Monitoring Amazon IoT SiteWise with Amazon CloudWatch Logs - Amazon IoT SiteWise
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Monitoring Amazon IoT SiteWise with Amazon CloudWatch Logs

You can configure Amazon IoT SiteWise to log information to CloudWatch Logs to monitor and troubleshoot the service.

When you use the Amazon IoT SiteWise console, Amazon IoT SiteWise creates a service-linked role that allows the service to log information on your behalf. If you don't use the Amazon IoT SiteWise console, you must create a service-linked role manually to receive logs. For more information, see Creating a service-linked role for Amazon IoT SiteWise.

You must have a resource policy that allows Amazon IoT SiteWise to put log events into CloudWatch streams. To create and update a resource policy for CloudWatch Logs, run the following command. Replace logging-policy-name with the name of the policy to create.

aws logs put-resource-policy --policy-name logging-policy-name --policy-document "{ \"Version\": \"2012-10-17\", \"Statement\": [ { \"Sid\": \"IoTSiteWiseToCloudWatchLogs\", \"Effect\": \"Allow\", \"Principal\": { \"Service\": [ \"iotsitewise.amazonaws.com\" ] }, \"Action\":\"logs:PutLogEvents\", \"Resource\": \"*\" } ] }"

CloudWatch Logs also supports aws:SourceArn and aws:SourceAccount condition context keys. These condition context keys are optional.

To create or update a resource policy that allows Amazon IoT SiteWise to only put logs associated with the specified Amazon IoT SiteWise resource into CloudWatch streams, run the command and do the following:

  • Replace logging-policy-name with the name of the policy to create.

  • Replace source-ARN with the ARN of your Amazon IoT SiteWise resource, such as an asset model or asset. To find the ARN for each Amazon IoT SiteWise resource type, see Resource types defined by Amazon IoT SiteWise in the Service Authorization Reference.

  • Replace account-ID with the Amazon account ID associated with the specified Amazon IoT SiteWise resource.

aws logs put-resource-policy --policy-name logging-policy-name --policy-document "{ \"Version\": \"2012-10-17\", \"Statement\": [ { \"Sid\": \"IoTSiteWiseToCloudWatchLogs\", \"Effect\": \"Allow\", \"Principal\": { \"Service\": [ \"iotsitewise.amazonaws.com\" ] }, \"Action\":\"logs:PutLogEvents\", \"Resource\": \"*\", \"Condition\":{\"StringLike\":{\"aws:SourceArn\":[\"source-ARN\"],\"aws:SourceAccount\":[\"account-ID\"]}}}]}"

By default, Amazon IoT SiteWise doesn't log information to CloudWatch Logs. To enable logging, choose a logging level other than Disabled (OFF). Amazon IoT SiteWise supports the following logging levels:

  • OFF – Logging is disabled.

  • ERROR – Errors are logged.

  • INFO – Errors and informational messages are logged.

You can configure gateways to log information to CloudWatch Logs through Amazon IoT Greengrass. For more information, see Monitoring gateway logs.

You can also configure Amazon IoT Core to log information to CloudWatch Logs if you are troubleshooting an Amazon IoT SiteWise rule action. For more information, see Troubleshooting an Amazon IoT SiteWise rule action.

Managing logging in Amazon IoT SiteWise (console)

You can use the Amazon IoT SiteWise console for the following logging configuration tasks.

Finding your logging level (console)

Use the following procedure to find your current logging level in the Amazon IoT SiteWise console.

To find your current Amazon IoT SiteWise logging level

  1. Navigate to the Amazon IoT SiteWise console.

  2. In the left navigation pane, choose Logging options.

    The current logging status appears under Logging status. If logging is enabled, the current logging level appears under Level of verbosity.

Changing your logging level (console)

Use the following procedure to change your logging level in the Amazon IoT SiteWise console.

To change your Amazon IoT SiteWise logging level

  1. Navigate to the Amazon IoT SiteWise console.

  2. In the left navigation pane, choose Logging options.

  3. Choose Edit.

  4. Choose the Level of verbosity to enable.

  5. Choose Save.

Managing logging in Amazon IoT SiteWise (CLI)

You can use the Amazon Command Line Interface (Amazon CLI) for the following logging configuration tasks.

Finding your logging level (CLI)

Run the following command to find your current Amazon IoT SiteWise logging level with the Amazon CLI.

aws iotsitewise describe-logging-options

The operation returns a response that contains your logging level in the following format.

{ "loggingOptions": { "level": "String" } }

Changing your logging level (CLI)

Run the following Amazon CLI command to change your Amazon IoT SiteWise logging level. Replace logging-level with the logging level you want.

aws iotsitewise put-logging-options --logging-options level=logging-level

Example: Amazon IoT SiteWise log file entries

Each Amazon IoT SiteWise log entry includes event information and relevant resources for that event, so you can easily understand and analyze log data.

The following example shows a CloudWatch Logs entry that Amazon IoT SiteWise logs when you successfully create an asset model.

{ "eventTime": "2020-05-05T00:10:22.902Z", "logLevel": "INFO", "eventType": "AssetModelCreationSuccess", "message": "Successfully created asset model.", "resources": { "assetModelId": "a1b2c3d4-5678-90ab-cdef-11111EXAMPLE" } }