使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款

How do I troubleshoot a CloudWatch Logs Insights query that shows errors or doesn't return the expected results?

4 分的閱讀內容
0

I want to troubleshoot an Amazon CloudWatch Logs Insights query that shows errors or doesn't return the expected results.

Resolution

Your CloudWatch Logs Insights query might return errors or not return the expected results for the following reasons. To troubleshoot the issue, use the appropriate solution method.

There are no logs in the log group for the time range of the query

In the CloudWatch console, check that the logs that you expect in the query results are in the log group for the query time range.

Logs are in the log group for the time range of the query, but they aren't visible in the query results

When CloudWatch Logs receives the logs, the logs take a few minutes before it's available to query. Check that the time range and time zone of the CloudWatch logs are the same as the query's time range and time zone.

If you use the filter command in your CloudWatch Logs Insights query, then make sure that the logs match the filter conditions. Also, make sure that the logs are in the log groups for the time range of the query. To run a CloudWatch Logs Insights query without a filter command, run the following command:

fields @timestamp, @message, @logStream, @log | sort @timestamp desc | limit 20

CloudWatch Logs can receive log events that have a timestamp of up to 14 days in the past. For more information, see PutLogEvents. Log events that have a timestamp that's earlier than the log group creation timestamp aren't available to query in CloudWatch Logs Insights.

A WebSocket connection error occurred

To run a query, the CloudWatch console must reach the WebSocket from your network. If your network security team doesn't allow the use of WebSockets, then you can't access CloudWatch Logs Insights in the CloudWatch console. Instead, use API commands to access CloudWatch Logs Insights. For more information, see StartQuery and GetQueryResults.

A row limit exceeded error occurred

To specify the number of log events that you want your query to return, use the limit command. If you specify a number that's more than 10000, then you receive the following error message: "Row limit exceeded. Specified: 100000. Maximum: 10000 ([X,Y]) (Service: AWSLogs; Status Code: 400; Error Code: MalformedQueryException; Request ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx; Proxy: null)."

By default, up to 1000 rows of query results appear on the console. Use the limit command to increase the rows of query results up to 10000. You can't change this quota.

It's a best practice to use the limit of 10000 records for your CloudWatch Logs Insights query. If your query returns more than 10000 records, then run the query for shorter time periods to return fewer records.

CloudWatch Logs Insights visualization doesn't display a line chart and shows an error

If your CloudWatch Logs Insights visualization doesn't show a line chart, then you might receive the following error message: "The data is not suitable for a line chart. Try a bar chart, or group your result by bin function."

To troubleshoot this issue, check if your CloudWatch Logs Insights query uses the stats, aggregation, or bin() functions to group the data. The bin() function must be the only grouping field in your CloudWatch Logs Insights query.

An "error occurred during query execution"

If you try to run a query on a large amount of data and the query needs more time to complete, then this error occurs. Review the following CloudWatch Logs Insights quotas:

  • CloudWatch Logs Insights discovers a maximum of 1000 log event fields in a log group.
  • CloudWatch Logs Insights extracts a maximum of 200 log event fields from a JSON log.
  • A maximum of 50 log groups can be queried in a single CloudWatch Logs Insights query.
  • For Standard class log groups, you can run a maximum of 30 concurrent CloudWatch Logs Insights queries. This includes queries that are added to dashboards.
  • For Infrequent Access class log groups, you can run a maximum of 5 concurrent CloudWatch Logs Insights queries. This includes queries that are added to dashboards.
  • Queries in CloudWatch Logs Insights time out after 60 minutes.

Related information

Analyzing log data with CloudWatch Logs Insights

CloudWatch Logs Insights query syntax

Sample queries

AWS 官方
AWS 官方已更新 1 個月前