Useful Lambda cloudwatch log insights queries

1 - Find all logs for a given request ID or X-Ray trace ID

fields @timestamp, @message
| filter @message like /REQUEST_ID_GOES_HERE/

2 - Find 50 most recent errors

filter @message like /(?i)(Exception|error|fail)/
| fields @timestamp, @message 
| sort @timestamp desc
| limit 50

3 - Find the most expensive Lambda function invocations

filter @type = "REPORT"
| fields @requestId, @billedDuration
| sort by @billedDuration desc

4 - View latency stats for 5-minute intervals for a Lambda function

filter @type = "REPORT"
| stats avg(@duration), max(@duration), min(@duration) by bin(5m)

5 - Determine the amount of overprovisioned memory for a Lambda function

filter @type = "REPORT"
| stats max(@memorySize / 1024 / 1024) as provisonedMemoryMB,
  min(@maxMemoryUsed / 1024 / 1024) as smallestMemoryRequestMB,
  avg(@maxMemoryUsed / 1024 / 1024) as avgMemoryUsedMB,
  max(@maxMemoryUsed / 1024 / 1024) as maxMemoryUsedMB,
  provisonedMemoryMB - maxMemoryUsedMB as overProvisionedMB

6 - Find a non-200 error in API Gateway Execution Logs

fields @timestamp, @message, @requestId, @duration, @xrayTraceId, @logStream, @logStream
| filter
   @message like /fail/ or
   @message like /timed/ or
   @message like /X-Amz-Function-Error/ or
   @message like /tatus: 4/ or
   @message like /tatus: 5/
| sort @timestamp desc

7 - Count a number of cold starts, average init time and maximum init duration of a Lambda function

filter @type="REPORT"
| fields @memorySize / 1000000 as memorySize
| filter @message like /(?i)(Init Duration)/
| parse @message /^REPORT.*Init Duration: (?<initDuration>.*) ms.*/
| parse @log /^.*\/aws\/lambda\/(?<functionName>.*)/
| stats count() as coldStarts, avg(initDuration) as avgInitDuration, max(initDuration) as maxIntDuration by functionName, memorySize

8 - Lambda cold start percentage over time

filter @type = "REPORT"
| stats
  sum(strcontains(
    @message,
    "Init Duration"))
  / count(*)
  * 100
  as coldStartPercentage,
  avg(@duration)
  by bin(5m)

9 - Show average duration, max duration, min duration, P99 percentile duration and request count

filter @type = "REPORT"
| stats avg(@duration), max(@duration), min(@duration), pct(@duration, 99), count(@duration) by bin(5m)

10 - Exclude informational logs to highlight only Lambda errors

fields @timestamp, @message
| sort @timestamp desc
| filter @message not like 'EXTENSION'
| filter @message not like 'Lambda Insights'
| filter @message not like 'INFO'
| filter @message not like 'REPORT'
| filter @message not like 'END'
| filter @message not like 'START'

farhad-taran/README.md