Holmes Stacks
Career · June 3, 2026

AWS CloudWatch Logs Insights queries for faster error troubleshooting

This video teaches you how to use AWS CloudWatch Logs Insights queries to quickly filter and analyze logs for faster troubleshooting.

▶ Watch the video on YouTube

What this guide covers

After reading this, you’ll be able to write and run AWS CloudWatch Logs Insights queries that filter error messages efficiently, helping you find relevant logs without scrolling endlessly. This skill reduces your debugging time on cloud applications.

When to use it

  • You need to find recent error logs from a noisy log group in AWS CloudWatch.
  • Debugging a Lambda function that intermittently fails without clear stack traces.
  • Analyzing application logs during off-hours when you need fast results.
  • Investigating a spike in errors detected by alarms without sifting through all logs.

The move, step by step

  1. Open CloudWatch Logs Insights: Go to the AWS Management Console, navigate to CloudWatch > Logs Insights, and select the relevant log group.

  2. Write a basic query to fetch timestamp and message:

    fields @timestamp, @message

    This outputs only the timestamp and raw log text to keep results focused.

  3. Filter logs containing errors:
    Add a filter clause to extract log messages that contain “ERROR”:

    | filter @message like /ERROR/

  4. Sort by newest first:
    To see the most recent errors at the top, add sorting by timestamp descending:

    | sort @timestamp desc

  5. Limit the number of results:
    Narrow your view to the top 20 matching entries for easier scanning:

    | limit 20

  6. Run the query: Click the “Run query” button. Review results in the table below, checking timestamps and messages.

  7. Adjust time range: Make sure you set the query time range to “Last hour” or another window relevant to your issue.

Example

Input log group: /aws/lambda/my-function
Query:

fields @timestamp, @message
| filter @message like /ERROR/
| sort @timestamp desc
| limit 20

Expected output:
A table showing the 20 most recent log entries containing “ERROR,” sorted by timestamp descending, with columns for @timestamp and @message. This instantly highlights recent failures or exceptions without manual scrolling.

Common mistakes

  • Mistake: Trying to filter on specific error codes but miss case sensitivity → Fix: Use regex with case-insensitive flag, e.g., /ERROR/i.
  • Mistake: Forgetting to adjust time range → Fix: Always set appropriate query time range (last 1 hour, last 24 hours).
  • Mistake: Query returns too many results → Fix: Use limit clause to constrain output for faster parsing.
  • Mistake: Using like without slashes / / around regex → Fix: Use proper syntax: like /pattern/.
  • Mistake: Not selecting the right log group → Fix: Confirm you picked the correct log group before querying.

Next step

Open AWS CloudWatch Logs Insights now, pick one log group you frequently debug, and run the example query from this guide against your last hour of logs. Then come back and try the next move from the video.

Your one action today

Pick the smallest version of this guide and try it in your tool of choice in the next 20 minutes.

Free download
Get the AI Career Starter Kit — 25 ChatGPT prompts + a 12-month plan
Click to get it →
Go deeper
AI Career Stack Starter Kit — $39
75 prompts + resume system + cloud roadmap + Notion template

Get the next AI/career guide in your inbox

One short, practical guide on AI tools, cloud, and the modern career stack. No fluff.

Related guides
▶ Watch the related video on YouTube