With the ever-growing stream of data coming from your workloads no wonder sending data into CloudWatch makes sense. But as you send more and more data the ability to sift through it and make is useful can be cumbersome. To ease the lift AWS released CloudWatch Insights. With CloudWatch Insights provides a query language you can use to parse and visualize CloudWatch Logs.
CW Insights is meant to take a direct stab at the Splunk and Elastic’s Kibana market. And for a subset of use cases, CloudWatch Insights will be more than enough to get the job done. Now it does feel as if CW Insights was designed at first to be a way to create more complex dashboards (in fact I’m sure it was) and now it’s being extended. Over time, we will see it come into its own and is a gateway into AWS’ business intelligence offering – QuickSight.
I find CW Insights most handy when I need to quickly find an error message or track down an issue. It is head and shoulders more flexible than the default search CW has provided for years. Query language has enough features to allows you to create ephemeral variables, parse, and filter your searches.
CloudWatch Insights won’t solve all your problems, some features that would have been nice would have been saved queries and the ability to search across multiple Log groups. But if your trying to gain insights into a problem and you need to use more than the basic search that CloudWatch Logs provides than Insights will be useful to you. For more advanced capabilities defiantly look at AWS QuickSight or Kibana.
By Gabriel Alix