Monitoring with Amazon CloudWatch Logs
Configure AWS IoT SiteWise to log information to CloudWatch Logs to monitor and troubleshoot the service.
When you use the AWS IoT SiteWise console, AWS IoT SiteWise creates a service-linked role that allows the service to log information on your behalf. If you don't use the AWS IoT SiteWise console, you must create a service-linked role manually to receive logs. For more information, see Creating a service-linked role for AWS IoT SiteWise.
You must have a resource policy that allows AWS IoT SiteWise to put log events into CloudWatch streams. To
create and update a resource policy for CloudWatch Logs, run the following command. Replace
logging-policy-name with the name of the policy to create.
aws logs put-resource-policy --policy-namelogging-policy-name--policy-document "{ \"Version\": \"2012-10-17\", \"Statement\": [ { \"Sid\": \"IoTSiteWiseToCloudWatchLogs\", \"Effect\": \"Allow\", \"Principal\": { \"Service\": [ \"iotsitewise.amazonaws.com\" ] }, \"Action\":\"logs:PutLogEvents\", \"Resource\": \"*\" } ] }"
CloudWatch Logs also supports aws:SourceArn and aws:SourceAccount condition context keys. These condition context keys are optional.
To create or update a resource policy that allows AWS IoT SiteWise to only put logs associated with the specified AWS IoT SiteWise resource into CloudWatch streams, run the command and do the following:
-
Replace
logging-policy-namewith the name of the policy to create. -
Replace
source-ARNwith the ARN of your AWS IoT SiteWise resource, such as an asset model or asset. To find the ARN for each AWS IoT SiteWise resource type, see Resource types defined by AWS IoT SiteWise in the Service Authorization Reference. -
Replace
account-IDwith the AWS account ID associated with the specified AWS IoT SiteWise resource.
aws logs put-resource-policy --policy-namelogging-policy-name--policy-document "{ \"Version\": \"2012-10-17\", \"Statement\": [ { \"Sid\": \"IoTSiteWiseToCloudWatchLogs\", \"Effect\": \"Allow\", \"Principal\": { \"Service\": [ \"iotsitewise.amazonaws.com\" ] }, \"Action\":\"logs:PutLogEvents\", \"Resource\": \"*\", \"Condition\":{\"StringLike\":{\"aws:SourceArn\":[\"source-ARN\"],\"aws:SourceAccount\":[\"account-ID\"]}}}]}"
By default, AWS IoT SiteWise doesn't log information to CloudWatch Logs. To activate logging, choose a logging
level other than Disabled (OFF). AWS IoT SiteWise supports the following
logging levels:
-
OFF– Logging is turned off. -
ERROR– Errors are logged. -
INFO– Errors and informational messages are logged.
You can configure SiteWise Edge gateways to log information to CloudWatch Logs through AWS IoT Greengrass. For more information, see Monitoring SiteWise Edge gateway logs.
You can also configure AWS IoT Core to log information to CloudWatch Logs if you are troubleshooting an AWS IoT SiteWise rule action. For more information, see Troubleshooting an AWS IoT SiteWise rule action.
Contents
Managing logging in AWS IoT SiteWise
Use the AWS IoT SiteWise console or AWS CLI for the following logging configuration tasks.
Finding your logging level
Changing your logging level
Use the following procedure to change your logging level in the AWS IoT SiteWise console or using AWS CLI.
Example: AWS IoT SiteWise log file entries
Each AWS IoT SiteWise log entry includes event information and relevant resources for that event, so you can understand and analyze log data.
The following example shows a CloudWatch Logs entry that AWS IoT SiteWise logs when you successfully create an asset model.
{ "eventTime": "2020-05-05T00:10:22.902Z", "logLevel": "INFO", "eventType": "AssetModelCreationSuccess", "message": "Successfully created asset model.", "resources": { "assetModelId": "a1b2c3d4-5678-90ab-cdef-11111EXAMPLE" } }
