AWS Certified SysOps Administrator – Associate — Question 220

A SysOps administrator must analyze Amazon CloudWatch logs across 10 AWS Lambda functions for historical errors. The logs are in JSON format and are stored in Amazon S3. Errors sometimes do not appear in the same field, but all errors begin with the same string prefix.

What is the MOST operationally efficient way for the SysOps administrator to analyze the log files?

Answer options

• A. Use S3 Select to write a query to search for errors. Run the query across all log groups of interest.
• B. Create an AWS Glue processing job to index the logs of interest. Run a query in Amazon Athena to search for errors.
• C. Use Amazon CloudWatch Logs Insights to write a query to search for errors. Run the query across all log groups of interest.
• D. Use Amazon CloudWatch Contributor Insights to create a rule. Apply the rule across all log groups of interest.

Correct answer: B

Explanation

The correct approach is to create an AWS Glue processing job to index the logs and then use Amazon Athena for querying, which allows for efficient searching across structured data. While S3 Select and CloudWatch Logs Insights can be useful, they may not handle the indexing and querying as effectively as Athena in this scenario. Contributor Insights is not designed for detailed error analysis but rather for tracking resource usage patterns.