> ## Documentation Index
> Fetch the complete documentation index at: https://notes.kodekloud.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Demo Metric Filter
> Learn to configure a metric filter in AWS CloudWatch, including creating IAM roles, generating logs, and setting up alarms for HTTP 404 errors.
In this guide, you’ll learn how to configure a metric filter in AWS CloudWatch from end to end. We will:
1. Create IAM policies and roles
2. Launch an EC2 instance with the IAM role
3. Generate sample application logs
4. Push logs to CloudWatch Logs
5. Define a metric filter for HTTP 404 errors
6. View metrics and create an alarm
7. Clean up resources
Let’s dive into the AWS Management Console.
***
## 1. Create an IAM Policy
1. Open the [IAM console](https://console.aws.amazon.com/iam/) and select **Policies** > **Create policy**.
2. Under **Service**, choose **EC2** and enable **All EC2 permissions**.
3. Click **Add permissions**, search for **CloudWatch**, and select **All CloudWatch permissions**.
4. Add **CloudWatch Logs** with **All actions allowed**.
5. Click **Next**, name the policy `metric-filter-demo`, then **Create policy**.
***
## 2. Create an IAM Role
1. In the IAM console, go to **Roles** > **Create role**.
2. Choose **EC2** as the trusted entity, then attach the `metric-filter-demo` policy.
3. Name the role `metric-filter-role` and **Create role**.
***
## 3. Launch an EC2 Instance
1. Navigate to the [EC2 console](https://console.aws.amazon.com/ec2/) and click **Launch instance**.
2. Provide a name tag, select an AMI, choose or create a key pair, and configure a security group.
3. Under **Advanced details** > **IAM instance profile**, select `metric-filter-role`.
4. Scroll down and click **Launch instance**.
5. Verify the instance state is **running**.
***
## 4. Generate Application Logs
SSH into your EC2 instance and switch to root:
```bash theme={null}
sudo su -
cd ~
```
Create a script that emits mock JSON HTTP logs:
```bash theme={null}
cat > generate_all.sh << 'EOF'
#!/bin/bash
echo '[' > events_all.json
for i in {1..50}; do
ts=$(date +%s%3N)
code=$(( (RANDOM % 5) * 100 + 200 ))
printf '{"timestamp": %d, "message": "GET /endpoint HTTP/1.1\" %d"}' \
"$ts" "$code" >> events_all.json
[ $i -lt 50 ] && echo ',' >> events_all.json
done
echo ']' >> events_all.json
EOF
chmod +x generate_all.sh
```
Run the script and verify the output:
```bash theme={null}
./generate_all.sh
ls -l events_all.json
tail -n 5 events_all.json
```
***
## 5. Create a CloudWatch Logs Group & Stream
1. In the [CloudWatch console](https://console.aws.amazon.com/cloudwatch/), go to **Logs** > **Log groups** > **Create log group**.
* **Name**: `application-404-error-tracker`
2. Select the new group and click **Create log stream**.
* **Name**: `hostname`
Push your generated log events:
```bash theme={null}
aws logs put-log-events \
--log-group-name application-404-error-tracker \
--log-stream-name hostname \
--log-events file://events_all.json
```
A successful response includes a `nextSequenceToken`. Confirm your logs appear under **Log streams**.
***
## 6. Define a Metric Filter
1. In CloudWatch, open **Logs** > **Log groups**, select `application-404-error-tracker`, and click **Create metric filter**.
2. Enter this pattern to extract the HTTP status code:
```Python theme={null}
[_, _, _, _, status_code]
```
3. Test against the `hostname` stream to validate matches.
4. Click **Next** and configure the metric:
* **Filter name**: `HTTP404Filter`
* **Metric namespace**: `MyNamespace`
* **Metric name**: `ApacheNotFoundErrorCount`
* **Metric value**: `1`
* **Default value**: `0`
5. Review settings and click **Create metric filter**.
***
## 7. Push Additional Logs
When sending subsequent log batches, include the `--sequence-token` you received from the previous `put-log-events` response.
```bash theme={null}
./generate_all.sh
aws logs put-log-events \
--log-group-name application-404-error-tracker \
--log-stream-name hostname \
--log-events file://events_all.json
```
Wait a few minutes, then proceed to view your metric.
***
## 8. View Metric & Create an Alarm
1. In CloudWatch, go to **Metrics** > **MyNamespace** > **ApacheNotFoundErrorCount**.
2. Select the metric and click **Create alarm**.
3. Set a threshold (for example, when > 1 events in 5 minutes) and configure a notification (SNS, email, etc.).
***
## 9. Summary & Cleanup
You have successfully:
* Created a custom IAM policy and role for EC2 & CloudWatch Logs
* Launched an EC2 instance with the IAM role attached
* Generated and pushed application logs to CloudWatch Logs
* Defined a metric filter for HTTP 404 errors
* Viewed the metric and configured an alarm
**Cleanup:** Delete the log group, streams, alarms, EC2 instance, IAM role, and policy to avoid incurring charges.
| Resource | Location | Action |
| ------------------ | --------------------------------- | ------------------------ |
| Log group & stream | CloudWatch → Logs | **Delete** |
| Metric filter | CloudWatch → Log groups → Metrics | **Remove** |
| Alarm | CloudWatch → Alarms | **Delete** |
| EC2 instance | EC2 console | **Terminate instance** |
| IAM role/policy | IAM console | **Delete role & policy** |
***
## Links & References
* [AWS IAM Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)
* [AWS CloudWatch Logs Documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/)
* [AWS CLI put-log-events](https://docs.aws.amazon.com/cli/latest/reference/logs/put-log-events.html)