CloudWatch Logs Insights enables you to interactively search and analyze your log data in Amazon CloudWatch Logs. You can use it to identify issues, track trends, and gain insights into your applications.
Example log lines that can be analyzed:
172.31.37.134 - - [07/Jul/2020 13:18:34] "GET / HTTP/1.1" 200 -
172.31.37.134 - - [07/Jul/2020 13:18:34] "GET /status HTTP/1.1" 200 -
Query to display all logs:
fields @message
Query to show the 25 most recent log entries:
fields @timestamp, @message | sort @timestamp desc | limit 25
Query to show all logs and include parsed fields:
fields @message, @log, @logStream, @ingestionTime, @timestamp
Query to only show logs containing /status:
fields @message | filter @message like '/status'
Query to view EKS audit logs for delete verbs:
fields @timestamp, @message, @logStream, @log
| filter objectRef.namespace = 'dev' and objectRef.resource like /service.*/ and verb = 'delete'
| sort @timestamp desc
| limit 20
Query to select the logstream and filter on a string content:
fields @timestamp, @message, @logStream
| sort @timestamp desc
| filter @logStream = 'cb2a300000000000000000003b3'
| filter @message like 'msg='
Query to select the logstream and filter out string content:
fields @timestamp, @message, @logStream | sort @timestamp desc
| filter @logStream = 'cb2a300000000000000000003b3'
| filter @message not like "Something I dont want to see"
Query to filter out multiple strings:
fields @timestamp, @message, @logStream | sort @timestamp desc
| filter @logStream = 'cb2a300000000000000000003b3'
and not (
@message like "Something I dont want to see" or
@message like "also dont want to see this" or
@message like "or even this"
)