String policyName
The name of the account policy.
String policyDocument
The policy document for this account policy.
The JSON specified in policyDocument can be up to 30,720 characters.
Long lastUpdatedTime
The date and time that this policy was most recently updated.
String policyType
The type of policy for this account policy.
String scope
The scope of the account policy.
String selectionCriteria
The log group selection criteria for this subscription filter policy.
String accountId
The Amazon Web Services account ID that the policy applies to.
String anomalyId
The unique ID that CloudWatch Logs assigned to this anomaly.
String patternId
The ID of the pattern used to help identify this anomaly.
String anomalyDetectorArn
The ARN of the anomaly detector that identified this anomaly.
String patternString
The pattern used to help identify this anomaly, in string format.
String patternRegex
The pattern used to help identify this anomaly, in regular expression format.
String priority
The priority level of this anomaly, as determined by CloudWatch Logs. Priority is computed based on log severity
labels such as FATAL and ERROR and the amount of deviation from the baseline. Possible
values are HIGH, MEDIUM, and LOW.
Long firstSeen
The date and time when the anomaly detector first saw this anomaly. It is specified as epoch time, which is the
number of seconds since January 1, 1970, 00:00:00 UTC.
Long lastSeen
The date and time when the anomaly detector most recently saw this anomaly. It is specified as epoch time, which
is the number of seconds since January 1, 1970, 00:00:00 UTC.
String description
A human-readable description of the anomaly. This description is generated by CloudWatch Logs.
Boolean active
Specifies whether this anomaly is still ongoing.
String state
Indicates the current state of this anomaly. If it is still being treated as an anomaly, the value is
Active. If you have suppressed this anomaly by using the UpdateAnomaly operation, the value is Suppressed. If this behavior is now considered to be
normal, the value is Baseline.
SdkInternalMap<K,V> histogram
A map showing times when the anomaly detector ran, and the number of occurrences of this anomaly that were
detected at each of those runs. The times are specified in epoch time, which is the number of seconds since
January 1, 1970, 00:00:00 UTC.
SdkInternalList<T> logSamples
An array of sample log event messages that are considered to be part of this anomaly.
SdkInternalList<T> patternTokens
An array of structures where each structure contains information about one token that makes up the pattern.
SdkInternalList<T> logGroupArnList
An array of ARNS of the log groups that contained log events considered to be part of this anomaly.
Boolean suppressed
Indicates whether this anomaly is currently suppressed. To suppress an anomaly, use UpdateAnomaly.
Long suppressedDate
If the anomaly is suppressed, this indicates when it was suppressed.
Long suppressedUntil
If the anomaly is suppressed, this indicates when the suppression will end. If this value is 0, the
anomaly was suppressed with no expiration, with the INFINITE value.
Boolean isPatternLevelSuppression
If this anomaly is suppressed, this field is true if the suppression is because the pattern is
suppressed. If false, then only this particular anomaly is suppressed.
String anomalyDetectorArn
The ARN of the anomaly detector.
String detectorName
The name of the anomaly detector.
SdkInternalList<T> logGroupArnList
A list of the ARNs of the log groups that this anomaly detector watches.
String evaluationFrequency
Specifies how often the anomaly detector runs and look for anomalies.
String filterPattern
String anomalyDetectorStatus
Specifies the current status of the anomaly detector. To pause an anomaly detector, use the enabled
parameter in the UpdateLogAnomalyDetector operation.
String kmsKeyId
The ID of the KMS key assigned to this anomaly detector, if any.
Long creationTimeStamp
The date and time when this anomaly detector was created.
Long lastModifiedTimeStamp
The date and time when this anomaly detector was most recently modified.
Long anomalyVisibilityTime
The number of days used as the life cycle of anomalies. After this time, anomalies are automatically baselined and the anomaly detector model will treat new occurrences of similar event as normal.
String logGroupName
The name of the log group.
In your AssociateKmsKey operation, you must specify either the resourceIdentifier
parameter or the logGroup parameter, but you can't specify both.
String kmsKeyId
The Amazon Resource Name (ARN) of the KMS key to use when encrypting log data. This must be a symmetric KMS key. For more information, see Amazon Resource Names and Using Symmetric and Asymmetric Keys.
String resourceIdentifier
Specifies the target for this operation. You must specify one of the following:
Specify the following ARN to have future GetQueryResults operations in this account encrypt the results with the specified KMS key. Replace REGION and ACCOUNT_ID with your Region and account ID.
arn:aws:logs:REGION:ACCOUNT_ID:query-result:*
Specify the ARN of a log group to have CloudWatch Logs use the KMS key to encrypt log events that are ingested and stored by that log group. The log group ARN must be in the following format. Replace REGION and ACCOUNT_ID with your Region and account ID.
arn:aws:logs:REGION:ACCOUNT_ID:log-group:LOG_GROUP_NAME
In your AssociateKmsKey operation, you must specify either the resourceIdentifier
parameter or the logGroup parameter, but you can't specify both.
String taskId
The ID of the export task.
String deliverySourceName
The name of the delivery source to use for this delivery.
String deliveryDestinationArn
The ARN of the delivery destination to use for this delivery.
SdkInternalMap<K,V> tags
An optional list of key-value pairs to associate with the resource.
For more information about tagging, see Tagging Amazon Web Services resources
Delivery delivery
A structure that contains information about the delivery that you just created.
String taskName
The name of the export task.
String logGroupName
The name of the log group.
String logStreamNamePrefix
Export only log streams that match the provided prefix. If you don't specify a value, no prefix filter is applied.
Long from
The start time of the range for the request, expressed as the number of milliseconds after
Jan 1, 1970 00:00:00 UTC. Events with a timestamp earlier than this time are not exported.
Long to
The end time of the range for the request, expressed as the number of milliseconds after
Jan 1, 1970 00:00:00 UTC. Events with a timestamp later than this time are not exported.
You must specify a time that is not earlier than when this log group was created.
String destination
The name of S3 bucket for the exported log data. The bucket must be in the same Amazon Web Services Region.
String destinationPrefix
The prefix used as the start of the key for every object exported. If you don't specify a value, the default is
exportedlogs.
String taskId
The ID of the export task.
SdkInternalList<T> logGroupArnList
An array containing the ARN of the log group that this anomaly detector will watch. You can specify only one log group ARN.
String detectorName
A name for this anomaly detector.
