Automate Error Detection with CloudWatch Log Alarms

Md. Minhazul HaqueMd. Minhazul Haque
1 min read

Assume you have a log group in CloudWatch that continuously holds the application logs. If the logs are encoded as JSON, it will be very useful to filter the logs based on specific JSON keys or fields.

Here is the CloudWatch query that filters logs with level = error and aggregates them by the count of occurrences.

fields @timestamp, @message
| filter level = "error"
| stats count(*) by @log

If you want an automated alert every time level = error appears, you can turn it into a CloudWatch Metric Alarm. Use the following command to create such an alarm.

aws cloudwatch put-metric-alarm --cli-input-json file://alarm.json

And here is the alarm.json file that contains all the required information.

{
    "logGroupName": "prod-backend/docker/api",
    "filterName": "api-error",
    "filterPattern": "{ $.level = \"error\" }",
    "metricTransformations": [
        {
            "metricName": "api-error",
            "metricNamespace": "api",
            "metricValue": "1",
            "unit": "count"
        }
    ]
}

Finally, you can connect the api-error metric to an SNS topic to get notified every time an error occurs in the log group.

0
Subscribe to my newsletter

Read articles from Md. Minhazul Haque directly inside your inbox. Subscribe to the newsletter, and don't miss out.

#CloudWatchsnsAWSAlarms

Written by

Md. Minhazul Haque
Md. Minhazul Haque

DevOps Engineer | Kubernetes | Python | Terraform | AWS | GCP