Create Anomaly Detector

Overview

The following shows you how to setup an Anomaly Detector within CloudWatch.

Instructions

  1. Access the CloudWatch Console: Go to https://console.aws.amazon.com/cloudwatch/.

  2. Navigate to Log Anomalies: Choose Logs > Log Anomalies.

  3. Create the Anomaly Detector:

    • Click Create anomaly detector.

    • Select the log group to be monitored.

    • Enter a name for the anomaly detector.

  4. Optional Configurations:

    • Evaluation Frequency:

      • Adjust from the default (5 minutes) based on how often the log group receives new logs (e.g., set to 15 minutes if logs arrive every 10 minutes).

    • Filter Patterns:

      • Define filter patterns to detect anomalies only in logs with specific words or strings.

      • Test patterns using sample log messages in Test Pattern.

  5. Advanced Configuration (Optional):

    • Anomaly Visibility Period:

      • Set how long anomalies are displayed (default is 21 days).

    • KMS Encryption:

      • Assign an AWS KMS key by entering its ARN to encrypt the anomaly data at rest.

      • Ensure CloudWatch Logs service principal has permissions to use the KMS key.

  6. Enable Anomaly Detection:

    • Click Enable Anomaly Detection to activate the detector.

  7. Training and Activation:

    • The anomaly detector trains for about 15 minutes using recent log events.

    • After training, it begins detecting and displaying anomalies.

Last updated