Copyright (c) 2026 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.
3.2.2.7. Associating CloudWatch Alarms with Metrics
3.2.2.7. Log Analytics: Kinesis, Athena & Logs Insights
Different log analysis tools serve different query patterns. The exam tests whether you choose the right tool for the scenario.
| Tool | Query Type | Latency | Best For |
|---|---|---|---|
| CloudWatch Logs Insights | Interactive SQL-like | Seconds | Ad-hoc investigation, recent logs |
| Amazon Athena | Full SQL | Seconds-minutes | Historical analysis, S3-stored logs |
| Amazon OpenSearch | Full-text search, dashboards | Sub-second | Complex search, Kibana-style visualization |
| Kinesis Data Analytics | Streaming SQL | Real-time | Continuous aggregation, live anomaly detection |
CloudWatch Logs Insights examples:
# Top 10 most expensive Lambda invocations
fields @requestId, @billedDuration, @memorySize
| sort @billedDuration desc
| limit 10
# Error rate per 5-minute window
filter @message like /ERROR/
| stats count(*) as errors by bin(5m)
Athena for S3 logs (CloudTrail, ALB access logs, VPC Flow Logs):
-- Find all unauthorized API calls in CloudTrail
SELECT eventtime, eventsource, eventname, useridentity.arn
FROM cloudtrail_logs
WHERE errorcode = 'AccessDenied'
AND eventtime > current_timestamp - interval '24' hour
ORDER BY eventtime DESC;
Exam Trap: Logs Insights queries scan all data in the selected log groups for the time range — cost scales with data volume. For frequently-run queries on large log groups, export to S3 and use Athena with partitioning (by date, account, region) to scan only relevant data. Athena with partitioned data can be 10-100x cheaper than repeated Logs Insights queries.
Written byAlvin Varughese•Founder•15 professional certifications