how to push only error and warning logs to cloudwatch

0

I am using awslogs to push the logs to cloudwatch log groups, how ever it is pushing everything. Is there a way where i push only error and warning messages from awslogs conf file?

2 Answers
1

If you don't have large amounts of log data, you may simply continue sending all data and filter it directly in CloudWatchs, for example via Logs Insights. This has the advantage that you don't lose any of your log data (such as Info or Debug messages) and still can query for relevant information at a later point, for example for troubleshooting.

If you want to filter data at the source, you should look at alternative log drivers, for example Firelens. Firelens can also send logs to CloudWatch, but supports more advanced features such as using regular expressions.

profile pictureAWS
Daniel
answered 2 years ago
0

Hello,

The awslogs agent is deprecated and will not receive any new updates. While you can continue to use it, we strongly recommend you to upgrading to the new unified CloudWatch agent.[1]

In the new unified CloudWatch agent, you can consider the filter field in the logs section[2] of the CW Agent configuration to exclude logs matching a certain criteria.

From [2],

For example, the following excerpt of the CloudWatch agent configuration file publishes logs that are PUT and POST requests to CloudWatch Logs, but excluding logs that come from Firefox.
"collect_list": [ 
  {
    "file_path": "/opt/aws/amazon-cloudwatch-agent/logs/test.log", 
    "log_group_name": "test.log", 
    "log_stream_name": "test.log",
    "filters": [
      {
        "type": "exclude",
        "expression": "Firefox"
      },
      {
        "type": "include",
        "expression": "P(UT|OST)"
      }
    ]
  },
  .....
]

[1] https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AgentReference.html [2] https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Agent-Configuration-File-Details.html#CloudWatch-Agent-Configuration-File-Logssection

AWS
SUPPORT ENGINEER
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions