AWS Certified Data Engineer Associate DEA-C01 Practice Question
An Apache Spark application running on Amazon EMR produces execution logs in the CloudWatch Logs group /emr/spark. The on-call engineer must receive an Amazon SNS notification whenever more than 100 lines that contain the text "ERROR" are written during any 5-minute interval. The solution must suppress alarms while the cluster is idle and should require the least ongoing maintenance. Which approach meets these requirements?
Stream the log group to Amazon Kinesis Data Streams with a subscription filter; use a Lambda function to parse each record, increment a custom CloudWatch metric, and create an alarm on that metric with a 5-minute period and an SNS action.
Create a CloudWatch Logs metric filter on /emr/spark that matches the pattern "ERROR" and assigns a value of 1 for each match. Then create a CloudWatch alarm on the filter's custom metric using a 5-minute period, the Sum statistic, a threshold of 100, TreatMissingData set to NotBreaching, and an SNS notification action.
Schedule a CloudWatch Logs Insights query every 5 minutes with EventBridge, have the query count ERROR occurrences, and invoke an AWS Lambda function that publishes an SNS message when the count exceeds 100.
Enable CloudWatch anomaly detection on the IncomingBytes metric for the log group and configure an alarm that triggers an SNS notification when the metric's value exceeds the anomaly threshold for two consecutive 5-minute periods.
A CloudWatch Logs metric filter can evaluate every incoming log event for a text pattern and emit a custom metric. Setting the metric value to 1 for each matching event and applying the Sum statistic over a 5-minute period yields the total number of ERROR lines in that window. A CloudWatch alarm on this metric with a threshold of 100, period of 300 seconds, and TreatMissingData set to NotBreaching triggers an SNS action only when the threshold is breached and remains quiet when no data is produced (for example, when the cluster is stopped).
The other options are either more complex to operate or do not natively satisfy the alerting requirement:
A scheduled Logs Insights query plus Lambda introduces extra components and code to maintain.
Streaming logs to Kinesis Data Streams and publishing a custom metric with Lambda adds cost and operational overhead compared with the built-in metric filter.
Anomaly detection on the log group's ingestion bytes measures data volume, not the count of ERROR lines, so it cannot guarantee an alert when exactly 100 error messages appear.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of a CloudWatch Logs metric filter?
Open an interactive chat with Bash
Why is TreatMissingData set to 'NotBreaching' in the CloudWatch alarm?
Open an interactive chat with Bash
How does the 'Sum' statistic work in CloudWatch alarms?
Open an interactive chat with Bash
AWS Certified Data Engineer Associate DEA-C01
Data Operations and Support
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .