How do you re-log errors to another Cloudwatch Stream? - amazon-web-services

I am monitoring our Serverless AWS Lambda application using Cloudwatch and Cloudwatch insights. In order to cut down cost on displaying errors and error graphs, I want to re-log our errors to an additional stream that is separate from all our normal interactions with our users.
I know you can add Cloudwatch subscriptions with filters, but when I try to use Kenesis Firehose, it only has those streaming to external log providers. What is the correct or best way to re-log these to another Cloudwatch stream if they meet a filter constraint?

Related

Workaround for 2 subscription-filter limit in AWS Cloudwatch Logs

I have several lambda functions deployed on AWS that I want to monitor directly for errors to update a postgresql table with.
I have created a lambda to parse streamed log data and update the db. I want to set up subscription filters between this lambda and my other function logs.
There are 6 log streams I want to monitor and the AWS Console limits the subscription filters to 2 per log group.
Is there a workaround or a better way to implement this kind of monitoring?
Thanks

Detect errors in cloudwatch logs using eventbridge

I am looking for the best way to detect errors in cloudwatch logs which are logged by lambda functions, the log output is structured.
I was considering using a metric filter to trigger a lambda but I think eventbridge is now the preferred way to do this sort of thing but from the documentation I cannot work out what is the right way to approach it.
I would like to trigger the same eventbridge rule for any error in any log group if this is possible as all the logs have the same format.
Is it possible to do this purely from cloudwatch log entries so I do not need to add additional code to my functions to call event bridge using the AWS api's?
Instead I would like to trigger the rule whenever a matching json object gets inserted into cloudwatch logs.
I was not even able to find the event structure for cloudwatch log updates.
Amazon EventBridge is a serverless event bus for building event-driven applications. It is best suited for application to application integration with event filtering. Your use case seems to be of pure monitoring ( or notification)
For your use case (monitoring) using the metric filter will be the simple and elegant option.
For implementation (nodejs) refer :CloudWatch log multiple custom metric filters to trigger lambda function

AWS CloudWatch Rule triggered by Log Event

I want to create CloudWatch Rule that would be triggered upon creation of Log Event. For that reason as an event pattern I selected CloudWatch Logs service but when I try to generate some Cloud Watch logs the rule is not getting triggered. I can not find any example of using aws.logs as a source for an event and hence my question if I'm doing something wrong.
This is because the only events for logs available are AWS API Call via CloudTrail. CloudWatch Logs does not generate CloudWatch events on receiving new log entries.
For the Logs API call events to work, you need to setup CloudTrial trial.
However, if you want to trigger your lambda function based on log entries, I can recommend using subscription filters for lambda:
You can use subscriptions to get access to a real-time feed of log events from CloudWatch Logs and have it delivered to other services such as a Amazon Kinesis stream, Amazon Kinesis Data Firehose stream, or AWS Lambda for custom processing, analysis, or loading to other systems.

AWS: Is it possible to monitor an external service?

With CloudWatch you can monitor applications running on AWS. Is it also possible to monitor an external service?
For example, I have a REST API and I want to get notified once that API is not accessible anymore. Does AWS offer you a monitoring tool for that purpose?
Not Cloudwatch just by itself, but you can use a combination of Cloudwatch and Lambdas to do what you're asking. You can use cloudwatch events to run lambdas on a schedule, something like once every 5 mins.
CloudwatchEvents -> HealthCheck Lambda -> Cloudwatch Custom Metrics
Your lambda can then ping the API you're monitoring the health of, and either send its status to cloudwatch as a custom metric; or potentially if your lambda throws an error when the API fails, the lambda error metric which is already in cloudwatch becomes your API failure metric
Once the metric exists in cloudwatch, either as a custom metric or the lambda metric by proxy, you're able to do usual cloudwatch things like alarms and notifications.
Now there is a simple way to monitor external resources - CloudWatch Synthetics. Just create a canary to regularly monitor a website, API or even validate a multi-step UI flow.
Read more in the docs: CloudWatch > Using Synthetic Monitoring
Amazon CloudWatch supports custom metrics generated by your applications and services that you do not run on AWS. In this way, CloudWatch can be an integrated storage and aggregation point, allowing you to monitor all of the metrics that you collect, and track on a single platform.
There might be more than one way to reach your goal by using the AWS CLI, an API/SDK, or the CloudWatch collectd plugin etc. I'd recommend you take a look at these links for more details: link-1, link-2, link-3, link-4

Cloudwatch monitor for Stl_Load_Errors

We use Kinesis Firehose to load data into a number of Redshift tables. There are monitors available to see successful deliveries. However, there is no monitor for checking if there are any errors in the delivery - the ones that get recorded to stl_load_errors table.
I do have an option to create a lambda that reads the stl_load_errors table and writes to cloudwatch metrics. But, I would like to know if there is any out of the box solution to monitor it.
Check the Firehose Redshift delivery stream metrics in the monitoring tab DeliveryToRedshift Success (Average) .
Also, you can see Monitoring with Amazon CloudWatch Metrics.
Enable error logging if it is not already enabled, and check error logs for delivery failure. Monitoring with Amazon CloudWatch Logs
If I’ve made a bad assumption please comment and I’ll refocus my answer.