Anomaly

Specifies whether this anomaly is still ongoing.

Type: Boolean

Required: Yes

The ARN of the anomaly detector that identified this anomaly.

Type: String

Length Constraints: Minimum length of 1.

Pattern: [\w#+=/:,.@-]*

Required: Yes

The unique ID that CloudWatch Logs assigned to this anomaly.

Type: String

Length Constraints: Fixed length of 36.

Required: Yes

A human-readable description of the anomaly. This description is generated by CloudWatch Logs.

Type: String

Length Constraints: Minimum length of 1.

Required: Yes

The date and time when the anomaly detector first saw this anomaly. It is specified as epoch time, which is the number of seconds since January 1, 1970, 00:00:00 UTC.

Type: Long

Valid Range: Minimum value of 0.

Required: Yes

A map showing times when the anomaly detector ran, and the number of occurrences of this anomaly that were detected at each of those runs. The times are specified in epoch time, which is the number of seconds since January 1, 1970, 00:00:00 UTC.

Type: String to long map

Key Length Constraints: Minimum length of 1.

Required: Yes

The date and time when the anomaly detector most recently saw this anomaly. It is specified as epoch time, which is the number of seconds since January 1, 1970, 00:00:00 UTC.

Type: Long

Valid Range: Minimum value of 0.

Required: Yes

An array of ARNS of the log groups that contained log events considered to be part of this anomaly.

Type: Array of strings

Length Constraints: Minimum length of 1. Maximum length of 2048.

Pattern: [\w#+=/:,.@-]*

Required: Yes

An array of sample log event messages that are considered to be part of this anomaly.

Type: Array of LogEvent objects

Required: Yes

The ID of the pattern used to help identify this anomaly.

Type: String

Length Constraints: Fixed length of 32.

Required: Yes

The pattern used to help identify this anomaly, in string format.

Type: String

Length Constraints: Minimum length of 1.

Required: Yes

An array of structures where each structure contains information about one token that makes up the pattern.

Type: Array of PatternToken objects

Required: Yes

Indicates the current state of this anomaly. If it is still being treated as an anomaly, the value is Active. If you have suppressed this anomaly by using the UpdateAnomaly operation, the value is Suppressed. If this behavior is now considered to be normal, the value is Baseline.

Type: String

Valid Values: Active | Suppressed | Baseline

Required: Yes

If this anomaly is suppressed, this field is true if the suppression is because the pattern is suppressed. If false, then only this particular anomaly is suppressed.

Type: Boolean

Required: No

The pattern used to help identify this anomaly, in regular expression format.

Type: String

Length Constraints: Minimum length of 1.

Required: No

The priority level of this anomaly, as determined by CloudWatch Logs. Priority is computed based on log severity labels such as FATAL and ERROR and the amount of deviation from the baseline. Possible values are HIGH, MEDIUM, and LOW.

Type: String

Length Constraints: Minimum length of 1.

Required: No

Indicates whether this anomaly is currently suppressed. To suppress an anomaly, use UpdateAnomaly.

Type: Boolean

Required: No

If the anomaly is suppressed, this indicates when it was suppressed.

Type: Long

Valid Range: Minimum value of 0.

Required: No

If the anomaly is suppressed, this indicates when the suppression will end. If this value is 0, the anomaly was suppressed with no expiration, with the INFINITE value.

Type: Long

Valid Range: Minimum value of 0.

Required: No