如何从日志组公制过滤器创建CloudWatch警报
我正在尝试从日志组公制过滤器创建CloudWatch警报。我已经创建了公制过滤器,但是由于似乎没有数据图表,因此无法设置警报。
我正在尝试设置一个度量过滤器,以跟踪我们的ECS容器日志中的502个错误。
我去CloudWatch>日志组并选择我们的组“示例-EC”。
该组包含来自ECS容器的日志流。就像部署网站时一样,创建了新的流。我认为是可以预期的,有100个日志。
web/example-task-production/1XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX 2022-04-14 13:54:14 (UTC+02:00)
web/example-task-production/2XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX 2022-05-05 12:09:00 (UTC+02:00)
web/example-task-production/3XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX 2022-04-04 18:11:03 (UTC+02:00)
web/example-task-production/4XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX 2022-04-05 09:47:15 (UTC+02:00)
如果我使用以下过滤器“搜索全部”:
[timestamp, timezone, server, from, ip, request, method, url, response, http, codetitle, code=502, bytes, sent, time]
我会得到这些搜索结果(如预期的):
05/Apr/2022:16:04:28 +0000 Server: From: XXX.XX.X.XXX Request: POST https://example.com/broken/page Response: HTTP Code: 502 Bytes Sent: 315 Time: 0.042
05/Apr/2022:16:42:02 +0000 Server: From: XXX.XX.X.XXX Request: POST https://example.com/broken/page Response: HTTP Code: 502 Bytes Sent: 315 Time: 0.062
05/Apr/2022:19:14:50 +0000 Server: From: XXX.XX.X.XXX Request: POST https://example.com/broken/page Response: HTTP Code: 502 Bytes Sent: 315 Time: 0.043
然后,我使用此过滤器模式创建了一个公制过滤器。使用以下设置:
过滤模式:
[timestamp, timezone, server, from, ip, request, method, url, response, http, codeTitle, code=502, bytes, sent, time]
“测试模式”也与上述测试匹配。
过滤名称: http502errors
公制名称空间: exteplemetric
公制名称: serverRorrorcount
度量值: 1
默认值 - 可选: 0
单位 - 可选:计数
我在过去24小时内应该有5个条目。当我尝试绘制此新指标或创建警报时,似乎没有数据。我如何做这项工作?
I'm trying to create a CloudWatch alarm from a log group metric filter. I have created the metric filter but I'm unable to setup an alarm as no data seems to be graphed.
I am trying to setup a metric filter to track 502 errors from our ECS container logs.
I go to CloudWatch > Log groups and select our group 'example-ecs'.
This group contains our log stream from our ECS containers. There are many as when the website is deployed a new stream is created. I think is is expected, there are 100s of logs.
web/example-task-production/1XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX 2022-04-14 13:54:14 (UTC+02:00)
web/example-task-production/2XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX 2022-05-05 12:09:00 (UTC+02:00)
web/example-task-production/3XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX 2022-04-04 18:11:03 (UTC+02:00)
web/example-task-production/4XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX 2022-04-05 09:47:15 (UTC+02:00)
If I 'search all' with the following filter:
[timestamp, timezone, server, from, ip, request, method, url, response, http, codetitle, code=502, bytes, sent, time]
I get these search results (as expected):
05/Apr/2022:16:04:28 +0000 Server: From: XXX.XX.X.XXX Request: POST https://example.com/broken/page Response: HTTP Code: 502 Bytes Sent: 315 Time: 0.042
05/Apr/2022:16:42:02 +0000 Server: From: XXX.XX.X.XXX Request: POST https://example.com/broken/page Response: HTTP Code: 502 Bytes Sent: 315 Time: 0.062
05/Apr/2022:19:14:50 +0000 Server: From: XXX.XX.X.XXX Request: POST https://example.com/broken/page Response: HTTP Code: 502 Bytes Sent: 315 Time: 0.043
I then created a metric filter using this filter pattern. With the following settings:
Filter pattern:
[timestamp, timezone, server, from, ip, request, method, url, response, http, codeTitle, code=502, bytes, sent, time]
The 'Test pattern' also matches the test above.
Filter name: HTTP502Errors
Metric namespace: ExampleMetric
Metric name: ServerErrorCount
Metric value: 1
Default value – optional: 0
Unit – optional: Count
I should have 5 entries in the logs within the last 24 hours. When I try and graph this new metric or create an alarm there seems to be no data in it. How do I make this work?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
创建公制过滤器时,您只能看到公制过滤器创建后生成的数据。
来自 docs :
因此您将无法看到5个匹配的日志条目,而只能看到新的日志条目。
When you create a metric filter, you can only see the data that is generated after the metric filter creation.
From docs:
So you won't be able to see the 5 matched log entries, only the new ones.