How do I resolve empty log issues in CloudWatch?

3 minute read

I want to resolve empty log issues in Amazon CloudWatch.

Resolution

To resolve empty log issues in CloudWatch, complete the following steps:

Check the log group metrics

When data is ingested to CloudWatch, CloudWatch Logs generate log group metrics. The log group level metrics IncomingLogEvents and IncomingBytes receive data points when the log group receives data. If there's no data points in the specified time period, then the log group didn't receive data from the source.

Check that the source publishes data

If you use the unified CloudWatch Agent to publish log data to CloudWatch, then check that the CloudWatch agent runs with no errors. Make sure that the correct source log file path is included in the agent configuration. Also, make sure that the source log file has logs to push to CloudWatch. For more information, see How do I resolve my unified CloudWatch agent not pushing log events?

To test the connectivity from the source to the logs endpoint, run the following commands:

Note: Replace example-region with your required AWS Region.

telnet logs.<example-region>.amazonaws.com 443

nc -zv logs.<example-region>.amazonaws.com 443

If you have connectivity issues from the preceding commands, then check the following:

Check that the security groups and network access control lists (network ACLs) allow connectivity.
Check that the source has internet connectivity.
If you use Amazon Virtual Private Cloud (Amazon VPC) endpoints, then check the endpoints. Make sure that the endpoints resolve to an Amazon VPC IP address and the endpoint security group allows access from the source IP address.
Check that the PutLogEvents constraints are satisfied.

Review the permissions

Check that the source has permissions to publish data to the required log group. The following is a sample policy that you can use with the source AWS Identity and Access Management (IAM) policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Statement1",
      "Effect": "Allow",
      "Action": [
        "logs:PutLogEvents"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}

If the log source creates new log groups and log streams when data is pushed to CloudWatch, then check the Action parameter of the policy. Make sure that the logs:CreateLogGroup and logs:CreateLogStream permissions are included.

To prevent AccessDenied errors when you read logs, make sure that the required IAM user or role has the minimum permissions for logs:GetLogEvents. If you use the AWS Management Console to view logs, then make sure you have the logs:DescribeLogGroups, logs:DescribeLogStreams, and logs:GetLogEvents permissions.

Check the log group configuration

For the log group, make sure that the retention period is set appropriately and that you retrieve logs that are present within the retention period. Logs that are deleted after their retention period expires are permanently deleted and can't be recovered.

Topics

Management & Governance

Relevant content

AWSUtility::CloudFormation::CommandRunner Logging stays empty
Adam
asked 8 months ago
The logs aren't updating in cloudwatch log group for an ECS task
gchauhaan
asked 2 years ago
CloudWatch Logs retention setting leaves behind empty log streams
rePost-User-2767921
asked 2 years ago
Cloudwatch Subscription Filter does not ingest logs in Kinesis Data Stream
maryem
asked a month ago
Hide sensitive data in CloudWatch logs
rePost-User-9502702
asked a year ago
Which log group is causing a sudden increase in my CloudWatch Logs bill?
AWS OFFICIALUpdated 9 months ago
I configured Amazon CloudWatch to export log data to Amazon S3, but the log data is either missing or invalid. How do I resolve this issue?
AWS OFFICIALUpdated 2 years ago
How do I resolve the "Log group does not exist" error for Lambda function logs in the CloudWatch console?
AWS OFFICIALUpdated 3 years ago
How do I resolve throttling errors in my CloudWatch logs?
AWS OFFICIALUpdated a month ago
Decoding Instance-State log in EMR
SUPPORT ENGINEER
Yokesh NK
published 10 days ago