String evaluationFrequency
Specifies how often the anomaly detector is to run and look for anomalies. Set this value according to the
frequency that the log group receives new logs. For example, if the log group receives new log events every 10
minutes, then 15 minutes might be a good setting for evaluationFrequency .
String filterPattern
You can use this parameter to limit the anomaly detection model to examine only log events that match the pattern you specify here. For more information, see Filter and Pattern Syntax.
String kmsKeyId
Optionally assigns a KMS key to secure this anomaly detector and its findings. If a key is assigned, the anomalies found and the model used by this detector are encrypted at rest with the key. If a key is assigned to an anomaly detector, a user must have permissions for both this key and for the anomaly detector to retrieve information about the anomalies that it finds.
For more information about using a KMS key and to see the required IAM policy, see Use a KMS key with an anomaly detector.
Long anomalyVisibilityTime
The number of days to have visibility on an anomaly. After this time period has elapsed for an anomaly, it will
be automatically baselined and the anomaly detector will treat new occurrences of a similar anomaly as normal.
Therefore, if you do not correct the cause of an anomaly during the time period specified in
anomalyVisibilityTime, it will be considered normal going forward and will not be detected as an
anomaly.
SdkInternalMap<K,V> tags
An optional list of key-value pairs to associate with the resource.
For more information about tagging, see Tagging Amazon Web Services resources
String anomalyDetectorArn
The ARN of the log anomaly detector that you just created.
String logGroupName
A name for the log group.
String kmsKeyId
The Amazon Resource Name (ARN) of the KMS key to use when encrypting log data. For more information, see Amazon Resource Names.
SdkInternalMap<K,V> tags
The key-value pairs to use for the tags.
You can grant users access to certain log groups while preventing them from accessing other log groups. To do so,
tag your groups and use IAM policies that refer to those tags. To assign tags when you create a log group, you
must have either the logs:TagResource or logs:TagLogGroup permission. For more
information about tagging, see Tagging
Amazon Web Services resources. For more information about using tags to control access, see Controlling access to Amazon Web
Services resources using tags.
String logGroupClass
Use this parameter to specify the log group class for this log group. There are two classes:
The Standard log class supports all CloudWatch Logs features.
The Infrequent Access log class supports a subset of CloudWatch Logs features and incurs lower
costs.
If you omit this parameter, the default of STANDARD is used.
The value of logGroupClass can't be changed after a log group is created.
For details about the features supported by each class, see Log classes
String expectedSequenceToken
String logGroupIdentifier
The name or ARN of the log group that you want to delete the data protection policy for.
String deliveryDestinationName
The name of the delivery destination that you want to delete the policy for.
String name
The name of the delivery destination that you want to delete. You can find a list of delivery destionation names by using the DescribeDeliveryDestinations operation.
String id
The unique ID of the delivery to delete. You can find the ID of a delivery with the DescribeDeliveries operation.
String name
The name of the delivery source that you want to delete.
String destinationName
The name of the destination.
String anomalyDetectorArn
The ARN of the anomaly detector to delete. You can find the ARNs of log anomaly detectors in your account by using the ListLogAnomalyDetectors operation.
String logGroupName
The name of the log group.
String queryDefinitionId
The ID of the query definition that you want to delete. You can use DescribeQueryDefinitions to retrieve the IDs of your saved query definitions.
Boolean success
A value of TRUE indicates that the operation succeeded. FALSE indicates that the operation failed.
String policyName
The name of the policy to be revoked. This parameter is required.
String logGroupName
The name of the log group.
String id
The unique ID that identifies this delivery in your account.
String arn
The Amazon Resource Name (ARN) that uniquely identifies this delivery.
String deliverySourceName
The name of the delivery source that is associated with this delivery.
String deliveryDestinationArn
The ARN of the delivery destination that is associated with this delivery.
String deliveryDestinationType
Displays whether the delivery destination associated with this delivery is CloudWatch Logs, Amazon S3, or Kinesis Data Firehose.
SdkInternalMap<K,V> tags
The tags that have been assigned to this delivery.
String name
The name of this delivery destination.
String arn
The Amazon Resource Name (ARN) that uniquely identifies this delivery destination.
String deliveryDestinationType
Displays whether this delivery destination is CloudWatch Logs, Amazon S3, or Kinesis Data Firehose.
String outputFormat
The format of the logs that are sent to this delivery destination.
DeliveryDestinationConfiguration deliveryDestinationConfiguration
A structure that contains the ARN of the Amazon Web Services resource that will receive the logs.
SdkInternalMap<K,V> tags
The tags that have been assigned to this delivery destination.
String destinationResourceArn
The ARN of the Amazon Web Services destination that this delivery destination represents. That Amazon Web Services destination can be a log group in CloudWatch Logs, an Amazon S3 bucket, or a delivery stream in Kinesis Data Firehose.
String name
The unique name of the delivery source.
String arn
The Amazon Resource Name (ARN) that uniquely identifies this delivery source.
SdkInternalList<T> resourceArns
This array contains the ARN of the Amazon Web Services resource that sends logs and is represented by this delivery source. Currently, only one ARN can be in the array.
String service
The Amazon Web Services service that is sending logs.
String logType
The type of log that the source is sending. For valid values for this parameter, see the documentation for the source service.
SdkInternalMap<K,V> tags
The tags that have been assigned to this delivery source.
String policyType
Use this parameter to limit the returned policies to only the policies that match the policy type that you specify.
String policyName
Use this parameter to limit the returned policies to only the policy with the name that you specify.
SdkInternalList<T> accountIdentifiers
If you are using an account that is set up as a monitoring account for CloudWatch unified cross-account observability, you can use this to specify the account ID of a source account. If you do, the operation returns the account policy for the specified account. Currently, you can specify only one account ID in this parameter.
If you omit this parameter, only the policy in the current account is returned.
SdkInternalList<T> accountPolicies
An array of structures that contain information about the CloudWatch Logs account policies that match the specified filters.
SdkInternalList<T> deliveries
An array of structures. Each structure contains information about one delivery in the account.
String nextToken
SdkInternalList<T> deliveryDestinations
An array of structures. Each structure contains information about one delivery destination in the account.
String nextToken
SdkInternalList<T> deliverySources
An array of structures. Each structure contains information about one delivery source in the account.
String nextToken
String destinationNamePrefix
The prefix to match. If you don't specify a value, no prefix filter is applied.
