CloudWatch Logs provides you with a few different search capacities to efficiently analyze your log data and search through your log files. These capacities include the following:
The following section presents a simple scenario for searching through log files stored in CloudWatch Logs.
Performing a Search in CloudWatch Logs
Go through the following steps to search the log files stored in CloudWatch Logs:
Figure 8.13: CloudWatch menu screen
Figure 8.14: Log group selection screen
You will see the log files that match the result.
You have just seen how to search through your CloudWatch log files. Next, you will take a look at metrics, both AWS-generated and custom-made.
Metrics, which are quantitative measurements representing a specific aspect of a resource’s performance, behavior, or utilization, are automatically collected in Amazon CloudWatch from AWS services such as DynamoDB database instances and Lambda functions. As metrics are collected over time, you can quickly graph their values and then choose the timeframe (e.g., 3 hours, 1 day, or 1 month) that you would like to see them.
You can also create a custom metric. These metrics are relevant to your organization and can be made based on the values in your log files. Custom metrics can track any essential data in your company, infrastructure, or application. Examples could be the number of requests your application receives or how many errors a particular application returns.
In the next section, you will see how to create metric filters in CloudWatch from predefined and custom metrics.
In AWS CloudWatch, a metric filter provides a way to extract the data from your log files and then transform it into custom metrics. These metric filters allow you to create custom metrics from log data and then use those custom-created metrics to monitor your environment, create alarms, and perform analytical analysis.
To create a metric filter, you must define a pattern that CloudWatch uses to pull data from log events. This pattern can be a complex regular expression looking for various terms that will match within its bounds, or it could be a very simple string that is a true or false match. Once you have determined what you are looking for in the log files, you can then specify which fields to search in the logs. The search could be narrowed down to the DateTime field or one of the values in the log entry.
After you have created the metric filter, the CloudWatch service will automatically apply it to any new log data that comes into the log group and extract the metric data based on the filter pattern. Results will then be shown on the CloudWatch console and can be used to make custom dashboards or create alarms for the values in the metric data.
An example would be a metric filter that automatically searches for Access Denied in log-in attempts from web application logs streaming to CloudWatch Logs. You could create the metric that monitors for this in the log files to create a count. A CloudWatch alarm could also be created if the count rises above a certain number in a specific period (such as 5 minutes) to notify the security team of a brute-force attack on the application.
You can effectively extract and transform log data into actionable metrics with metric filters. The next section dives deeper into CloudWatch alarms.