Start an investigation in Amazon Q operational investigations from an alarm - Amazon CloudWatch
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Start an investigation in Amazon Q operational investigations from an alarm

You can start an investigation in Amazon Q operational investigations from the current state of a CloudWatch alarm, or from any point in the last two weeks of a CloudWatch alarm's history.

For more information about Amazon Q operational investigations, see Amazon Q Developer operational investigations (Preview).

To start an investigation from a CloudWatch alarm

  1. Open the CloudWatch console at https://console.amazonaws.cn/cloudwatch/.

  2. In the left navigation pane, choose Alarms, All alarms.

  3. Choose the name of the alarm.

  4. Choose the time period in the alarm history that you want to investigate.

  5. Choose Investigate, Start new investigation.

  6. For New investigation title, enter a name for the investigation. Then choose Start investigation.

    The Amazon Q investigations assistant starts. It scans your telemetry data to find data that might be associated with this situation.

  7. In the CloudWatch console's navigation pane, choose Investigations, then choose the name of the investigation that you just started.

    The Findings section displays a natural-language summary of the alarm's status and the reason that it was triggered.

  8. (Optional) In the graph of the alarm, you can right-click and then choose to deep-dive into the alarm or the metric that it watches.

  9. On the right side of the screen, choose the Suggestions tab.

    You see a list of other telemetry that Amazon Q operational investigations has discovered and that might be relevant to the investigation. These findings can include other metrics and CloudWatch Logs Insights query results. Amazon Q operational investigations ran these queries based on the alarm.

    • For each finding, you can choose Add to findings or Discard.

      When you choose Add to findings, the telemetry is added to the Findings section, and Amazon Q operational investigations uses this information to direct it's further scanning and suggestions.

    • For a CloudWatch Logs Insights query result, to change or edit the query and re-run it, you can open the context (right-click) menu for by the results, and then choose Open in Logs Insights. For more information, see Analyzing log data with CloudWatch Logs Insights.

      If you want to run a different query, when you get to the Logs Insights page you can choose to use query assist to be able to use natural language to form a query. For more information, see Use natural language to generate and update CloudWatch Logs Insights queries.

    • (Optional) If you know of telemetry in another Amazon service that might apply to this investigation, you can go to that service's console and add the telemetry to the investigation. For example, to add a Lambda metric to the investigation, you can do the following:

      1. Open the Lambda console.

      2. In the Monitor section, find the metric.

      3. Open the context menu for the metric, choose Investigate, Add to investigation Then, in the Investigate pane, select the name of the investigation.

  10. Amazon Q might also add hypotheses to the list in the Suggestions tab. These hypotheses are generated by the investigation in natural language.

    For each hyypotheses, you can choose Add to findings or Discard.

  11. When you think you have completed the investigation and found the root cause of the issue, you can choose the Overview tab and then choose Investigation summary. Amazon Q investigations then creates a natural-language summary of the important findings and hypotheses from the investigation.