CloudWatch | Filter by a string contained in a log stream name


Hello everyone,

CloudWatch logs have the following log group fields:

  • Timestamp
  • Ingestion time
  • Message
  • Event ID
  • Log stream name

log example

Log fields are inside square brackets and separated by arrows. I would like to exclude logs that contain a particular string in the log field name, underlined red, for example "driver". I tried to do it from the console but the console allows filtering by JSON or text message and message attributes only.

How can I create a metric filter either from aws console or aws cli to exclude logs produced by the log stream that contains string "driver" in the name?

Thank you

1 Answer


Thank you for reaching out.

To exclude terms in log events using metric filters, you can use the "Not Equal" symbol ("!=") before the term or terms which you want to exclude. For example to exclude the term "driver", you can use the filter below:

[w1!=driver, w2].


The above filter matches all other logs but excludes the log events with the term "driver".

You can test using the symbol in your logs and confirm if this works for you. If you have any challenges, I would recommend opening a case with support and share the sample logs for further insight.

answered a year ago
  • The string "driver" is inside the log stream name not inside the log event itself. I am not sure if I can filter by attributes other than log event. The filter mentioned above isn't working in my case. Thank you

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions