Amazon CloudWatch Logs announces field indexes and enhanced log group selection in Logs Insights
Amazon CloudWatch Logs introduces field indexes and enhanced log group selection to accelerate log analysis. Now, you can index critical log attributes like requestId and transactionId to accelerate query performance and scan relevant indexed data. This means faster troubleshooting, and easier identification of trends. You can create up to 20 field indexes per log group, and once defined, all future logs matching the defined fields will remain indexed for up to 30 days. Additionally, CloudWatch Logs Insights now supports querying up to 10,000 log groups, across one or more accounts linked via cross-account observability.
Customers using field indexes, will benefit from faster query execution times while searching across vast amounts of logs. CloudWatch Logs Insights queries using “filter field = value” syntax will automatically leverage indexes, when available. When combined with enhanced log group selection, customers can now gain faster insights across a much larger set of logs in Logs Insights. Customers can select up to 10,000 log groups via either log group prefix or "All" log groups option. To further optimize query performance and costs, customers can use the new "filterIndex" command to limit queries to indexed data only.
Field indexes are available in all AWS Regions where CloudWatch Logs is available and are included as part of standard log class ingestion at no additional cost.
To get started, define index policy at account level or per log-group level within AWS console, or programmatically via API/CLI. See documentation to learn more about field indexes.