String nextToken
The token for the next set of items to return. (You received this token from a previous call.)
Integer limit
The maximum number of items returned. If you don't specify a value, the default maximum value of 50 items is used.
SdkInternalList<T> destinations
The destinations.
String nextToken
String taskId
The ID of the export task. Specifying a task ID filters the results to one or zero export tasks.
String statusCode
The status code of the export task. Specifying a status code filters the results to zero or more export tasks.
String nextToken
The token for the next set of items to return. (You received this token from a previous call.)
Integer limit
The maximum number of items returned. If you don't specify a value, the default is up to 50 items.
SdkInternalList<T> exportTasks
The export tasks.
String nextToken
SdkInternalList<T> accountIdentifiers
When includeLinkedAccounts is set to True, use this parameter to specify the list of
accounts to search. You can specify as many as 20 account IDs in the array.
String logGroupNamePrefix
The prefix to match.
logGroupNamePrefix and logGroupNamePattern are mutually exclusive. Only one of these
parameters can be passed.
String logGroupNamePattern
If you specify a string for this parameter, the operation returns only log groups that have names that match the
string based on a case-sensitive substring search. For example, if you specify Foo, log groups named
FooBar, aws/Foo, and GroupFoo would match, but foo,
F/o/o and Froo would not match.
If you specify logGroupNamePattern in your request, then only arn,
creationTime, and logGroupName are included in the response.
logGroupNamePattern and logGroupNamePrefix are mutually exclusive. Only one of these
parameters can be passed.
String nextToken
The token for the next set of items to return. (You received this token from a previous call.)
Integer limit
The maximum number of items returned. If you don't specify a value, the default is up to 50 items.
Boolean includeLinkedAccounts
If you are using a monitoring account, set this to True to have the operation return log groups in
the accounts listed in accountIdentifiers.
If this parameter is set to true and accountIdentifiers contains a null value, the
operation returns all log groups in the monitoring account and all log groups in all source accounts that are
linked to the monitoring account.
String logGroupClass
Specifies the log group class for this log group. There are two classes:
The Standard log class supports all CloudWatch Logs features.
The Infrequent Access log class supports a subset of CloudWatch Logs features and incurs lower
costs.
For details about the features supported by each class, see Log classes
SdkInternalList<T> logGroups
The log groups.
If the retentionInDays value is not included for a log group, then that log group's events do not
expire.
String nextToken
String logGroupName
The name of the log group.
You must include either logGroupIdentifier or logGroupName, but not both.
String logGroupIdentifier
Specify either the name or ARN of the log group to view. If the log group is in a source account and you are using a monitoring account, you must use the log group ARN.
You must include either logGroupIdentifier or logGroupName, but not both.
String logStreamNamePrefix
The prefix to match.
If orderBy is LastEventTime, you cannot specify this parameter.
String orderBy
If the value is LogStreamName, the results are ordered by log stream name. If the value is
LastEventTime, the results are ordered by the event time. The default value is
LogStreamName.
If you order the results by event time, you cannot specify the logStreamNamePrefix parameter.
lastEventTimestamp represents the time of the most recent log event in the log stream in CloudWatch
Logs. This number is expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.
lastEventTimestamp updates on an eventual consistency basis. It typically updates in less than an
hour from ingestion, but in rare situations might take longer.
Boolean descending
If the value is true, results are returned in descending order. If the value is to false, results are returned in ascending order. The default value is false.
String nextToken
The token for the next set of items to return. (You received this token from a previous call.)
Integer limit
The maximum number of items returned. If you don't specify a value, the default is up to 50 items.
SdkInternalList<T> logStreams
The log streams.
String nextToken
String logGroupName
The name of the log group.
String filterNamePrefix
The prefix to match. CloudWatch Logs uses the value that you set here only if you also include the
logGroupName parameter in your request.
String nextToken
The token for the next set of items to return. (You received this token from a previous call.)
Integer limit
The maximum number of items returned. If you don't specify a value, the default is up to 50 items.
String metricName
Filters results to include only those with the specified metric name. If you include this parameter in your
request, you must also include the metricNamespace parameter.
String metricNamespace
Filters results to include only those in the specified namespace. If you include this parameter in your request,
you must also include the metricName parameter.
SdkInternalList<T> metricFilters
The metric filters.
String nextToken
String logGroupName
Limits the returned queries to only those for the specified log group.
String status
Limits the returned queries to only those that have the specified status. Valid values are Cancelled, Complete, Failed, Running, and Scheduled.
Integer maxResults
Limits the number of returned queries to the specified number.
String nextToken
SdkInternalList<T> queries
The list of queries that match the request.
String nextToken
String queryDefinitionNamePrefix
Use this parameter to filter your results to only the query definitions that have names that start with the prefix you specify.
Integer maxResults
Limits the number of returned query definitions to the specified number.
String nextToken
SdkInternalList<T> queryDefinitions
The list of query definitions that match your request.
String nextToken
SdkInternalList<T> resourcePolicies
The resource policies that exist in this account.
String nextToken
String logGroupName
The name of the log group.
String filterNamePrefix
The prefix to match. If you don't specify a value, no prefix filter is applied.
String nextToken
The token for the next set of items to return. (You received this token from a previous call.)
Integer limit
The maximum number of items returned. If you don't specify a value, the default is up to 50 items.
SdkInternalList<T> subscriptionFilters
The subscription filters.
String nextToken
String destinationName
The name of the destination.
String targetArn
The Amazon Resource Name (ARN) of the physical target where the log events are delivered (for example, a Kinesis stream).
String roleArn
A role for impersonation, used when delivering log events to the target.
String accessPolicy
An IAM policy document that governs which Amazon Web Services accounts can create subscription filters against this destination.
String arn
The ARN of this destination.
Long creationTime
The creation time of the destination, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.
String logGroupName
The name of the log group.
In your DisassociateKmsKey operation, you must specify either the resourceIdentifier
parameter or the logGroup parameter, but you can't specify both.
String resourceIdentifier
Specifies the target for this operation. You must specify one of the following:
Specify the ARN of a log group to stop having CloudWatch Logs use the KMS key to encrypt log events that are ingested and stored by that log group. After you run this operation, CloudWatch Logs encrypts ingested log events with the default CloudWatch Logs method. The log group ARN must be in the following format. Replace REGION and ACCOUNT_ID with your Region and account ID.
arn:aws:logs:REGION:ACCOUNT_ID:log-group:LOG_GROUP_NAME
Specify the following ARN to stop using this key to encrypt the results of future StartQuery operations in this account. Replace REGION and ACCOUNT_ID with your Region and account ID.
arn:aws:logs:REGION:ACCOUNT_ID:query-result:*
In your DisssociateKmsKey operation, you must specify either the resourceIdentifier
parameter or the logGroup parameter, but you can't specify both.
