Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

CloudWatch Logs Filter case insensitive multiple terms or connected

Tags:

amazon-web-services

amazon-cloudwatch

amazon-cloudwatchlogs

cloudwatch

I'm just trying to create an alarm based on CloudWatch Logs Filter which triggers on multiple terms (or connected, not and) and is case insensitive

Using "error warning" as pattern is not working

I'm looking for filter pattern reacting to all of the following errors and warnings:

ERROR: first sample
Error: second sample
error: third sample
{ ERROR: "fourth sample"}
{type: "error"}
WARNING: SOMETHING BAD!
{ WARNING: "fifth sample"}
like image 742
Manuel Avatar asked Mar 04 '17 18:03

Manuel

People also ask

How do you aggregate CloudWatch logs?

To run a query with an aggregation functionOpen the CloudWatch console at https://console.aws.amazon.com/cloudwatch/ . In the navigation pane, choose Logs, and then choose Logs Insights. In the Select log group(s) drop down, choose one or more log groups to query.

How do I know if CloudWatch logs are encrypted?

By default, the CloudWatch Logs service manages the server-side encryption keys. If you want to manage the keys used for encrypting and decrypting your logs, use customer master keys (CMK) from AWS Key Management Service. For more information, see Encrypt log data in CloudWatch Logs using AWS Key Management Service.

2 Answers

If you need to filter upon some strings you can OR them as follows:

?"String1" ?"String2"

and so on. Try it.

like image 128
Sach Avatar answered Sep 28 '22 07:09

Sach

Per the AWS Documentation concerning Filter and Pattern Syntax, you cannot use "error warning" to capture an "OR" relationship because:

  • You can specify multiple terms in a metric filter pattern, but all terms must appear in a log event for there to be a match.

Or in other words, CloudWatch Log metric filters expect an "AND" relationship.

Likewise:

  • Metric filters are case sensitive.

So you'll be unable to achieve this with a single filter. You'll need a filter for each case-sensitive permutation of "error" and "warning" that you expect to write to Cloudwatch Logs.

In order to set a single alarm on all of these filters, simply configure each filter to use the same CloudWatch metric. Here's an example from the AWS Console where each of my metric filters are targeted towards my LogMetric/test metric:

AWS Console showing several metric filters using the same CloudWatch metric.

I can then simply create a CloudWatch alarm based on the LogMetric/test metric to alarm on the sum of these distinct metric filters.

like image 29
Anthony Neace Avatar answered Sep 28 '22 05:09

Anthony Neace
Sign in to Comment

Related questions

git aws.push command not created by eb init
Configuring Amazon Elastic Beanstalk with PostGIS
Can't ssh into AWS EC2 after enabling firewall
What are all the resources that can be associated with a security group in AWS?
Creating a AWS Cognito PreSignup Lambda in DotNet
In Boto3, how to create a Paginator for list_objects with additional keyword arguments?
How to list the files in S3 subdirectory using Python
Auto reboot an AWS EC2 instance at midnight
Installing Chromium on Amazon Linux
Invalid syntax error on running AWS command
Terraform AWS ACM certificates in us-east-1 for resources in eu-west-1
How to set DBParameterGroup Family property for Postgres 10.6
Extract Protected Request Response from AWS SDK for PHP
Does AWS support Kubernetes?
Amazon CloudFront Alternate Domain Names
AWS Lambda gateway API gives error message
How to automate EBS encryption with Elastic Beanstalk
AWS Lambda w/ SQS trigger, SQS Lambda Destinations, never adds to destination queue
Should I use CouchDB or SimpleDB?
Writing to Kinesis stream using AWS Lambda Function

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!