Use natural language to generate and update CloudWatch Logs Insights queries - Amazon CloudWatch Logs
Example queries Opting out of using your data for service improvement
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Use natural language to generate and update CloudWatch Logs Insights queries

This feature is in preview release in US East (N. Virginia), US West (Oregon), and Asia Pacific (Tokyo) for CloudWatch Logs and is subject to change.

CloudWatch Logs supports a natural language query capability to help you generate and update queries for CloudWatch Logs Insights and CloudWatch Metrics Insights.

With this capability, you can ask questions about or describe the CloudWatch Logs data you're looking for in plain English. The natural language capability generates a query based on a prompt that you enter and provides a line-by-line explanation of how the query works. You can also update your query to further investigate your data.

Depending on your environment, you can enter prompts like "What are the top 100 source IP addresses by bytes transferred?" and "Find the 10 slowest Lambda function requests."

To generate a CloudWatch Logs Insights query with this capability, open the CloudWatch Logs Insights query editor, select the log group you want to query, and choose Generate query.

Important

To use the natural language query capability, you must use the CloudWatchLogsFullAccess, CloudWatchLogsReadOnlyAccess, AdministratorAccess, or ReadOnlyAccess policy.

You can also include the cloudwatch:GenerateQuery action in a new or existing customer managed or inline policy.

Example queries

The examples in this section describe how to generate and update queries using the natural language capability.

Note

For more information on the CloudWatch Logs Insights query editor and syntax, see CloudWatch Logs Insights query syntax.

Example: Generate a natural language query

To generate a query using natural language, enter a prompt and choose Generate new query. This example shows a query that performs a basic search.

Prompt

The following is an example of a prompt that directs the capability to search for the 10 slowest Lambda function invocations. 

Find the 10 slowest requests
Query

The following is an example of a query that the natural language capability generates based on the prompt. Notice how the prompt appears in a comment before the query. After the query, you can read an explanation that describes how the query works. 

# Find the 10 slowest requests
fields @timestamp, @message, @duration 
| sort @duration desc 
| limit 10
# This query retrieves the timestamp, message and duration fields from the logs and sorts them in descending order by duration to find the 10 slowest requests.
Note

To turn off the appearance of your prompt and the explanation of how the query works, use the gear icon in your editor.

Example: Update a natural language query

You can update a query by editing the initial prompt and then choosing Update query.

Updated prompt

The following example shows an updated version of the previous prompt. Instead of a prompt that searches for the 10 slowest Lambda function invocations, this prompt now directs the capability to search for the 20 slowest Lambda function invocations and include another column for additional log events. 

Show top 20 slowest requests instead and display requestId as a column
Updated query

The following is an example of the updated query. Notice how the updated prompt appears in a comment before the updated query. After the query, you can read an explanation that describes how the original query has been updated. 

# Show top 20 slowest requests instead and display requestId as a column
fields @timestamp, @message, @requestId, @duration 
| sort @duration desc 
| limit 20
# This query modifies the original query by replacing the @message field with the @requestId field and changing the limit from 10 to 20 to return the top 20 log events by duration instead of the top 10.

Opting out of using your data for service improvement

The natural language prompt data you provide to train the AI model and generate relevant queries is used solely to provide and maintain your service. This data might be used to improve the quality of CloudWatch Logs Insights. Your trust and privacy, as well as the security of your content, is our highest priority. For more information, see Amazon Service Terms and Amazon responsible AI policy.

You can opt out of having your content used to develop or improve the quality of natural language queries by creating an AI service opt-out policy. To opt-out of data collection for all CloudWatch Logs AI features, including the query generation capability, you must create an opt-out policy for CloudWatch Logs. For more information, see AI services opt-out policies in the Amazon Organizations User Guide.