String taskId
The ID of the export task.
String taskName
The name of the export task.
String logGroupName
The name of the log group from which logs data was exported.
Long from
The start time, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC. Events with
a timestamp before this time are not exported.
Long to
The end time, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC. Events with a
timestamp later than this time are not exported.
String destination
The name of the S3 bucket to which the log data was exported.
String destinationPrefix
The prefix that was used as the start of Amazon S3 key for every object exported.
ExportTaskStatus status
The status of the export task.
ExportTaskExecutionInfo executionInfo
Execution information about the export task.
String logStreamName
The name of the log stream to which this event belongs.
Long timestamp
The time the event occurred, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.
String message
The data contained in the log event.
Long ingestionTime
The time the event was ingested, expressed as the number of milliseconds after
Jan 1, 1970 00:00:00 UTC.
String eventId
The ID of the event.
String logGroupName
The name of the log group to search.
You must include either logGroupIdentifier or logGroupName, but not both.
String logGroupIdentifier
Specify either the name or ARN of the log group to view log events from. If the log group is in a source account and you are using a monitoring account, you must use the log group ARN.
You must include either logGroupIdentifier or logGroupName, but not both.
SdkInternalList<T> logStreamNames
Filters the results to only logs from the log streams in this list.
If you specify a value for both logStreamNamePrefix and logStreamNames, the action
returns an InvalidParameterException error.
String logStreamNamePrefix
Filters the results to include only events from log streams that have names starting with this prefix.
If you specify a value for both logStreamNamePrefix and logStreamNames, but the value
for logStreamNamePrefix does not match any log stream names specified in logStreamNames
, the action returns an InvalidParameterException error.
Long startTime
The start of the time range, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.
Events with a timestamp before this time are not returned.
Long endTime
The end of the time range, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.
Events with a timestamp later than this time are not returned.
String filterPattern
The filter pattern to use. For more information, see Filter and Pattern Syntax.
If not provided, all the events are matched.
String nextToken
The token for the next set of events to return. (You received this token from a previous call.)
Integer limit
The maximum number of events to return. The default is 10,000 events.
Boolean interleaved
If the value is true, the operation attempts to provide responses that contain events from multiple log streams within the log group, interleaved in a single response. If the value is false, all the matched log events in the first log stream are searched first, then those in the next log stream, and so on.
Important As of June 17, 2019, this parameter is ignored and the value is assumed to be true. The response from this operation always interleaves events from multiple log streams within a log group.
Boolean unmask
Specify true to display the log event fields with all sensitive data unmasked and visible. The
default is false.
To use this operation with this parameter, you must be signed into an account with the logs:Unmask
permission.
SdkInternalList<T> events
The matched events.
SdkInternalList<T> searchedLogStreams
Important As of May 15, 2020, this parameter is no longer supported. This parameter returns an empty list.
Indicates which log streams have been searched and whether each has been searched completely.
String nextToken
The token to use when requesting the next set of items. The token expires after 24 hours.
String logGroupIdentifier
The name or ARN of the log group that contains the data protection policy that you want to see.
String deliveryDestinationName
The name of the delivery destination that you want to retrieve the policy of.
Policy policy
The IAM policy for this delivery destination.
String name
The name of the delivery destination that you want to retrieve.
DeliveryDestination deliveryDestination
A structure containing information about the delivery destination.
String id
The ID of the delivery that you want to retrieve.
Delivery delivery
A structure that contains information about the delivery.
String name
The name of the delivery source that you want to retrieve.
DeliverySource deliverySource
A structure containing information about the delivery source.
String anomalyDetectorArn
The ARN of the anomaly detector to retrieve information about. You can find the ARNs of log anomaly detectors in your account by using the ListLogAnomalyDetectors operation.
String detectorName
The name of the log anomaly detector
SdkInternalList<T> logGroupArnList
An array of structures, where each structure contains the ARN of a log group associated with this anomaly detector.
String evaluationFrequency
Specifies how often the anomaly detector runs and look for anomalies. Set this value according to the frequency
that the log group receives new logs. For example, if the log group receives new log events every 10 minutes,
then setting evaluationFrequency to FIFTEEN_MIN might be appropriate.
String filterPattern
String anomalyDetectorStatus
Specifies whether the anomaly detector is currently active. To change its status, use the enabled
parameter in the UpdateLogAnomalyDetector operation.
String kmsKeyId
The ID of the KMS key assigned to this anomaly detector, if any.
Long creationTimeStamp
The date and time when this anomaly detector was created.
Long lastModifiedTimeStamp
The date and time when this anomaly detector was most recently modified.
Long anomalyVisibilityTime
The number of days used as the life cycle of anomalies. After this time, anomalies are automatically baselined and the anomaly detector model will treat new occurrences of similar event as normal.
String logGroupName
The name of the log group.
You must include either logGroupIdentifier or logGroupName, but not both.
String logGroupIdentifier
Specify either the name or ARN of the log group to view events from. If the log group is in a source account and you are using a monitoring account, you must use the log group ARN.
You must include either logGroupIdentifier or logGroupName, but not both.
String logStreamName
The name of the log stream.
Long startTime
The start of the time range, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.
Events with a timestamp equal to this time or later than this time are included. Events with a timestamp earlier
than this time are not included.
Long endTime
The end of the time range, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.
Events with a timestamp equal to or later than this time are not included.
String nextToken
The token for the next set of items to return. (You received this token from a previous call.)
Integer limit
The maximum number of log events returned. If you don't specify a limit, the default is as many log events as can fit in a response size of 1 MB (up to 10,000 log events).
Boolean startFromHead
If the value is true, the earliest log events are returned first. If the value is false, the latest log events are returned first. The default value is false.
If you are using a previous nextForwardToken value as the nextToken in this operation,
you must specify true for startFromHead.
Boolean unmask
Specify true to display the log event fields with all sensitive data unmasked and visible. The
default is false.
To use this operation with this parameter, you must be signed into an account with the logs:Unmask
permission.
SdkInternalList<T> events
The events.
