Amazon CloudWatch Logs
User Guide

Example: Count occurrences of the word "Error"

Log events frequently include important messages that you want to count, maybe about the success or failure of operations. For example, an error may occur and be recorded to a log file if a given operation fails. You may want to monitor these entries to understand the trend of your errors.

In the example below, a metric filter is created to monitor for the term Error. The policy has been created and added to the log group MyApp/message.log. CloudWatch Logs publishes a data point to the CloudWatch custom metric ErrorCount in the MyApp/message.log namespace with a value of "1" for every event containing Error. If no event contains the word Error, then no data points are published. When graphing this data in the CloudWatch console, be sure to use the sum statistic.

To create a metric filter using the CloudWatch console

  1. Open the CloudWatch console at

  2. If necessary, change the region. From the navigation bar, select the region that meets your needs. For more information, see Regions and Endpoints in the Amazon Web Services General Reference.

  3. In the navigation pane, click Logs.

  4. In the contents pane, select a log group, and then click Create Metric Filter.

  5. On the Define Logs Metric Filter screen, in the Filter Pattern field, enter Error.


    All entries in the Filter Pattern field are case-sensitive.

  6. To test your filter pattern, in the Select Log Data to Test list, select the log group you want to test the metric filter against, and then click Test Pattern.

  7. Under Results, CloudWatch Logs displays a message showing how many occurrences of the filter pattern were found in the log file.


    To see detailed results, click Show test results.

  8. Click Assign Metric, and then on the Create Metric Filter and Assign a Metric screen, in the Filter Name field, enter MyAppErrorCount.

  9. Under Metric Details, in the Metric Namespace field, enter YourNameSpace.

  10. In the Metric Name field, enter ErrorCount, and then click Create Filter.

To create a metric filter using the AWS CLI

  • At a command prompt, type:

    % aws logs put-metric-filter \
      --log-group-name MyApp/message.log \
      --filter-name MyAppErrorCount \
      --filter-pattern 'Error' \
      --metric-transformations \

You can test this new policy by posting events containing the word "Error" in the message.

To post events using the AWS CLI

  • At a command prompt, remove the backslashes (\) and type this all on one line:

    % aws logs put-log-events \
      --log-group-name MyApp/access.log --log-stream-name TestStream1 \
      --log-events \
        timestamp=1394793518000,message="This message contains an Error" \
        timestamp=1394793528000,message="This message also contains an Error"


    Patterns are case-sensitive.