Creating metrics from log events using filters
A log metric filter is a rule that you define for a CloudWatch Logs log group. When you create a log metric filter, you specify a filter pattern and an AWS CloudWatch metric. The filter pattern is used to extract metric data from the log events in the log group. The metric data is stored in the specified CloudWatch metric.
A CloudWatch metric can subsequently be used to create alarms and dashboards using either Grafana or CloudWatch.
For more information about log metric filters, see Working with Metric Filters in the AWS CloudWatch Logs User Guide.
This example shows how to create a log metric filter using Terraform and terraform/templates/log_metric_filter.tf
.
Step 1: Download and configure the log metric filter template
-
Locate the stack directory in your IaC repository for the environment you want to work with. For example, if you want to work with the
dev
environment and you have followed the Golden Path step-by-step guide, the stack directory isdev/infra
. -
Download the
log_metric_filter
template fromgolden-path-iac
repository
Step 2: Edit the template
-
Open the
log_metric_filter.tf
file in your preferred editor. -
Edit the variables inside the
module
block. The table blow shows the variables that you can edit.Variable Description Example value name
The name of the metric filter. my-application-logs-error-metric
log_group_name
The name of the log group to create the metric filter for. my-application-logs
pattern
The filter pattern to use. For more information, see Filter and Pattern Syntax. ERROR
metric_transformation_name
The name of the CloudWatch metric. MyApplication
metric_transformation_namespace
The namespace of the CloudWatch metric. ErrorCount
Step 3: Deploy the template
-
Run
terraform init
to initialize the Terraform configuration. -
Run
terraform plan
to see what changes will be made. -
Run
terraform apply
to apply the changes.
Step 4: Verify deployment
Verify that the new Metric filter is aggregating and filtering logs by creating a log in your log group matching the filter patter. For example, if you have created a filter for ERROR
logs, you can make your application log an error message and check if the metric filter is aggregating the log.
The metric filter should aggregate the log and create a new metric in CloudWatch. You can verify this by going to the CloudWatch console and checking the metrics for the log group has increased by 1.