String nextForwardToken
The token for the next set of items in the forward direction. The token expires after 24 hours. If you have reached the end of the stream, it returns the same token you passed in.
String nextBackwardToken
The token for the next set of items in the backward direction. The token expires after 24 hours. This token is not null. If you have reached the end of the stream, it returns the same token you passed in.
String logGroupName
The name of the log group to search.
You must include either logGroupIdentifier or logGroupName, but not both.
Long time
The time to set as the center of the query. If you specify time, the 8 minutes before and 8 minutes
after this time are searched. If you omit time, the most recent 15 minutes up to the current time
are searched.
The time value is specified as epoch time, which is the number of seconds since
January 1, 1970, 00:00:00 UTC.
String logGroupIdentifier
Specify either the name or ARN of the log group to view. If the log group is in a source account and you are using a monitoring account, you must specify the ARN.
You must include either logGroupIdentifier or logGroupName, but not both.
SdkInternalList<T> logGroupFields
The array of fields found in the query. Each object in the array contains the name of the field, along with the percentage of time it appeared in the log events that were queried.
String logRecordPointer
The pointer corresponding to the log event record you want to retrieve. You get this from the response of a
GetQueryResults operation. In that response, the value of the @ptr field for a log
event is the value to use as logRecordPointer to retrieve that complete log event record.
Boolean unmask
Specify true to display the log event fields with all sensitive data unmasked and visible. The
default is false.
To use this operation with this parameter, you must be signed into an account with the logs:Unmask
permission.
SdkInternalMap<K,V> logRecord
The requested log event, as a JSON string.
String queryId
The ID number of the query.
SdkInternalList<T> results
The log events that matched the query criteria during the most recent time it ran.
The results value is an array of arrays. Each log event is one object in the top-level array. Each
of these log event objects is an array of field/value pairs.
QueryStatistics statistics
Includes the number of log events scanned by the query, the number of log events that matched the query criteria, and the total number of bytes in the scanned log events. These values reflect the full raw results of the query.
String status
The status of the most recent running of the query. Possible values are Cancelled,
Complete, Failed, Running, Scheduled, Timeout,
and Unknown.
Queries time out after 60 minutes of runtime. To avoid having your queries time out, reduce the time range being searched or partition your query into a number of queries.
String encryptionKey
If you associated an KMS key with the CloudWatch Logs Insights query results in this account, this field displays the ARN of the key that's used to encrypt the query results when StartQuery stores them.
String expectedSequenceToken
String anomalyDetectorArn
Use this to optionally limit the results to only the anomalies found by a certain anomaly detector.
String suppressionState
You can specify this parameter if you want to the operation to return only anomalies that are currently either suppressed or unsuppressed.
Integer limit
The maximum number of items to return. If you don't specify a value, the default maximum value of 50 items is used.
String nextToken
SdkInternalList<T> anomalies
An array of structures, where each structure contains information about one anomaly that a log anomaly detector has found.
String nextToken
String filterLogGroupArn
Use this to optionally filter the results to only include anomaly detectors that are associated with the specified log group.
Integer limit
The maximum number of items to return. If you don't specify a value, the default maximum value of 50 items is used.
String nextToken
SdkInternalList<T> anomalyDetectors
An array of structures, where each structure in the array contains information about one anomaly detector.
String nextToken
String resourceArn
The ARN of the resource that you want to view tags for.
The ARN format of a log group is
arn:aws:logs:Region:account-id:log-group:log-group-name
The ARN format of a destination is
arn:aws:logs:Region:account-id:destination:destination-name
For more information about ARN format, see CloudWatch Logs resources and operations.
SdkInternalMap<K,V> tags
The list of tags associated with the requested resource.>
String logGroupName
The name of the log group.
SdkInternalMap<K,V> tags
The tags for the log group.
String logGroupName
The name of the log group.
Long creationTime
The creation time of the log group, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.
Integer retentionInDays
Integer metricFilterCount
The number of metric filters.
String arn
The Amazon Resource Name (ARN) of the log group. This version of the ARN includes a trailing :*
after the log group name.
Use this version to refer to the ARN in IAM policies when specifying permissions for most API actions. The
exception is when specifying permissions for TagResource,
UntagResource, and ListTagsForResource. The permissions for those three actions require the ARN version that doesn't include a
trailing :*.
Long storedBytes
The number of bytes stored.
String kmsKeyId
The Amazon Resource Name (ARN) of the KMS key to use when encrypting log data.
String dataProtectionStatus
Displays whether this log group has a protection policy, or whether it had one in the past. For more information, see PutDataProtectionPolicy.
SdkInternalList<T> inheritedProperties
Displays all the properties that this log group has inherited from account-level settings.
String logGroupClass
This specifies the log group class for this log group. There are two classes:
The Standard log class supports all CloudWatch Logs features.
The Infrequent Access log class supports a subset of CloudWatch Logs features and incurs lower
costs.
For details about the features supported by each class, see Log classes
String logGroupArn
The Amazon Resource Name (ARN) of the log group. This version of the ARN doesn't include a trailing
:* after the log group name.
Use this version to refer to the ARN in the following situations:
In the logGroupIdentifier input field in many CloudWatch Logs APIs.
In the resourceArn field in tagging APIs
In IAM policies, when specifying permissions for TagResource, UntagResource, and ListTagsForResource.
String logStreamName
The name of the log stream.
Long creationTime
The creation time of the stream, expressed as the number of milliseconds after
Jan 1, 1970 00:00:00 UTC.
Long firstEventTimestamp
The time of the first event, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.
Long lastEventTimestamp
The time of the most recent log event in the log stream in CloudWatch Logs. This number is expressed as the
number of milliseconds after Jan 1, 1970 00:00:00 UTC. The lastEventTime value updates
on an eventual consistency basis. It typically updates in less than an hour from ingestion, but in rare
situations might take longer.
Long lastIngestionTime
The ingestion time, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC The
lastIngestionTime value updates on an eventual consistency basis. It typically updates in less than
an hour after ingestion, but in rare situations might take longer.
String uploadSequenceToken
The sequence token.
The sequence token is now ignored in PutLogEvents actions. PutLogEvents actions are
always accepted regardless of receiving an invalid sequence token. You don't need to obtain
uploadSequenceToken to use a PutLogEvents action.
String arn
The Amazon Resource Name (ARN) of the log stream.
Long storedBytes
The number of bytes stored.
