Posted On: Sep 6, 2023

We are excited to announce regular expression support for Amazon CloudWatch Logs filter pattern syntax, making it easier to search and match relevant logs. Customers use filter pattern syntax today to search logs, extract metrics using metric filters, and send specific logs to other destinations with subscription filters. With today’s launch, customers will be able to further customize these operations to meet their needs with flexible and powerful regular expressions within filter patterns. Now customers can define one filter to match multiple IP subnets or HTTP status codes using a regular expression such as ‘{ $.statusCode=%4[0-9]{2}% }’ rather than having to define multiple filters to cater to each variation, reducing the configuration and management overhead on their logs.

Filter patterns make up the syntax that metric filters, subscription filters, and filtering log events use to match terms in log events. Terms can be words, exact phrases, or numeric values. When using regular expressions to create Metric filters or Subscription filter there is a new quota of 5 regular expression patterns per log group. There is a quota of 2 regular expression patterns within a given filter pattern for metric filters and subscription filters.

Regular expression support for Amazon CloudWatch Logs filter pattern syntax is available in all AWS Commercial regions where Amazon CloudWatch Logs is available.

Learn more by reviewing our Filter and Pattern Syntax documentation.