Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

AWS Cloudwatch Filter and Pattern Syntax

Tags:

amazon-web-services

amazon-cloudwatch

amazon-cloudwatchlogs

amazon-cloudwatch-metrics

I'm following the instructions here https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html

but it's not working as i'm expecting it to.

I currently have the following cloudwatch log subscription filter pattern: ? "UNKNOWN_TOPIC_OR_PARTITION" ? " SEVERE " ? " severe " ? " FATAL " ? " fatal " - "closing session"

I would like to match any patter with " fatal " whilst excluding "closing session" from the results.

However, the above filter is matching other log output:

enter image description here

like image 297
Ebrahim Moshaya Avatar asked May 21 '19 13:05

Ebrahim Moshaya

People also ask

How do I find patterns in CloudWatch Logs?

To search your logs using the consoleOpen the CloudWatch console at https://console.aws.amazon.com/cloudwatch/ . In the navigation pane, choose Log groups. For Log Groups, choose the name of the log group containing the log stream to search. For Log Streams, choose the name of the log stream to search.

What are the 3 states of the CloudWatch metric alarm?

A CloudWatch Alarm is always in one of three states: OK, ALARM, or INSUFFICIENT_DATA.

2 Answers

You can't with event filter in CloudWatch... but you can with Logs Insights

CloudWatch -> CloudWatch Logs -> Logs Insights

Or

CloudWatch -> CloudWatch Logs -> Log groups -> [your service logs] -> [Button Logs Insights]

Logs Insights

Logs Insights UI

  1. Log service (you need to pick what logs of your services will to track
  2. In this part you can select the range of time.
  3. Here you have your querybox and here you can put querys like an SQL

So in your case you can with this in the query box

fields @timestamp, @message
| sort @timestamp desc
| filter @message like /SEVERE|severe|FATAL|fatal|closing session/

Now click on run query and you will see only logs that you want with that filters.

like image 144
Derek Menénedez Avatar answered Oct 15 '22 08:10

Derek Menénedez

Try this Filter pattern:

[(w1="*UNKNOWN_TOPIC_OR_PARTITION*" || w1="*SEVERE*" || w1="*severe*" || w1="*FATAL*" || w1="*fatal*") && w1!="*closing session*"]
like image 5
Ivan Avatar answered Oct 15 '22 08:10

Ivan
Sign in to Comment

Related questions

AWS: Amazon Cognito vs STS and SAML
How to build and use flink-connector-kinesis?
Sorry! Something went wrong during authentication between Kibana and Amazon Cognito
How to save sklearn model on s3 using joblib.dump?
AWS::Event::Rule FailedInvocation debug info?
Configure Cloudflare to point to AWS Amplify
Find the newest products using Amazon API
How can I retrieve all items from the paginated result of a DynamoDBMapper query()?
Is the fanout pattern using AWS SNS ans SQS reliable?
How to deploy and Run Amazon Kinesis Application on Amazon Kinesis service
Reference an existing AWS VPC Id in CloudFormation script when creating subnets
What is aws_access_key_id and aws_secret_access_key in AWS?
How to use Ubuntu 14.04 on AWS Elastic Beanstalk for a Python Django app
Handling different end points for AWS API Gateway Stages
Amazon AWSClientFactory does not exists
Locally modified /boot/grub/menu.lst on update ubuntu 16.04 with AWS EC2
How to sort on field type ''text" in Elastic search
aws cloudfront path pattern for multiple file types
API Gateway returning 403 - Forbidden
"An error occurred: LogGroup - <resource name> already exists" while trying to deploy Serverless

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!