Important: As of June 17, 2019, this parameter is no longer supported for log streams, and is always
reported as zero. This change applies only to log streams. The storedBytes parameter for log groups
is not affected.
QueryCompileError queryCompileError
String filterName
The name of the metric filter.
String filterPattern
SdkInternalList<T> metricTransformations
The metric transformations.
Long creationTime
The creation time of the metric filter, expressed as the number of milliseconds after
Jan 1, 1970 00:00:00 UTC.
String logGroupName
The name of the log group.
Long eventNumber
The event number.
String eventMessage
The raw event data.
SdkInternalMap<K,V> extractedValues
The values extracted from the event data by the filter.
String metricName
The name of the CloudWatch metric.
String metricNamespace
A custom namespace to contain your metric in CloudWatch. Use namespaces to group together metrics that are similar. For more information, see Namespaces.
String metricValue
The value to publish to the CloudWatch metric when a filter pattern matches a log event.
Double defaultValue
(Optional) The value to emit when a filter pattern does not match a log event. This value can be null.
SdkInternalMap<K,V> dimensions
The fields to use as dimensions for the metric. One metric filter can include as many as three dimensions.
Metrics extracted from log events are charged as custom metrics. To prevent unexpected high charges, do not
specify high-cardinality fields such as IPAddress or requestID as dimensions. Each
different value found for a dimension is treated as a separate metric and accrues charges as a separate custom
metric.
CloudWatch Logs disables a metric filter if it generates 1000 different name/value pairs for your specified dimensions within a certain amount of time. This helps to prevent accidental high charges.
You can also set up a billing alarm to alert you if your charges are higher than expected. For more information, see Creating a Billing Alarm to Monitor Your Estimated Amazon Web Services Charges.
String unit
The unit to assign to the metric. If you omit this, the unit is set as None.
Long timestamp
The time the event occurred, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.
String message
The data contained in the log event.
Long ingestionTime
The time the event was ingested, expressed as the number of milliseconds after
Jan 1, 1970 00:00:00 UTC.
Integer dynamicTokenPosition
For a dynamic token, this indicates where in the pattern that this token appears, related to other dynamic
tokens. The dynamic token that appears first has a value of 1, the one that appears second is
2, and so on.
Boolean isDynamic
Specifies whether this is a dynamic token.
String tokenString
The string represented by this token. If this is a dynamic token, the value will be <*>
SdkInternalMap<K,V> enumerations
Contains the values found for a dynamic token, and the number of times each value was found.
String deliveryDestinationPolicy
The contents of the delivery destination policy.
String policyName
A name for the policy. This must be unique within the account.
String policyDocument
Specify the policy, in JSON.
Data protection policy
A data protection policy must include two JSON blocks:
The first block must include both a DataIdentifer array and an Operation property with
an Audit action. The DataIdentifer array lists the types of sensitive data that you
want to mask. For more information about the available options, see Types of data
that you can mask.
The Operation property with an Audit action is required to find the sensitive data
terms. This Audit action must contain a FindingsDestination object. You can optionally
use that FindingsDestination object to list one or more destinations to send audit findings to. If
you specify destinations such as log groups, Kinesis Data Firehose streams, and S3 buckets, they must already
exist.
The second block must include both a DataIdentifer array and an Operation property with
an Deidentify action. The DataIdentifer array must exactly match the
DataIdentifer array in the first block of the policy.
The Operation property with the Deidentify action is what actually masks the data, and
it must contain the "MaskConfig": {} object. The "MaskConfig": {} object must be
empty.
For an example data protection policy, see the Examples section on this page.
The contents of the two DataIdentifer arrays must match exactly.
In addition to the two JSON blocks, the policyDocument can also include Name,
Description, and Version fields. The Name is different than the
operation's policyName parameter, and is used as a dimension when CloudWatch Logs reports audit
findings metrics to CloudWatch.
The JSON specified in policyDocument can be up to 30,720 characters long.
Subscription filter policy
A subscription filter policy can include the following attributes in a JSON block:
DestinationArn The ARN of the destination to deliver log events to. Supported destinations are:
An Kinesis Data Streams data stream in the same account as the subscription policy, for same-account delivery.
An Kinesis Data Firehose data stream in the same account as the subscription policy, for same-account delivery.
A Lambda function in the same account as the subscription policy, for same-account delivery.
A logical destination in a different account created with PutDestination, for cross-account delivery. Kinesis Data Streams and Kinesis Data Firehose are supported as logical destinations.
RoleArn The ARN of an IAM role that grants CloudWatch Logs permissions to deliver ingested log events to the destination stream. You don't need to provide the ARN when you are working with a logical destination for cross-account delivery.
FilterPattern A filter pattern for subscribing to a filtered stream of log events.
DistributionThe method used to distribute log data to the destination. By default, log data is grouped by
log stream, but the grouping can be set to Random for a more even distribution. This property is
only applicable when the destination is an Kinesis Data Streams data stream.
String policyType
The type of policy that you're creating or updating.
String scope
Currently the only valid value for this parameter is ALL, which specifies that the data protection
policy applies to all log groups in the account. If you omit this parameter, the default of ALL is
used.
String selectionCriteria
Use this parameter to apply the subscription filter policy to a subset of log groups in the account. Currently,
the only supported filter is LogGroupName NOT IN []. The selectionCriteria string can
be up to 25KB in length. The length is determined by using its UTF-8 bytes.
Using the selectionCriteria parameter is useful to help prevent infinite loops. For more
information, see Log
recursion prevention.
Specifing selectionCriteria is valid only when you specify SUBSCRIPTION_FILTER_POLICY
for policyType.
AccountPolicy accountPolicy
The account policy that you created.
String logGroupIdentifier
Specify either the log group name or log group ARN.
String policyDocument
Specify the data protection policy, in JSON.
This policy must include two JSON blocks:
The first block must include both a DataIdentifer array and an Operation property with
an Audit action. The DataIdentifer array lists the types of sensitive data that you
want to mask. For more information about the available options, see Types of data
that you can mask.
The Operation property with an Audit action is required to find the sensitive data
terms. This Audit action must contain a FindingsDestination object. You can optionally
use that FindingsDestination object to list one or more destinations to send audit findings to. If
you specify destinations such as log groups, Kinesis Data Firehose streams, and S3 buckets, they must already
exist.
