CloudWatchLogs / Client / get_log_anomaly_detector



Retrieves information about the log anomaly detector that you specify.

See also: AWS API Documentation

Request Syntax

response = client.get_log_anomaly_detector(

anomalyDetectorArn (string) –


The ARN of the anomaly detector to retrieve information about. You can find the ARNs of log anomaly detectors in your account by using the ListLogAnomalyDetectors operation.

Return type:



Response Syntax

    'detectorName': 'string',
    'logGroupArnList': [
    'evaluationFrequency': 'ONE_MIN'|'FIVE_MIN'|'TEN_MIN'|'FIFTEEN_MIN'|'THIRTY_MIN'|'ONE_HOUR',
    'filterPattern': 'string',
    'kmsKeyId': 'string',
    'creationTimeStamp': 123,
    'lastModifiedTimeStamp': 123,
    'anomalyVisibilityTime': 123

Response Structure

  • (dict) –

    • detectorName (string) –

      The name of the log anomaly detector

    • logGroupArnList (list) –

      An array of structures, where each structure contains the ARN of a log group associated with this anomaly detector.

      • (string) –

    • evaluationFrequency (string) –

      Specifies how often the anomaly detector runs and look for anomalies. Set this value according to the frequency that the log group receives new logs. For example, if the log group receives new log events every 10 minutes, then setting evaluationFrequency to FIFTEEN_MIN might be appropriate.

    • filterPattern (string) –

      A symbolic description of how CloudWatch Logs should interpret the data in each log event. For example, a log event can contain timestamps, IP addresses, strings, and so on. You use the filter pattern to specify what to look for in the log event message.

    • anomalyDetectorStatus (string) –

      Specifies whether the anomaly detector is currently active. To change its status, use the enabled parameter in the UpdateLogAnomalyDetector operation.

    • kmsKeyId (string) –

      The ID of the KMS key assigned to this anomaly detector, if any.

    • creationTimeStamp (integer) –

      The date and time when this anomaly detector was created.

    • lastModifiedTimeStamp (integer) –

      The date and time when this anomaly detector was most recently modified.

    • anomalyVisibilityTime (integer) –

      The number of days used as the life cycle of anomalies. After this time, anomalies are automatically baselined and the anomaly detector model will treat new occurrences of similar event as normal.