Automate Error Detection with CloudWatch Log Alarms

Assume you have a log group in CloudWatch that continuously holds the application logs. If the logs are encoded as JSON, it will be very useful to filter the logs based on specific JSON keys or fields.

Here is the CloudWatch query that filters logs with level = error and aggregates them by the count of occurrences.

fields @timestamp, @message
| filter level = "error"
| stats count(*) by @log

If you want an automated alert every time level = error appears, you can turn it into a CloudWatch Metric Alarm. Use the following command to create such an alarm.

aws cloudwatch put-metric-alarm --cli-input-json file://alarm.json

And here is the alarm.json file that contains all the required information.

    "logGroupName": "prod-backend/docker/api",
    "filterName": "api-error",
    "filterPattern": "{ $.level = \"error\" }",
    "metricTransformations": [
            "metricName": "api-error",
            "metricNamespace": "api",
            "metricValue": "1",
            "unit": "count"

Finally, you can connect the api-error metric to an SNS topic to get notified every time an error occurs in the log group.