The second block must include both a DataIdentifer array and an Operation property with
an Deidentify action. The DataIdentifer array must exactly match the
DataIdentifer array in the first block of the policy.
The Operation property with the Deidentify action is what actually masks the data, and
it must contain the "MaskConfig": {} object. The "MaskConfig": {} object must be
empty.
For an example data protection policy, see the Examples section on this page.
The contents of the two DataIdentifer arrays must match exactly.
In addition to the two JSON blocks, the policyDocument can also include Name,
Description, and Version fields. The Name is used as a dimension when
CloudWatch Logs reports audit findings metrics to CloudWatch.
The JSON specified in policyDocument can be up to 30,720 characters.
Policy policy
The contents of the policy that you just created.
String name
A name for this delivery destination. This name must be unique for all delivery destinations in your account.
String outputFormat
The format for the logs that this delivery destination will receive.
DeliveryDestinationConfiguration deliveryDestinationConfiguration
A structure that contains the ARN of the Amazon Web Services resource that will receive the logs.
SdkInternalMap<K,V> tags
An optional list of key-value pairs to associate with the resource.
For more information about tagging, see Tagging Amazon Web Services resources
DeliveryDestination deliveryDestination
A structure containing information about the delivery destination that you just created or updated.
String name
A name for this delivery source. This name must be unique for all delivery sources in your account.
String resourceArn
The ARN of the Amazon Web Services resource that is generating and sending logs. For example,
arn:aws:workmail:us-east-1:123456789012:organization/m-1234EXAMPLEabcd1234abcd1234abcd1234
String logType
Defines the type of log that the source is sending. For Amazon CodeWhisperer, the valid value is
EVENT_LOGS.
SdkInternalMap<K,V> tags
An optional list of key-value pairs to associate with the resource.
For more information about tagging, see Tagging Amazon Web Services resources
DeliverySource deliverySource
A structure containing information about the delivery source that was just created or updated.
String destinationName
A name for an existing destination.
String accessPolicy
An IAM policy document that authorizes cross-account users to deliver their log events to the associated destination. This can be up to 5120 bytes.
Boolean forceUpdate
Specify true if you are updating an existing destination policy to grant permission to an organization ID instead
of granting permission to individual Amazon Web Services accounts. Before you update a destination policy this
way, you must first update the subscription filters in the accounts that send logs to this destination. If you do
not, the subscription filters might stop working. By specifying true for forceUpdate,
you are affirming that you have already updated the subscription filters. For more information, see
Updating an existing cross-account subscription
If you omit this parameter, the default of false is used.
String destinationName
A name for the destination.
String targetArn
The ARN of an Amazon Kinesis stream to which to deliver matching log events.
String roleArn
The ARN of an IAM role that grants CloudWatch Logs permissions to call the Amazon Kinesis PutRecord
operation on the destination stream.
SdkInternalMap<K,V> tags
An optional list of key-value pairs to associate with the resource.
For more information about tagging, see Tagging Amazon Web Services resources
Destination destination
The destination.
String logGroupName
The name of the log group.
String logStreamName
The name of the log stream.
SdkInternalList<T> logEvents
The log events.
String sequenceToken
The sequence token obtained from the response of the previous PutLogEvents call.
The sequenceToken parameter is now ignored in PutLogEvents actions.
PutLogEvents actions are now accepted and never return InvalidSequenceTokenException or
DataAlreadyAcceptedException even if the sequence token is not valid.
String nextSequenceToken
The next sequence token.
This field has been deprecated.
The sequence token is now ignored in PutLogEvents actions. PutLogEvents actions are
always accepted even if the sequence token is not valid. You can use parallel PutLogEvents actions
on the same log stream and you do not need to wait for the response of a previous PutLogEvents
action to obtain the nextSequenceToken value.
RejectedLogEventsInfo rejectedLogEventsInfo
The rejected events.
String logGroupName
The name of the log group.
String filterName
A name for the metric filter.
String filterPattern
A filter pattern for extracting metric data out of ingested log events.
SdkInternalList<T> metricTransformations
A collection of information that defines how metric data gets emitted.
String name
A name for the query definition. If you are saving numerous query definitions, we recommend that you name them.
This way, you can find the ones you want by using the first part of the name as a filter in the
queryDefinitionNamePrefix parameter of DescribeQueryDefinitions.
String queryDefinitionId
If you are updating a query definition, use this parameter to specify the ID of the query definition that you want to update. You can use DescribeQueryDefinitions to retrieve the IDs of your saved query definitions.
If you are creating a query definition, do not specify this parameter. CloudWatch generates a unique ID for the new query definition and include it in the response to this operation.
SdkInternalList<T> logGroupNames
Use this parameter to include specific log groups as part of your query definition.
If you are updating a query definition and you omit this parameter, then the updated definition will contain no log groups.
String queryString
The query string to use for this definition. For more information, see CloudWatch Logs Insights Query Syntax.
String clientToken
Used as an idempotency token, to avoid returning an exception if the service receives the same request twice because of a network error.
String queryDefinitionId
The ID of the query definition.
String policyName
Name of the new policy. This parameter is required.
String policyDocument
Details of the new policy, including the identity of the principal that is enabled to put logs to this account. This is formatted as a JSON string. This parameter is required.
The following example creates a resource policy enabling the Route 53 service to put DNS query logs in to the
specified log group. Replace "logArn" with the ARN of your CloudWatch Logs resource, such as a log
group or log stream.
CloudWatch Logs also supports aws:SourceArn and aws:SourceAccount condition context keys.
In the example resource policy, you would replace the value of SourceArn with the resource making
the call from RouteĀ 53 to CloudWatch Logs. You would also replace the value of SourceAccount with
the Amazon Web Services account ID making that call.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "Route53LogsToCloudWatchLogs", "Effect": "Allow", "Principal": { "Service": [ "route53.amazonaws.com" ] }, "Action": "logs:PutLogEvents", "Resource": "logArn", "Condition": { "ArnLike": { "aws:SourceArn": "myRoute53ResourceArn" }, "StringEquals": { "aws:SourceAccount": "myAwsAccountId" } } } ] }
ResourcePolicy resourcePolicy
The new policy.
String logGroupName
The name of the log group.
String filterName
A name for the subscription filter. If you are updating an existing filter, you must specify the correct name in
filterName. To find the name of the filter currently associated with a log group, use DescribeSubscriptionFilters.
String filterPattern
A filter pattern for subscribing to a filtered stream of log events.
