Skip to content

Instantly share code, notes, and snippets.

@SingingBush

SingingBush/CloudWatch examples.md

Last active October 26, 2022 16:14
Show Gist options
  • Save SingingBush/739b0469b4bf520f58e8ce2981bac0aa to your computer and use it in GitHub Desktop.
Save SingingBush/739b0469b4bf520f58e8ce2981bac0aa to your computer and use it in GitHub Desktop.
Download ZIP
Advanced CloudWatch queries for aggregating and visualising application logs
Raw
CloudWatch examples.md

CloudWatch is really powerful. As well as just searching your logs you can quickly aggregate and visualise data from your logs.

Visualising warnings and errors in a line chart

In this example we use a regex make a capture group for loglevel based on lines such as 2022-10-26T16:00:00.000Z ERROR something bad happened! then count how many times the logs contained a WARN or ERROR in the log file in a 30 minute interval. This query can be used in conjunction with the Visualization tab in CloudWatch (select Line from the dropdown).

With a little editing based on your use case, this query wiil help build an overview of your error rate

fields @timestamp, @logLevel
| parse @message /^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d+Z\s(?<@logLevel>\w+).*$/
| filter ispresent(@logLevel)
| parse @logLevel "ERROR" as errors
| parse @logLevel "WARN" as warnings
| stats count(errors) as TotalErrors,
   count(warnings) as TotalWarnings
   by bin(30m)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment