AWS announces preview of AWS Interconnect - multicloud

AWS announces AWS Interconnect – multicloud (preview), providing simple, resilient, high-speed private connections to other cloud service providers. AWS Interconnect - multicloud is easy to configure and provides high-speed, resilient connectivity with dedicated bandwidth, enabling customers to interconnect AWS networking services such as AWS Transit Gateway, AWS Cloud WAN, and Amazon VPC to other cloud service providers with ease.

CloudWatch Logs Subscription Filter Pattern to Match Multiple Words in Same Log Message

I’m using AWS CloudWatch Logs subscription filters to trigger a Lambda function based on certain log events. I want to trigger the Lambda only when both the words "fail" and "exception" appear in the same log message. I’ve tried using the filter pattern ?fail ?exception, but it only matches logs that contain one of the words, not both. Can someone explain how to write a CloudWatch Logs subscription filter that will match a log message containing both "fail" and "exception"? Is there a way to ensure that both words must appear in the same log message for the filter to trigger the Lambda function?

Topics: Serverless Management & Governance Compute
Tags: CloudWatch Logs Insights Amazon CloudWatch Logs Amazon CloudWatch Alarms AWS Lambda
Language: English

Tatev

asked a year ago507 views

1 Answer

Newest
Most votes
Most comments

Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.

Accepted Answer

Hello.

I think you can filter logs that include "fail" and "exception" using the filter pattern below.

fail exception

An example can be found in the documentation below.
https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html

EXPERT

Riku_Kobayashi

answered a year ago

EXPERT

Adeleke Adebowale .J.

reviewed 10 months ago

EXPERT

Gary Mclean

reviewed a year ago

Tatev
a year ago
Thanks for the answer. Maybe you know how to make the word case-insensitive?
Riku_Kobayashi EXPERT
a year ago
As of January 2025, I don't think there is a syntax for searching without considering uppercase and lowercase letters in the subscription filter. If you use "?", it becomes an OR condition, but in that case, you will not be able to use an AND condition, so your request will not be met.

If the log is space-delimited, I think you can use a filter pattern like the one below. However, I think that even in this case you need to format it in such a way that it includes all the pattern words to make it case sensitive. For example, it is not possible to distinguish between "Fail", "fail", and "FAIL", so these must be included in the filter pattern.

[(mes="*fail*" && mes="*exception*" || mes="*FAIL*" && mes="*EXCEPTION*")]

Relevant content

CloudWatch log subscription from Lambda doesn't show in the AWS Console UI, if created via CLI
Timothy
asked 3 years ago
Can you attach multiple log groups to the same lambda used for Cloudwatch Log Group to Opensearch subscriptions.
oc
asked 2 years ago
Subscription filter on comma-delimited (CSV) log
asdhksajd
asked 5 years ago
Cloudwatch Subscription Filter does not ingest logs in Kinesis Data Stream
maryem
asked 2 years ago
How do I create, configure, and troubleshoot a subscription filter to Kinesis through the CloudWatch console?
AWS OFFICIALUpdated a year ago
How do I troubleshoot a failed log delivery by a subscription filter in CloudWatch?
AWS OFFICIALUpdated 2 years ago
How can I configure a CloudWatch subscription filter to invoke my Lambda function?
AWS OFFICIALUpdated 3 years ago
How do I retrieve log data from CloudWatch Logs?
AWS OFFICIALUpdated 2 years ago
Capturing your AWS Health events in JSON for reference in creating and testing filters
EXPERT
Andrew_R
published a year ago
How can I send AWS WAF log to both CloudWatch logs and S3?
EXPERT
Lei Pei
published a year ago

CloudWatch Logs Subscription Filter Pattern to Match Multiple Words in Same Log Message

Add your answer

Relevant content