DEV Community

Cover image for 10 CloudWatch Logs Insights examples for serverless applications
Tomasz Łakomy for AWS Heroes

Posted on • Edited on • Originally published at cloudash.dev

10 CloudWatch Logs Insights examples for serverless applications

CloudWatch Logs Insights is a CloudWatch feature that allows you to interactively search and analyze your log data in Amazon CloudWatch Logs. You can perform queries to help you more efficiently and effectively respond to operational issues, diagnose problems, and troubleshoot application performance.

CloudWatch Logs Insights syntax can be difficult to learn, that's why this post contains 10 CloudWatch Logs Insights examples for serverless applications we find useful in our daily work as serverless engineers.

Find all logs for a given request ID or X-Ray trace ID

fields @timestamp, @message
| filter @message like /REQUEST_ID_GOES_HERE/
Enter fullscreen mode Exit fullscreen mode

Note: /REQUEST_ID_GOES_HERE/ is a placeholder for the actual request ID/xRayTraceId you want to search for. Bear in mind that /something/ is a regular expression.

Find 50 most recent errors

fields Timestamp, LogLevel, Message
| filter LogLevel == "ERR"
| sort @timestamp desc
| limit 50
Enter fullscreen mode Exit fullscreen mode

Find the most expensive Lambda function invocations

filter @type = "REPORT"
| fields @requestId, @billedDuration
| sort by @billedDuration desc
Enter fullscreen mode Exit fullscreen mode

View latency stats for 5-minute intervals for a Lambda function

filter @type = "REPORT"
| stats avg(@duration), max(@duration), min(@duration) by bin(5m)
Enter fullscreen mode Exit fullscreen mode

Determine the amount of overprovisioned memory for a Lambda function

filter @type = "REPORT"
| stats max(@memorySize / 1024 / 1024) as provisonedMemoryMB,
  min(@maxMemoryUsed / 1024 / 1024) as smallestMemoryRequestMB,
  avg(@maxMemoryUsed / 1024 / 1024) as avgMemoryUsedMB,
  max(@maxMemoryUsed / 1024 / 1024) as maxMemoryUsedMB,
  provisonedMemoryMB - maxMemoryUsedMB as overProvisionedMB
Enter fullscreen mode Exit fullscreen mode

Note:

Lambda allocates CPU power in proportion to the amount of memory configured. Memory is the amount of memory available to your Lambda function at runtime. You can increase or decrease the memory and CPU power allocated to your function using the Memory (MB) setting.

Find a non-200 error in API Gateway Execution Logs

fields @timestamp, @message, @requestId, @duration, @xrayTraceId, @logStream, @logStream
| filter
   @message like /fail/ or
   @message like /timed/ or
   @message like /X-Amz-Function-Error/ or
   @message like /tatus: 4/ or
   @message like /tatus: 5/
| sort @timestamp desc
Enter fullscreen mode Exit fullscreen mode

Count a number of cold starts, average init time and maximum init duration of a Lambda function

filter @type="REPORT"
| fields @memorySize / 1000000 as memorySize
| filter @message like /(?i)(Init Duration)/
| parse @message /^REPORT.*Init Duration: (?<initDuration>.*) ms.*/
| parse @log /^.*\/aws\/lambda\/(?<functionName>.*)/
| stats count() as coldStarts, avg(initDuration) as avgInitDuration, max(initDuration) as maxIntDuration by functionName, memorySize
Enter fullscreen mode Exit fullscreen mode

Lambda cold start percentage over time

filter @type = "REPORT"
| stats
  sum(strcontains(
    @message,
    "Init Duration"))
  / count(*)
  * 100
  as coldStartPercentage,
  avg(@duration)
  by bin(5m)
Enter fullscreen mode Exit fullscreen mode

Credit: https://github.com/julianwood/serverless-cloudwatch-logs-insights-examples

Show average duration, max duration, min duration, P99 percentile duration and request count

filter @type = "REPORT"
| stats avg(@duration), max(@duration), min(@duration), pct(@duration, 99), count(@duration) by bin(5m)
Enter fullscreen mode Exit fullscreen mode

Exclude informational logs to highlight only Lambda errors

fields @timestamp, @message
| sort @timestamp desc
| filter @message not like 'EXTENSION'
| filter @message not like 'Lambda Insights'
| filter @message not like 'INFO'
| filter @message not like 'REPORT'
| filter @message not like 'END'
| filter @message not like 'START'
Enter fullscreen mode Exit fullscreen mode

CloudWatch Logs Insights queries are not free (although there is a free tier). For instance for in us-east-1 AWS will charge you $0.005 per GB of data scanned for a query. Note that according to Amazon CloudWatch FAQ you won't be charged for failed queries and if you cancel a query manually, you are charged for the amount of ingested log data scanned up to the point at which you cancelled the query.

Find out more at https://aws.amazon.com/cloudwatch/pricing/


Stay on top of your logs. ⚡️

Cloudash screenshot

Introducing Cloudash, a desktop app for monitoring your serverless services performance, invocations, errors and more.

Did a production incident happen last week? Or 20 seconds ago? With Cloudash you can search, filter and browse your serverless logs and metrics effortlessly.

Search for whatever you want, whenever you want. Cloudash comes with built-in filtering capabilities enabling to get to the bottom of your problems faster than ever before.

Get started here.

Top comments (2)

Collapse
 
prozz profile image
prozz

Good stuff Tomasz!

Collapse
 
tlakomy profile image
Tomasz Łakomy

Just noticed your comment! Thank you, I appreciate that!