# Automate Error Detection with CloudWatch Log Alarms

Assume you have a log group in CloudWatch that continuously holds the application logs. If the logs are encoded as JSON, it will be very useful to filter the logs based on specific JSON keys or fields.

Here is the CloudWatch query that filters logs with `level = error` and aggregates them by the count of occurrences.

```bash
fields @timestamp, @message
| filter level = "error"
| stats count(*) by @log
```

If you want an automated alert every time `level = error` appears, you can turn it into a CloudWatch Metric Alarm. Use the following command to create such an alarm.

```bash
aws cloudwatch put-metric-alarm --cli-input-json file://alarm.json
```

And here is the `alarm.json` file that contains all the required information.

```yaml
{
    "logGroupName": "prod-backend/docker/api",
    "filterName": "api-error",
    "filterPattern": "{ $.level = \"error\" }",
    "metricTransformations": [
        {
            "metricName": "api-error",
            "metricNamespace": "api",
            "metricValue": "1",
            "unit": "count"
        }
    ]
}
```

Finally, you can connect the `api-error` metric to an SNS topic to get notified every time an error occurs in the log group.