You know from Systems Manager Inventory that the application uses Ruby 2.4.4, so it’s possible to determine the liekly log format. A quick Internet search reveals that the Ruby Logger class documentation. From this document, you can determine that the log format is as follows:
SeverityID, [DateTime #pid] SeverityLabel -- ProgName: message
This information helps to make the logs more useable in CloudWatch Logs Insights.
Navigate to CloudWatch Insights
Investigate Log Severity Information
Enter the following query in to the query textarea
parse @message "*, [* #*] * -- *: *" as SeverityID, DateTime, PID, SeverityLabel, ProgName, Message | stats count(*) as Count by SeverityLabel, bin(5m) as Time | sort @timestamp | limit 100
parse @message "*, [* #*] * -- *: *" as SeverityID...parses the application log in to fields that CloudWatch Logs Insights can use, using the log format from Ruby.
| stats count(*) as Count by SeverityLabel, bin(5m) as Timegroups the results by severity and 5 minute intervals
| sort @timestampsorts by date and time
| limit 100limits thre results to 100 rows
So far, you have discovered that the application log does contain some errors. Now it’s time to dive in to the errors.
Investigate the errors
Replace the following query in to the query textarea
parse @message "*, [* #*] * -- *: *" as SeverityID, DateTime, PID, SeverityLabel, ProgName, Message | filter SeverityLabel="ERROR" | sort @timestamp | limit 100
| filter SeverityLabel="ERROR"filters the results to only show errors
A quick internet search reveals that ActiveStorage::InvariableError is raised if ImageMagick cannot transform the blob. See here for more information. This makes sense, as the image you uploaded was not a valid image, so there is no way it could be transformed by ImageMagick. You have used CloudWatch Insights to Identify the cause of the issue and correlate it to a log entry. Now it’s possible to alert and respond to this event.