No longer able to create alert on Cloudwatch Raw Log Output in Grafana 8?

jos · June 9, 2022, 8:05am

I’ve been testing a conversion of legacy alerts to Unified Alerting, but I’m getting an error when trying to continue using a cloudwatch error. The error looks like this:

Failed to evaluate queries and expressions: failed to execute conditions: input data must be a wide series but got type not (input refid)

Looking up this error message lead me to this Github post, in which a dev said:

in your example, your first query is making use of the stats command (therefore returns numeric data) while the second (i’m assuming) is returning raw log entries, on which Grafana cannot do alerting.

In legacy alerts, I was able to create an alert on these raw cloudwatch log queries by simply counting the number of responses. Is something like this no longer possible under unified alerts?

My query looks like this:

fields @timestamp, @log, 1, msg, @message, error

| filter @message like 'example specific error here'

| sort @timestamp desc
| limit 200

jos · June 10, 2022, 2:18am

I’ve made a comment on the github issue page referring to this thread - ideally someone with cloudwatch experience in alerting will be able to chime in.

jos · August 18, 2022, 1:24am

Made a github suggestion: Support non-numeric alert data in Unified Alerting · Discussion #53366 · grafana/grafana · GitHub

This is the main thing holding me back from upgrading to the newest version of Grafana.