AWS AmazonCloudWatch documentation change
Summary
Restructured pipeline metrics documentation with separate sections for logs and metrics pipelines. Added new metrics for metrics pipelines (PipelineDataPointsIn, PipelineDataPointsOut, PipelineDataPointsUnprocessed) and new warning types (DestructiveOnVended, UnsupportedTemporality, UnknownOttlPath). Clarified dimensions and error types specific to each pipeline type.
Security assessment
The changes reorganize documentation and add new monitoring capabilities but contain no evidence of addressing security vulnerabilities. The new warnings help detect skipped operations on vended metrics and unsupported temporality, which are operational issues rather than security flaws. No security incidents, vulnerabilities, or weaknesses are mentioned.
Diff
diff --git a/AmazonCloudWatch/latest/monitoring/pipelines-metrics.md b/AmazonCloudWatch/latest/monitoring/pipelines-metrics.md index 1c712c77c..c5ceacaaa 100644 --- a//AmazonCloudWatch/latest/monitoring/pipelines-metrics.md +++ b//AmazonCloudWatch/latest/monitoring/pipelines-metrics.md @@ -9 +9 @@ Available metricsDimensionsError typesWarning typesViewing metricsCreating alarm -# Monitoring Pipelines Using CloudWatch Metrics +# Monitoring pipelines @@ -21 +21,18 @@ Pipelines metrics are only emitted when the value is non-zero. -### Core metrics +### Pipeline health metrics + +The following metrics are emitted for all pipeline types (logs and metrics): + +Metric | Description | Dimension | Unit +---|---|---|--- +`PipelineErrors` | Aggregate count of errors in pipeline | PipelineName | Count +`PipelineErrorsByErrorType` | Detailed error counts by type | PipelineName, ErrorType | Count +`PipelineWarnings` | Number of warnings encountered | PipelineName | Count +`PipelineWarningsByWarningType` | Detailed warnings by type | PipelineName, WarningType | Count + +###### Note + +For logs pipelines, `PipelineErrorsByErrorType` includes additional dimensions (`ErrorSource`, `ErrorComponent`) and `PipelineWarningsByWarningType` includes additional dimensions (`WarningSource`, `WarningComponent`). + +### Logs pipeline metrics + +The following metrics are emitted for logs pipelines: @@ -32,0 +50,3 @@ Metric | Description | Dimension | Unit +`PipelineRecordsUnprocessed` | Number of records that couldn't be processed | PipelineName, DataSource, DataType | Count + +### Metrics pipeline metrics @@ -34 +54 @@ Metric | Description | Dimension | Unit -### Error and warning metrics +The following metrics are emitted for metrics pipelines: @@ -38,5 +58,3 @@ Metric | Description | Dimension | Unit -`PipelineErrors` | Aggregate count of errors in pipeline | PipelineName | Count -`PipelineErrorsByErrorType` | Detailed error counts by type | PipelineName, ErrorSource, ErrorComponent, ErrorType | Count -`PipelineWarnings` | Number of warnings encountered | PipelineName | Count -`PipelineWarningsByWarningType` | Detailed warnings by type | PipelineName, WarningSource, WarningComponent, WarningType | Count -`PipelineRecordsUnprocessed` | Number of records that couldn't be processed | PipelineName, DataSource, DataType | Count +`PipelineDataPointsIn` | Number of metric datapoints entering the pipeline (matched selection criteria) | PipelineName, dataset | Count +`PipelineDataPointsOut` | Number of metric datapoints exiting the pipeline after processing | PipelineName, dataset | Count +`PipelineDataPointsUnprocessed` | Number of metric datapoints that matched selection criteria but passed through unchanged because all processors were skipped. For example, this occurs when `UnsupportedTemporality` or `DestructiveOnVended` restrictions apply. You can create an alarm on this metric to detect metrics in your selection criteria that cannot be processed. | PipelineName, dataset | Count @@ -51 +69 @@ CloudWatch pipelines metrics use the following dimensions: -Name of the pipeline +Name of the pipeline. @@ -53 +71 @@ Name of the pipeline -**DataSource** +**ErrorType** @@ -56 +74 @@ Name of the pipeline -Source of the data (AWS service name or third-party source) +Type of error encountered. @@ -58 +76 @@ Source of the data (AWS service