Metric Filters

You can search and filter the log data coming into CloudWatch Logs by creating one or more metric filters. Metric filters define the terms and patterns to look for in log data as it is sent to CloudWatch Logs. CloudWatch Logs uses these metric filters to turn log data into numerical CloudWatch metrics that you can graph or set an alarm on.

  1. Create a Metric filter for percentage of errors in a log group
    • In your AWS Console, navigate back to CloudWatch
    • From the navigation menu on the left, click on Log Groups under the Logs headings.
    • Find the Log Group named application.log and click to bring up that log group.
    • Select the Tab named Metric Filters, then click the button for Create Metric Filter. metricfilter
    • In the Filter pattern field, enter { $.Severity = "ERROR" }, click the button for Next

      Filter patterns are used to search for terms, phrases, or values in a log entry. For the pattern above we are looking at the “Severity” field in the JSON entry, and signaling a match when the value of that field is equal to the word “ERROR”.

    • Add the following values in the Assign metric screen:
      • Filter name: AppErrors
      • Metric namespace: LabApplication
      • Metric name: ErrorPercentage
      • Metric value: 100
      • Default value: 0
      • Unit: Percent
    • Click Next, review the configuration and click Create Metric Filter again.
    • You should now see the metric filter displayed similar to below: metricfilter
    • Return to your sample app webpage and Locate the lines labeled “Generate Some Sample Logs Here”, and “Simulate high error logs Here. These links will generate sample log entries, which will now also become metrics. Click both links a few times to generate a sample of logs.
    • You can access these metric from the within CloudWatch Metrics. Click on All Metrics, then find Lab Application in custom namespaces. From here click on Metrics with no dimensions and you should see the metric for ErrorPercentage: errorcount
  2. Create an Alarm on Error Percentage.
    • Return to the log group for application.log and click on the Metric Filters Tab. Click the check box to select the AppErrors filter, then click the button to Create Alarm.
    • In the Statistic field, select Average
    • In the period field, select 1 Minute
    • Enter the Condions as Static threshold, and ErrorPercentage Greater than 50
    • For the action, configure to send an email to the SNS topic you used in the previous portions of the Lab when the alarm triggered, click Next.
    • Give the alarm a name such as ApplicationErrorPercentage, and click Next
    • Review the configuration and click CreateAlarm
  3. Validate Metric Filter and Alarm
    • Navigate to the URL for the your Sample Site which was created for the Lab.
    • Find the link labled “Simulate high error logs here.” Click on the here link to generate some high error logs.
    • Browse back to the ErrorPercentage metric in Cloudwatch Metrics, you should see this has spiked up: errorcount
    • You should also recieve an email from the alarm you have created: errorcount