- Newest
- Most votes
- Most comments
If you don't have large amounts of log data, you may simply continue sending all data and filter it directly in CloudWatchs, for example via Logs Insights. This has the advantage that you don't lose any of your log data (such as Info or Debug messages) and still can query for relevant information at a later point, for example for troubleshooting.
If you want to filter data at the source, you should look at alternative log drivers, for example Firelens. Firelens can also send logs to CloudWatch, but supports more advanced features such as using regular expressions.
Hello,
The awslogs
agent is deprecated and will not receive any new updates. While you can continue to use it, we strongly recommend you to upgrading to the new unified CloudWatch agent.[1]
In the new unified CloudWatch agent, you can consider the filter
field in the logs section[2] of the CW Agent configuration to exclude logs matching a certain criteria.
From [2],
For example, the following excerpt of the CloudWatch agent configuration file publishes logs that are PUT and POST requests to CloudWatch Logs, but excluding logs that come from Firefox.
"collect_list": [
{
"file_path": "/opt/aws/amazon-cloudwatch-agent/logs/test.log",
"log_group_name": "test.log",
"log_stream_name": "test.log",
"filters": [
{
"type": "exclude",
"expression": "Firefox"
},
{
"type": "include",
"expression": "P(UT|OST)"
}
]
},
.....
]
[1] https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AgentReference.html [2] https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Agent-Configuration-File-Details.html#CloudWatch-Agent-Configuration-File-Logssection
Relevant content
- Accepted Answerasked 24 days ago
- asked 2 years ago
- asked 6 months ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago