Table of Contents
Question
A SysOps administrator must analyze Amazon CloudWatch logs across 10 AWS Lambda functions for historical errors. The logs are in JSON format and are stored in Amazon S3. Errors sometimes do not appear in the same field, but all errors begin with the same string prefix. What is the MOST operationally efficient way for the SysOps administrator to analyze the log files?
A. Use S3 Select to write a query to search for errors. Run the query across all log groups of interest.
B. Create an AWS Glue processing job to index the logs of interest. Run a query in Amazon Athena to search for errors.
C. Use Amazon CloudWatch Logs Insights to write a query to search for errors. Run the query across all log groups of interest.
D. Use Amazon CloudWatch Contributor Insights to create a rule. Apply the rule across all log groups of interest.
Answer
C. Use Amazon CloudWatch Logs Insights to write a query to search for errors. Run the query across all log groups of interest.
Explanation
The correct answer is C. Use Amazon CloudWatch Logs Insights to write a query to search for errors. Run the query across all log groups of interest.
Amazon CloudWatch Logs Insights is a service that enables you to analyze and visualize your log data in Amazon CloudWatch Logs. It can help you to troubleshoot issues, optimize performance, and discover insights from your log data. CloudWatch Logs Insights provides a query language that allows you to filter, aggregate, and transform your log data. You can also use various functions and operators to perform calculations, comparisons, and conversions on your log data.
To use CloudWatch Logs Insights, you need to have your log data stored in CloudWatch Logs, which is a service that enables you to monitor and store the log data from your AWS resources, such as Lambda functions. You can create log groups and log streams to organize your log data in CloudWatch Logs. You can also configure your Lambda functions to send their logs to CloudWatch Logs automatically.
To analyze your log data in CloudWatch Logs Insights, you need to write a query that specifies the log groups and the time range that you want to search. You also need to specify the filter criteria and the output fields that you want to display. For example, if you want to search for errors in the logs of 10 Lambda functions, you can write a query like this:
fields @timestamp, @message
| filter @message like /error/
| sort @timestamp desc
| limit 20
This query will select the timestamp and the message fields from the log data, filter out the messages that contain the word “error”, sort them by timestamp in descending order, and display the top 20 results.
This solution is the most operationally efficient one, as it does not require you to move or process your log data in any other service. It also leverages the existing functionality and scalability of CloudWatch Logs and CloudWatch Logs Insights.
The other options are not correct for the following reasons:
A. Use S3 Select to write a query to search for errors. Run the query across all log groups of interest.
This option is not operationally efficient, as it requires you to move your log data from CloudWatch Logs to S3, which can incur additional costs and latency. It also does not leverage the existing functionality and scalability of CloudWatch Logs and CloudWatch Logs Insights.
B. Create an AWS Glue processing job to index the logs of interest. Run a query in Amazon Athena to search for errors.
This option is not operationally efficient, as it requires you to move your log data from CloudWatch Logs to S3, and then use AWS Glue and Amazon Athena to process and query it, which can incur additional costs and complexity. It also does not leverage the existing functionality and scalability of CloudWatch Logs and CloudWatch Logs Insights.
D. Use Amazon CloudWatch Contributor Insights to create a rule. Apply the rule across all log groups of interest.
This option is not correct, as Amazon CloudWatch Contributor Insights is a service that enables you to identify anomalies and outliers in your log data, such as high-frequency or low-frequency contributors. It does not provide a way to search for specific patterns or keywords in your log data, such as errors. It also does not leverage the existing functionality and scalability of CloudWatch Logs and CloudWatch Logs Insights.
Reference
- Analyzing log data with CloudWatch Logs Insights – Amazon CloudWatch Logs
- What is Amazon CloudWatch Logs? – Amazon CloudWatch Logs
Amazon AWS Certified SysOps Administrator – Associate certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified SysOps Administrator – Associate exam and earn Amazon AWS Certified SysOps Administrator – Associate certification.