 answer

How to display all CloudWatch logs from log stream if one log has a specific message?

I'm pretty new to AWS CloudWatch logs query syntax and looking for a solution to my problem. I want to come up with proper CloudWatch query that would display all the logs from a specific log stream if one log in it contains a unique value. It looks…
AzureFireIce
  • 93
  • 3
  • 9
4
votes
0 answers

Group by field and bin for CloudWatch Logs Insights line chart

I want to create a line chart with two lines in AWS CloudWatch Logs Insights. One line representing mobile users and the other desktop users, showing a success rate for each group of users. This this is the code I am working with: | fields …
John Skiles Skinner
  • 1,611
  • 1
  • 8
  • 21
1 2
3
19 20