By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

AWS Cloudwatch filterquery not working as expected

0

Hi,

I have configured the log group with an instance-based logstream. There are many logs while browsing, but when I was searching the specific word "UNHEALTHY" it shows nothing.

Full Log Messages

Log filter query

Topics
Management & GovernanceNetworking & Content Delivery
Tags
AWS Management ConsoleAmazon CloudWatchAmazon CloudWatch Alarms
Language
English
Shubham
asked 21 days ago58 views
2 Answers
0
Accepted Answer

I have solved it using this filter..

U N H E A L T H Y

After using this filter, I can set an alarm based on filter metrics.

Shubham
answered 13 days ago
0

There are several reasons why your CloudWatch Logs filter query might not be returning the expected results:

  1. Time range: Ensure that the time range you've selected for your query includes the period when the "UNHEALTHY" logs were generated. Sometimes, logs take a few minutes to become available for querying after they're received by CloudWatch.

  2. Case sensitivity: CloudWatch Logs queries are case-sensitive by default. Make sure you're using the exact case of "UNHEALTHY" as it appears in your logs.

  3. Log ingestion delay: There can be a slight delay between when logs are generated and when they become available for querying in CloudWatch Logs. Try expanding your time range or waiting a few minutes before retrying your query.

  4. Filtering syntax: Double-check your filter syntax. For a simple text search, you can use:

    fields @message | filter @message like /UNHEALTHY/

  5. Log group selection: Verify that you're querying the correct log group and that the logs containing "UNHEALTHY" are indeed in this group.

  6. Partial word matching: If "UNHEALTHY" is part of a larger word or surrounded by other characters, you might need to adjust your filter. For example:

    fields @message | filter @message like /.UNHEALTHY./

  7. Log retention: Ensure that the logs you're looking for haven't been deleted due to the log retention period settings.

If you've checked all these points and are still not seeing results, you can try running a query without any filters to see all logs within your selected time range:

fields @timestamp, @message | sort @timestamp desc | limit 20

This will help you confirm that logs are present and allow you to inspect their content. If you still can't find the expected logs, you may need to investigate your log ingestion process to ensure that the logs are being sent to CloudWatch correctly.
Sources
Troubleshoot a CloudWatch Logs Insights query that returns errors | AWS re:Post
cloud watch log groups only show utc times | AWS re:Post
Cloudwatch seems to return inconsistent results | AWS re:Post

profile picture
re:Post Agent
answered 21 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content