name or third-party source) -**DataType** +**WarningType** @@ -61 +79 @@ Source of the data (AWS service name or third-party source) -Type of data being processed +Type of warning encountered. @@ -63 +81 @@ Type of data being processed -**ErrorSource** +**DataSource (logs pipelines)** @@ -66 +84 @@ Type of data being processed -Origin of the error (s3, aws.secrets, cloudwatch_logs) +Source of the data (AWS service name or third-party source). @@ -68 +86 @@ Origin of the error (s3, aws.secrets, cloudwatch_logs) -**ErrorComponent** +**DataType (logs pipelines)** @@ -71 +89 @@ Origin of the error (s3, aws.secrets, cloudwatch_logs) -Component where error occurred (source, sink, extension) +Type of data being processed. @@ -73 +91,4 @@ Component where error occurred (source, sink, extension) -**ErrorType** +**ErrorSource (logs pipelines)** + + +Origin of the error (s3, aws.secrets, cloudwatch_logs). @@ -74,0 +96 @@ Component where error occurred (source, sink, extension) +**ErrorComponent (logs pipelines)** @@ -76 +98,7 @@ Component where error occurred (source, sink, extension) -Type of error encountered + +Component where error occurred (source, sink, extension). + +**dataset (metrics pipelines)** + + +The OTel metric dataset identifier. Currently always `default`. @@ -82 +110 @@ The following error types are tracked in `PipelineErrorsByErrorType`: -**`ACCESS_DENIED`** +**`ALL`** @@ -85 +113 @@ The following error types are tracked in `PipelineErrorsByErrorType`: -Permission-related failures +The total count of all errors on the pipeline. @@ -87 +115 @@ Permission-related failures -**`ALL`** +**`PARSE_FAILURE`** @@ -90 +118 @@ Permission-related failures -The total count of all errors on the pipeline +Data parsing errors. @@ -92 +120 @@ The total count of all errors on the pipeline -**`RESOURCE_NOT_FOUND`** +**`PROCESSOR_ERRORS`** @@ -95 +123 @@ The total count of all errors on the pipeline -Specified resource doesn't exist +Processing operation failures. @@ -97 +125 @@ Specified resource doesn't exist -**`SOURCE_READ_FAILURE`** +**`ACCESS_DENIED` (logs pipelines)** @@ -100 +128 @@ Specified resource doesn't exist -Failures reading from source +Permission-related failures. @@ -102 +130 @@ Failures reading from source -**`PARSE_FAILURE`** +**`RESOURCE_NOT_FOUND` (logs pipelines)** @@ -105 +133 @@ Failures reading from source -Data parsing errors +Specified resource doesn't exist. @@ -107 +135 @@ Data parsing errors -**`PROCESSOR_ERRORS`** +**`SOURCE_READ_FAILURE` (logs pipelines)** @@ -110 +138 @@ Data parsing errors -Processing operation failures +Failures reading from source. @@ -112 +140 @@ Processing operation failures -**`PAYLOAD_SIZE_EXCEEDED`** +**`PAYLOAD_SIZE_EXCEEDED` (logs pipelines)** @@ -115 +143 @@ Processing operation failures -Data size limit exceeded +Data size limit exceeded. @@ -119 +147 @@ Data size limit exceeded -The following warning type can occur on a pipeline: +The following warning types can occur on a pipeline: @@ -125,0 +154,15 @@ Indicates that the volume of data being sent has exceeded existing rate limits, +**`DestructiveOnVended` (metrics pipelines)** + + +A destructive processor attempted to modify a vended metric (`instrumentation_scope.name` starting with `cloudwatch.aws/`). The pipeline skipped the operation and counted the affected datapoints in `PipelineDataPointsUnprocessed`. + +**`UnsupportedTemporality` (metrics pipelines)** + + +A destructive processor attempted to modify a metric with cumulative aggregation temporality. The pipeline skipped the operation and passed the metric through unchanged. Cumulative temporality means the metric reports values accumulated since a fixed start time (as defined by the [OpenTelemetry metrics data model](https://opentelemetry.io/docs/specs/otel/metrics/data-model/#temporality)). The pipeline counts the affected datapoints in `PipelineDataPointsUnprocessed`. Monitor this warning to identify metrics in your selection criteria that cannot be processed by destructive operations. + +**`UnknownOttlPath` (metrics pipelines)** + + +Processor configuration references an unrecognized OTTL path — attribute operation skipped. +