CloudWatchLogs / Client / put_index_policy
put_index_policy#
- CloudWatchLogs.Client.put_index_policy(**kwargs)#
Creates or updates a field index policy for the specified log group. Only log groups in the Standard log class support field index policies. For more information about log classes, see Log classes.
You can use field index policies to create field indexes on fields found in log events in the log group. Creating field indexes speeds up and lowers the costs for CloudWatch Logs Insights queries that reference those field indexes, because these queries attempt to skip the processing of log events that are known to not match the indexed field. Good fields to index are fields that you often need to query for and fields or values that match only a small fraction of the total log events. Common examples of indexes include request ID, session ID, userID, and instance IDs. For more information, see Create field indexes to improve query performance and reduce costs.
To find the fields that are in your log group events, use the GetLogGroupFields operation.
For example, suppose you have created a field index for
requestId. Then, any CloudWatch Logs Insights query on that log group that includesrequestId = valueorrequestId IN [value, value, ...]will process fewer log events to reduce costs, and have improved performance.Each index policy has the following quotas and restrictions:
As many as 20 fields can be included in the policy.
Each field name can include as many as 100 characters.
Matches of log events to the names of indexed fields are case-sensitive. For example, a field index of
RequestIdwon’t match a log event containingrequestId.Log group-level field index policies created with
PutIndexPolicyoverride account-level field index policies created with PutAccountPolicy. If you usePutIndexPolicyto create a field index policy for a log group, that log group uses only that policy. The log group ignores any account-wide field index policy that you might have created.See also: AWS API Documentation
Request Syntax
response = client.put_index_policy( logGroupIdentifier='string', policyDocument='string' )
- Parameters:
logGroupIdentifier (string) –
[REQUIRED]
Specify either the log group name or log group ARN to apply this field index policy to. If you specify an ARN, use the format arn:aws:logs:region:account-id:log-group:log_group_name Don’t include an * at the end.
policyDocument (string) –
[REQUIRED]
The index policy document, in JSON format. The following is an example of an index policy document that creates two indexes,
RequestIdandTransactionId."policyDocument": "{ "Fields": [ "RequestId", "TransactionId" ] }"The policy document must include at least one field index. For more information about the fields that can be included and other restrictions, see Field index syntax and quotas.
- Return type:
dict
- Returns:
Response Syntax
{ 'indexPolicy': { 'logGroupIdentifier': 'string', 'lastUpdateTime': 123, 'policyDocument': 'string', 'policyName': 'string', 'source': 'ACCOUNT'|'LOG_GROUP' } }
Response Structure
(dict) –
indexPolicy (dict) –
The index policy that you just created or updated.
logGroupIdentifier (string) –
The ARN of the log group that this index policy applies to.
lastUpdateTime (integer) –
The date and time that this index policy was most recently updated.
policyDocument (string) –
The policy document for this index policy, in JSON format.
policyName (string) –
The name of this policy. Responses about log group-level field index policies don’t have this field, because those policies don’t have names.
source (string) –
This field indicates whether this is an account-level index policy or an index policy that applies only to a single log group.
Exceptions
CloudWatchLogs.Client.exceptions.InvalidParameterExceptionCloudWatchLogs.Client.exceptions.ResourceNotFoundExceptionCloudWatchLogs.Client.exceptions.LimitExceededExceptionCloudWatchLogs.Client.exceptions.OperationAbortedExceptionCloudWatchLogs.Client.exceptions.ServiceUnavailableException