in AWS I have a filter
which checks if the word 'error' appears in the log.
const adminErrorFilter = new logs.MetricFilter(this, 'admin-metric-error-filter', {
logGroup: props!.adminLogGroup,
metricNamespace: 'my-dev-log
metricName: 'admin-error',
filterPattern: logs.FilterPattern.anyTerm("error","Error","ERROR"),
metricValue: "1",
});
Then I set up an alarm for these metrics
const adminErrorAlarm = new cloudwatch.Alarm(this, 'admin-error-alarm', {
alarmName: 'my-alarm',
metric: adminErrorFilter.metric(),
threshold: 1,
evaluationPeriods: 1,
});
However, these metrics only show the data when the error occurs, other than that, it doesn't show anything. So consequently, the alarm status is always Insufficient data not OK.
Is it the correct setting?
`
The error logs will be published to CloudWatch only when something goes wrong in the system. If CloudWatch doesn't receive any error logs, the CloudWatch alarm stays in the Insufficient data state, which is its default behavior.
If you prefer to consider the missing data points as an OK state of the system, you need to instruct the CloudWatch alarm to treat them as such.
To configure this, you can utilize the treatMissingData field to specify how the missing data points should be treated. You can choose any one of the following options: BREACHING, NOT_BREACHING, IGNORE, or MISSING. However, in your case, NOT_BREACHING is the more appropriate choice.
For more information on how to use the treatMissingData field, refer to this page.