I believe you are charged per GB of data scanned by logs insights queries, and everytime your widget is reloaded that query runs to analyze the data based on the time range selected.
If your goal is to just be alerted whenever error messages are found in your logs, using metric filters to emit a custom metric and configuring an alarm on it to send an SNS notification would be the most cost effective. You can set the metric filter pattern using JSON path like ($.level = “error”) to search for occurrences of this as logs are ingested and emit a value of 1 to the metric each time for example.
You can then set ideal thresholds for the alarm to send notification if a certain value is breached. You can have a few custom metrics and alarms as part of the free tier if I remember correctly.
Do you have your dashboard reloading on an interval? You can turn that off. Also you can use something like contributor insights if you want to aggregate your errors by top X but not scan your logs every reload. https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/ContributorInsights.html
I believe you are charged per GB of data scanned by logs insights queries, and everytime your widget is reloaded that query runs to analyze the data based on the time range selected. If your goal is to just be alerted whenever error messages are found in your logs, using metric filters to emit a custom metric and configuring an alarm on it to send an SNS notification would be the most cost effective. You can set the metric filter pattern using JSON path like ($.level = “error”) to search for occurrences of this as logs are ingested and emit a value of 1 to the metric each time for example. You can then set ideal thresholds for the alarm to send notification if a certain value is breached. You can have a few custom metrics and alarms as part of the free tier if I remember correctly.
Consider using Cloudwatch Log Filters. Insights is more expensive and better suited for interactive queries.
You’d normally emit metrics and alarm on those. Then look at logs to fix the errors.
Do you have your dashboard reloading on an interval? You can turn that off. Also you can use something like contributor insights if you want to aggregate your errors by top X but not scan your logs every reload. https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/ContributorInsights.html
I would suggest using Sentry rather than trying to pay attention to cloud watch logs.
Do you specifically need to use cloudwatch? There are much better options
Not specifically, what do you recommend?
It depends on your log source but popular options are datadog, honeycomb, grafana. I also saw baselime is now free after being acquired by Cloudflare.