String destinationArn
The ARN of the destination to deliver matching log events to. Currently, the supported destinations are:
An Amazon Kinesis stream belonging to the same account as the subscription filter, for same-account delivery.
A logical destination (specified using an ARN) belonging to a different account, for cross-account delivery.
If you're setting up a cross-account subscription, the destination must have an IAM policy associated with it. The IAM policy must allow the sender to send logs to the destination. For more information, see PutDestinationPolicy.
A Kinesis Data Firehose delivery stream belonging to the same account as the subscription filter, for same-account delivery.
A Lambda function belonging to the same account as the subscription filter, for same-account delivery.
String roleArn
The ARN of an IAM role that grants CloudWatch Logs permissions to deliver ingested log events to the destination stream. You don't need to provide the ARN when you are working with a logical destination for cross-account delivery.
String distribution
The method used to distribute log data to the destination. By default, log data is grouped by log stream, but the grouping can be set to random for a more even distribution. This property is only applicable when the destination is an Amazon Kinesis data stream.
QueryCompileErrorLocation location
Reserved.
String message
Reserved.
String queryDefinitionId
The unique ID of the query definition.
String name
The name of the query definition.
String queryString
The query string to use for this definition. For more information, see CloudWatch Logs Insights Query Syntax.
Long lastModified
The date that the query definition was most recently modified.
SdkInternalList<T> logGroupNames
If this query definition contains a list of log groups that it is limited to, that list appears here.
String queryId
The unique ID number of this query.
String queryString
The query string used in this query.
String status
The status of this query. Possible values are Cancelled, Complete, Failed,
Running, Scheduled, and Unknown.
Long createTime
The date and time that this query was created.
String logGroupName
The name of the log group scanned by this query.
String logGroupName
The log group on which to perform the query.
A StartQuery operation must include exactly one of the following parameters:
logGroupName, logGroupNames, or logGroupIdentifiers.
SdkInternalList<T> logGroupNames
The list of log groups to be queried. You can include up to 50 log groups.
A StartQuery operation must include exactly one of the following parameters:
logGroupName, logGroupNames, or logGroupIdentifiers.
SdkInternalList<T> logGroupIdentifiers
The list of log groups to query. You can include up to 50 log groups.
You can specify them by the log group name or ARN. If a log group that you're querying is in a source account and you're using a monitoring account, you must specify the ARN of the log group here. The query definition must also be defined in the monitoring account.
If you specify an ARN, the ARN can't end with an asterisk (*).
A StartQuery operation must include exactly one of the following parameters:
logGroupName, logGroupNames, or logGroupIdentifiers.
Long startTime
The beginning of the time range to query. The range is inclusive, so the specified start time is included in the
query. Specified as epoch time, the number of seconds since January 1, 1970, 00:00:00 UTC.
Long endTime
The end of the time range to query. The range is inclusive, so the specified end time is included in the query.
Specified as epoch time, the number of seconds since January 1, 1970, 00:00:00 UTC.
String queryString
The query string to use. For more information, see CloudWatch Logs Insights Query Syntax.
Integer limit
The maximum number of log events to return in the query. If the query string uses the fields
command, only the specified fields and their values are returned. The default is 1000.
String queryId
The unique ID of the query.
String queryId
The ID number of the query to stop. To find this ID number, use DescribeQueries.
Boolean success
This is true if the query was stopped by the StopQuery operation.
String filterName
The name of the subscription filter.
String logGroupName
The name of the log group.
String filterPattern
String destinationArn
The Amazon Resource Name (ARN) of the destination.
String roleArn
String distribution
Long creationTime
The creation time of the subscription filter, expressed as the number of milliseconds after
Jan 1, 1970 00:00:00 UTC.
String logGroupName
The name of the log group.
SdkInternalMap<K,V> tags
The key-value pairs to use for the tags.
String resourceArn
The ARN of the resource that you're adding tags to.
The ARN format of a log group is
arn:aws:logs:Region:account-id:log-group:log-group-name
The ARN format of a destination is
arn:aws:logs:Region:account-id:destination:destination-name
For more information about ARN format, see CloudWatch Logs resources and operations.
SdkInternalMap<K,V> tags
The list of key-value pairs to associate with the resource.
String filterPattern
SdkInternalList<T> logEventMessages
The log event messages to test.
SdkInternalList<T> matches
The matched events.
String resourceName
The name of the resource.
String logGroupName
The name of the log group.
SdkInternalList<T> tags
The tag keys. The corresponding tags are removed from the log group.
String resourceArn
The ARN of the CloudWatch Logs resource that you're removing tags from.
The ARN format of a log group is
arn:aws:logs:Region:account-id:log-group:log-group-name
The ARN format of a destination is
arn:aws:logs:Region:account-id:destination:destination-name
For more information about ARN format, see CloudWatch Logs resources and operations.
SdkInternalList<T> tagKeys
The list of tag keys to remove from the resource.
String anomalyId
If you are suppressing or unsuppressing an anomaly, specify its unique ID here. You can find anomaly IDs by using the ListAnomalies operation.
String patternId
If you are suppressing or unsuppressing an pattern, specify its unique ID here. You can find pattern IDs by using the ListAnomalies operation.
String anomalyDetectorArn
The ARN of the anomaly detector that this operation is to act on.
String suppressionType
Use this to specify whether the suppression to be temporary or infinite. If you specify LIMITED, you
must also specify a suppressionPeriod. If you specify INFINITE, any value for
suppressionPeriod is ignored.
SuppressionPeriod suppressionPeriod
If you are temporarily suppressing an anomaly or pattern, use this structure to specify how long the suppression is to last.
String anomalyDetectorArn
The ARN of the anomaly detector that you want to update.
String evaluationFrequency
Specifies how often the anomaly detector runs and look for anomalies. Set this value according to the frequency
that the log group receives new logs. For example, if the log group receives new log events every 10 minutes,
then setting evaluationFrequency to FIFTEEN_MIN might be appropriate.
String filterPattern
Long anomalyVisibilityTime
The number of days to use as the life cycle of anomalies. After this time, anomalies are automatically baselined and the anomaly detector model will treat new occurrences of similar event as normal. Therefore, if you do not correct the cause of an anomaly during this time, it will be considered normal going forward and will not be detected.
Boolean enabled
Use this parameter to pause or restart the anomaly detector.
Copyright © 2024. All rights reserved.