AWS Certified DevOps Engineer – Professional (DOP-C02) — Question 198

A company's application runs on Amazon EC2 instances. The application writes to a log file that records the username, date, time, and source IP address of the login. The log is published to a log group in Amazon CloudWatch Logs.

The company is performing a root cause analysis for an event that occurred on the previous day. The company needs to know the number of logins for a specific user from the past 7 days.

Which solution will provide this information?

Answer options

• A. Create a CloudWatch Logs metric filter on the log group. Use a filter pattern that matches the username. Publish a CloudWatch metric that sums the number of logins over the past 7 days.
• B. Create a CloudWatch Logs subscription on the log group. Use a filter pattern that matches the username. Publish a CloudWatch metric that sums the number of logins over the past 7 days.
• C. Create a CloudWatch Logs Insights query that uses an aggregation function to count the number of logins for the username over the past 7 days. Run the query against the log group.
• D. Create a CloudWatch dashboard. Add a number widget that has a filter pattern that counts the number of logins for the username over the past 7 days directly from the log group.

Correct answer: C

Explanation

The correct answer, C, is effective because CloudWatch Logs Insights allows you to run queries on log data with aggregation functions, providing an accurate count of logins for a specific user over the past week. Options A and B focus on metric filters and subscriptions, which do not directly provide the count for a specific user in the required timeframe. Option D suggests a dashboard widget, but it does not utilize the querying capability necessary to count logins accurately.