View anomalies that have been found - Amazon CloudWatch Logs
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

View anomalies that have been found

After you create one or more log anomaly detectors, you can use the CloudWatch console to view the anomalies that they have found.

You can view anomalies programmatically. For more information, see ListAnomalies.

To view the anomalies found by all of your log anomaly detectors

  1. Open the CloudWatch console at https://console.amazonaws.cn/cloudwatch/.

  2. Choose Logs, Log Anomalies.

    The Logs anomalies table appears. The number at the top next to Log anomalies displays how many log anomalies are listed in the table. Each row in the table displays the following information:

    • The Anomaly column displays a short summary of the anomaly. These summaries are generated by CloudWatch Logs.

    • The Priority of the anomaly. Priority is automatically computed based on the amount of change in the log events, key words such as Exception occurring in a log event, and more.

    • The Log pattern that the anomaly is based on. For more information about patterns, see Log anomaly detection.

    • Anomaly log trend displays a histogram depicting the volume of logs matching the pattern.

    • Last detection time displays the most recent time that this anomaly was found.

    • First detection time displays the first time that this anomaly was found.

    • Anomaly detector displays the name of the log group containing the log events related to this anomaly. You can choose this name to see the log group details page.

  3. To further inspect one anomaly, choose the radio button in its row.

    The Pattern inspect pane appears and displays the following:

    • The Pattern that this anomaly is based on. Select a token within the pattern to analyze that token's values.

    • A histogram showing the number of occurrences of the anomaly over the queried time range.

    • The Log samples tab displays a few of the log events that are part of the anomaly.

    • The Token Values tab displays the values of the selected dynamic token, if you have selected one.

      Note

      A maximum of 10 token values is captured for each token. Token counts might not be precise. CloudWatch Logs uses a probabilistic counter to generate the token count, not the absolute value.

  4. To suppress an anomaly, choose the radio button in its row and then do the following:

    1. Choose Actions, Suppress Anomaly.

    2. Then specify how long you want the anomaly to be suppressed.

    3. To suppress all anomalies related to this pattern, select Suppress Pattern.

    4. Choose Suppress anomaly.

To view the anomalies found in a single log group

  1. Open the CloudWatch console at https://console.amazonaws.cn/cloudwatch/.

  2. Choose Logs, Log groups.

  3. Choose the name of a log group, and then choose the Anomaly detection tab.

    The Anomaly detection table appears. The number at the top next to Log anomalies displays how many log anomalies are listed in the table. Each row in the table displays the following information:

    • The Anomaly column displays a short summary of the anomaly. These summaries are generated by CloudWatch Logs.

    • The Priority of the anomaly. Priority is automatically computed based on the amount of change in the log events, key words such as Exception occurring in a log event, and more.

    • The Log pattern that the anomaly is based on. For more information about patterns, see Log anomaly detection.

    • Anomaly log trend displays a histogram depicting the volume of logs matching the pattern.

    • Last detection time displays the most recent time that this anomaly was found.

    • First detection time displays the first time that this anomaly was found.

  4. To further inspect one anomaly, choose the radio button in its row.

    The Pattern inspect pane appears and displays the following:

    • The Pattern that this anomaly is based on. Select a token within the pattern to analyze that token's values.

    • A histogram showing the number of occurrences of the anomaly over the queried time range.

    • The Log samples tab displays a few of the log events that are part of the anomaly.

    • The Token Values tab displays the values of the selected dynamic token, if you have selected one.

      Note

      A maximum of 10 token values is captured for each token. Token counts might not be precise. CloudWatch Logs uses a probabilistic counter to generate the token count, not the absolute value.

  5. To suppress an anomaly, choose the radio button in its row and then do the following:

    1. Choose Actions, Suppress Anomaly.

    2. Then specify how long you want the anomaly to be suppressed.

    3. To suppress all anomalies related to this pattern, select Suppress Pattern.

    4. Choose Suppress anomaly.