Whether you're taking your first steps with Kubernetes or you're an experienced practitioner looking to sharpen your skills, our Amazon EKS workshop series delivers practical, real-world experience that moves you forward. Learn directly from AWS solutions architects and EKS specialists through hands-on sessions designed to build your confidence with Kubernetes. Register now and start building with Amazon EKS!
How do I troubleshoot an alarm that monitors CloudWatch agent metrics and is in the INSUFFICIENT_DATA state?
I want to troubleshoot an Amazon CloudWatch alarm that monitors CloudWatch agent metrics and is in the INSUFFICIENT_DATA state.
Resolution
Check for configuration mismatches
Complete the following steps:
- Verify the configuration file location:
For Linux, check /opt/aws/amazon-cloudwatch-agent/bi.
For Windows, check C:\Program Files\Amazon\AmazonCloudWatchAgent\amazon-cloudwatch-agent.json. - Verify that metric descriptions, such as metric name and dimensions, match the CloudWatch agent configuration file that the agent uses to publish metrics.
Example mismatch between the CloudWatch agent configuration file and alarm configuration:
{ "metrics": { "namespace": "CWAgent", "metrics_collected": { "cpu": { "measurement": [ "usage_idle" ], "metrics_collection_interval": 60, "totalcpu": false } } } }
Note: In the preceding examples, the metric names don't match.
CloudWatch uses the following configurations for the alarm:
- Metric Name: cpu_utilization
- Dimensions: InstanceId
- Statistic: Average
- Period: 60 seconds
- Threshold: 80%
Check the IAM role's permissions
Check the permissions of the AWS Identity and Access Management (IAM) role that's attached to the Amazon Elastic Compute Cloud (Amazon EC2) instance.
Verify that the IAM role has permission to perform the PutMetricData action. Then, attach the CloudWatchAgentServerPolicy managed policy to the IAM role.
For more information, see Why doesn't the unified CloudWatch agent push my metrics or log events to CloudWatch?
Check the CloudWatch agent's log file
In the CloudWatch agent log file, check for messages that show issues with connectivity, permissions, configuration, or metric collection.
You can find the logs in the following default locations:
For Linux, check /var/log/amazon/amazon-cloudwatch-agent/amazon-cloudwatch-agent.log.
For Windows, check C:\ProgramData\Amazon\AmazonCloudWatchAgent\Logs\amazon-cloudwatch-agent.log.
If you don't find the config file in the default locations, then check the following locations instead:
For Linux, check /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.d/file_config.json.
For Windows, check C:\ProgramData\Amazon\AmazonCloudWatchAgent\Configs\file_config.json.
Check network connectivity
Verify that your Amazon EC2 instance connects to the internet and allows the CloudWatch agent to send data to CloudWatch endpoints. If your EC2 instance doesn't directly connect to the internet, then use Amazon Virtual Private Cloud (Amazon VPC) endpoints.
Then, confirm that the security group that's associated with the Amazon VPC endpoint allows inbound traffic from the instance.
For more information, see Why doesn't the unified CloudWatch agent push my metrics or log events to CloudWatch?
Test metric collection
To manually test the process that collects and publishes metrics, run the put-metric-data command on the instances that run the CloudWatch agent.
Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.
Related information
How do I troubleshoot my CloudWatch alarm in the INSUFFICIENT_DATA state?
How do I troubleshoot missing data points in my Amazon CloudWatch metrics?
- Language
- English
Relevant content
- AWS OFFICIALUpdated 2 years ago
