Amazon CloudWatch Logs

2024/10/25 - Amazon CloudWatch Logs - 1 updated api methods

Changes  Adding inferred token name for dynamic tokens in Anomalies.

ListAnomalies (updated) Link ΒΆ
Changes (response)
{'anomalies': {'patternTokens': {'inferredTokenName': 'string'}}}

Returns a list of anomalies that log anomaly detectors have found. For details about the structure format of each anomaly object that is returned, see the example in this section.

See also: AWS API Documentation

Request Syntax

client.list_anomalies(
    anomalyDetectorArn='string',
    suppressionState='SUPPRESSED'|'UNSUPPRESSED',
    limit=123,
    nextToken='string'
)
type anomalyDetectorArn

string

param anomalyDetectorArn

Use this to optionally limit the results to only the anomalies found by a certain anomaly detector.

type suppressionState

string

param suppressionState

You can specify this parameter if you want to the operation to return only anomalies that are currently either suppressed or unsuppressed.

type limit

integer

param limit

The maximum number of items to return. If you don't specify a value, the default maximum value of 50 items is used.

type nextToken

string

param nextToken

The token for the next set of items to return. The token expires after 24 hours.

rtype

dict

returns

Response Syntax

{
    'anomalies': [
        {
            'anomalyId': 'string',
            'patternId': 'string',
            'anomalyDetectorArn': 'string',
            'patternString': 'string',
            'patternRegex': 'string',
            'priority': 'string',
            'firstSeen': 123,
            'lastSeen': 123,
            'description': 'string',
            'active': True|False,
            'state': 'Active'|'Suppressed'|'Baseline',
            'histogram': {
                'string': 123
            },
            'logSamples': [
                {
                    'timestamp': 123,
                    'message': 'string'
                },
            ],
            'patternTokens': [
                {
                    'dynamicTokenPosition': 123,
                    'isDynamic': True|False,
                    'tokenString': 'string',
                    'enumerations': {
                        'string': 123
                    },
                    'inferredTokenName': 'string'
                },
            ],
            'logGroupArnList': [
                'string',
            ],
            'suppressed': True|False,
            'suppressedDate': 123,
            'suppressedUntil': 123,
            'isPatternLevelSuppression': True|False
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • anomalies (list) --

      An array of structures, where each structure contains information about one anomaly that a log anomaly detector has found.

      • (dict) --

        This structure represents one anomaly that has been found by a logs anomaly detector.

        For more information about patterns and anomalies, see CreateLogAnomalyDetector.

        • anomalyId (string) --

          The unique ID that CloudWatch Logs assigned to this anomaly.

        • patternId (string) --

          The ID of the pattern used to help identify this anomaly.

        • anomalyDetectorArn (string) --

          The ARN of the anomaly detector that identified this anomaly.

        • patternString (string) --

          The pattern used to help identify this anomaly, in string format.

        • patternRegex (string) --

          The pattern used to help identify this anomaly, in regular expression format.

        • priority (string) --

          The priority level of this anomaly, as determined by CloudWatch Logs. Priority is computed based on log severity labels such as FATAL and ERROR and the amount of deviation from the baseline. Possible values are HIGH , MEDIUM , and LOW .

        • firstSeen (integer) --

          The date and time when the anomaly detector first saw this anomaly. It is specified as epoch time, which is the number of seconds since January 1, 1970, 00:00:00 UTC .

        • lastSeen (integer) --

          The date and time when the anomaly detector most recently saw this anomaly. It is specified as epoch time, which is the number of seconds since January 1, 1970, 00:00:00 UTC .

        • description (string) --

          A human-readable description of the anomaly. This description is generated by CloudWatch Logs.

        • active (boolean) --

          Specifies whether this anomaly is still ongoing.

        • state (string) --

          Indicates the current state of this anomaly. If it is still being treated as an anomaly, the value is Active . If you have suppressed this anomaly by using the UpdateAnomaly operation, the value is Suppressed . If this behavior is now considered to be normal, the value is Baseline .

        • histogram (dict) --

          A map showing times when the anomaly detector ran, and the number of occurrences of this anomaly that were detected at each of those runs. The times are specified in epoch time, which is the number of seconds since January 1, 1970, 00:00:00 UTC .

          • (string) --

            • (integer) --

        • logSamples (list) --

          An array of sample log event messages that are considered to be part of this anomaly.

          • (dict) --

            This structure contains the information for one sample log event that is associated with an anomaly found by a log anomaly detector.

            • timestamp (integer) --

              The time stamp of the log event.

            • message (string) --

              The message content of the log event.

        • patternTokens (list) --

          An array of structures where each structure contains information about one token that makes up the pattern.

          • (dict) --

            A structure that contains information about one pattern token related to an anomaly.

            For more information about patterns and tokens, see CreateLogAnomalyDetector.

            • dynamicTokenPosition (integer) --

              For a dynamic token, this indicates where in the pattern that this token appears, related to other dynamic tokens. The dynamic token that appears first has a value of 1 , the one that appears second is 2 , and so on.

            • isDynamic (boolean) --

              Specifies whether this is a dynamic token.

            • tokenString (string) --

              The string represented by this token. If this is a dynamic token, the value will be <*>

            • enumerations (dict) --

              Contains the values found for a dynamic token, and the number of times each value was found.

              • (string) --

                • (integer) --

            • inferredTokenName (string) --

              A name that CloudWatch Logs assigned to this dynamic token to make the pattern more readable. The string part of the inferredTokenName gives you a clearer idea of the content of this token. The number part of the inferredTokenName shows where in the pattern this token appears, compared to other dynamic tokens. CloudWatch Logs assigns the string part of the name based on analyzing the content of the log events that contain it.

              For example, an inferred token name of IPAddress-3 means that the token represents an IP address, and this token is the third dynamic token in the pattern.

        • logGroupArnList (list) --

          An array of ARNS of the log groups that contained log events considered to be part of this anomaly.

          • (string) --

        • suppressed (boolean) --

          Indicates whether this anomaly is currently suppressed. To suppress an anomaly, use UpdateAnomaly.

        • suppressedDate (integer) --

          If the anomaly is suppressed, this indicates when it was suppressed.

        • suppressedUntil (integer) --

          If the anomaly is suppressed, this indicates when the suppression will end. If this value is 0 , the anomaly was suppressed with no expiration, with the INFINITE value.

        • isPatternLevelSuppression (boolean) --

          If this anomaly is suppressed, this field is true if the suppression is because the pattern is suppressed. If false , then only this particular anomaly is suppressed.

    • nextToken (string) --

      The token for the next set of items to return. The token expires after 24 hours.