Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to get additional lines of context in a CloudWatch Insights query?

Tags:

amazon-web-services

amazon-cloudwatch

aws-cloudwatch-log-insights

I typically run a query like

fields @timestamp, @message
| filter @message like /ERROR/
| sort @timestamp desc
| limit 20

Is there any way to get additional lines of context around the messages containing "ERROR"? Similar to the A, B, and C flags with grep?

Example

For example, if I have a given log with the following lines

DEBUG Line 1
DEBUG Line 2
ERROR message
DEBUG Line 3
DEBUG Line 4

Currently I get the following result

ERROR message

But I would like to get more context lines like

DEBUG Line 2
ERROR message
DEBUG Line 3

with the option to get more lines of context if I want.

like image 519
feus4177 Avatar asked Mar 03 '20 20:03

feus4177

People also ask

How do I find a string in CloudWatch logs?

To search your logs using the consoleOpen the CloudWatch console at https://console.aws.amazon.com/cloudwatch/ . In the navigation pane, choose Log groups. For Log Groups, choose the name of the log group containing the log stream to search. For Log Streams, choose the name of the log stream to search.

2 Answers

You can actually query the @logStream as well, which in the results will be a link to the exact spot in the respective log stream of the match:

fields @timestamp, @message, @logStream
| filter @message like /ERROR/
| sort @timestamp desc
| limit 20

That will give you a column similar to the right-most one in this screenshot:

enter image description here

Clicking the link to the right will take you to and highlight the matching log line. I like to open this in a new tab and look around the highlighted line for context.

Hope that helps!

like image 70
robdasilva Avatar answered Oct 02 '22 17:10

robdasilva

I found that the most useful solution is to do your query and search for errors and get the request id from the "requestId" field and open up a second browser tab. In the second tab perform a search on that request id.

Example:

fields @timestamp, @message
| filter @requestId like /fcd09029-0e22-4f57-826e-a64ccb385330/ 
| sort @timestamp asc
| limit 500

With the above query you get all the log messages in the correct order for the request where the error occurred. This is an example that works out of the box with lambda. But if you push logs to CloudWatch in a different way and there is no requestId i would suggest creating a requestId per request or another identifier that is more useful for you use case and push that with your log event.

like image 32
Kevin Avatar answered Oct 01 '22 17:10

Kevin
Sign in to Comment

Related questions

AWS CloudFront returns http 307 when origin is S3 bucket
SSH EC2 asking for password
Athena greater than condition in date column
When should I use a t2.medium vs. a m3.medium instance type within AWS?
This distribution is not configured to allow the HTTP request
Find if AWS instance is running Amazon Linux 1 or 2?
AWS Cognito Authentication USER_PASSWORD_AUTH flow not enabled for this client
How to append a value to list attribute on AWS DynamoDB?
AWS : Invalid identity pool configuration. Check assigned IAM roles for this pool
Docker Error - "jq: error: Cannot iterate over null"
Retrieve S3 file as Object instead of downloading to absolute system path
Reading a file from a private S3 bucket to a pandas dataframe
AWS Elastic Beanstalk change RDS Endpoint
Possible to get multiple object from Amazon S3 in single request?
Avoiding INSUFFICIENT DATA in Cloudwatch?
AWS ECS error: Task failed ELB health checks in Target group
Is it possible to upload to S3 directly from URL using POST?
AWS CloudFormation create-stack vs deploy
How to add more devices to AWS root account MFA
Referencing env variables from Elastic Beanstalk .ebextensions config files

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!