Assume you have a log group in CloudWatch that continuously holds the application logs. If the logs are encoded as JSON, it will be very useful to filter the logs based on specific JSON keys or fields.
Here is the CloudWatch query that filters logs with level = error
and aggregates them by the count of occurrences.
fields @timestamp, @message
| filter level = "error"
| stats count(*) by @log
If you want an automated alert every time level = error
appears, you can turn it into a CloudWatch Metric Alarm. Use the following command to create such an alarm.
aws cloudwatch put-metric-alarm --cli-input-json file://alarm.json
And here is the alarm.json
file that contains all the required information.
{
"logGroupName": "prod-backend/docker/api",
"filterName": "api-error",
"filterPattern": "{ $.level = \"error\" }",
"metricTransformations": [
{
"metricName": "api-error",
"metricNamespace": "api",
"metricValue": "1",
"unit": "count"
}
]
}
Finally, you can connect the api-error
metric to an SNS topic to get notified every time an error occurs in the log group.