Voronenko · December 14, 2021 11:24
diff --git a/determine_log_group_causing_traffic.txt b/determine_log_group_causing_traffic.txt
 To query a small set of log groups:

 Open the Amazon CloudWatch console.
 In the navigation pane, choose Metrics.
 For each of your log groups, select the IncomingBytes metric, and then choose the Graphed metrics tab.
 For Statistic, choose Sum.
 For Period, choose 30 Days.
 Choose the Graph options tab and choose Number.
 At the top right of the graph, choose custom, and then choose Absolute. Select a start and end date that corresponds with the last 30 days.
 To query hundreds of log groups:

 Note: Before running the API calls below, be sure to review costs associated with making API calls. Also note that the ListMetrics call should be distributed to avoid throttling. The default limit for ListMetrics is 25 transactions per second. However, you can request a limit increase if necessary.

 Make a ListMetrics call. Use this call to find all log group names that have ingested data in the past 14 days. Use the following parameters:
 Namespace: AWS/Logs
 MetricName: IncomingBytes
 Make a GetMetricData call. Use this call to find the sum of all incoming bytes in a month for every log group name you get from the ListMetrics call. Use the following parameters:
 Namespace: AWS/Logs
 MetricName: IncomingBytes
 Dimensions: As received from the ListMetrics call
 StartTime: [Date and time 14 days prior to the current date]
 EndTime: [Current date and time]
 Period: [EndTime - StartTime, in seconds]
 Statistics: Sum
 Sort the resulting data points in descending order to display the log group names with the highest Ingested data amounts.
 To be sure that ingested data charges don't exceed a specified limit in the future, you can create a CloudWatch alarm.
	To query a small set of log groups:

	Open the Amazon CloudWatch console.
	In the navigation pane, choose Metrics.
	For each of your log groups, select the IncomingBytes metric, and then choose the Graphed metrics tab.
	For Statistic, choose Sum.
	For Period, choose 30 Days.
	Choose the Graph options tab and choose Number.
	At the top right of the graph, choose custom, and then choose Absolute. Select a start and end date that corresponds with the last 30 days.
	To query hundreds of log groups:

	Note: Before running the API calls below, be sure to review costs associated with making API calls. Also note that the ListMetrics call should be distributed to avoid throttling. The default limit for ListMetrics is 25 transactions per second. However, you can request a limit increase if necessary.

	Make a ListMetrics call. Use this call to find all log group names that have ingested data in the past 14 days. Use the following parameters:
	Namespace: AWS/Logs
	MetricName: IncomingBytes
	Make a GetMetricData call. Use this call to find the sum of all incoming bytes in a month for every log group name you get from the ListMetrics call. Use the following parameters:
	Namespace: AWS/Logs
	MetricName: IncomingBytes
	Dimensions: As received from the ListMetrics call
	StartTime: [Date and time 14 days prior to the current date]
	EndTime: [Current date and time]
	Period: [EndTime - StartTime, in seconds]
	Statistics: Sum
	Sort the resulting data points in descending order to display the log group names with the highest Ingested data amounts.
	To be sure that ingested data charges don't exceed a specified limit in the future, you can create a CloudWatch alarm.