# CloudWatch Logs AWS IoT log entries
Each component of AWS IoT generates its own log entries. Each log entry has an `eventType` that specifies the operation that caused the log entry to be generated. This section describes the log entries generated by the following AWS IoT components.
**Topics**
+ [
## Message broker log entries
](#message-broker-logs)
+ [
## Server certificate OCSP log entries
](#server-ocsp-logs)
+ [
## Device Shadow log entries
](#device-shadow-logs)
+ [
## Rules engine log entries
](#rule-engine-logs)
+ [
## Job log entries
](#job-logs)
+ [
## Device provisioning log entries
](#provision-logs)
+ [
## Dynamic thing group log entries
](#dynamic-group-logs)
+ [
## Fleet indexing log entries
](#fleet-indexing-logs)
+ [
## Common CloudWatch Logs attributes
](#cwl-common-attributes)
## Message broker log entries
The AWS IoT message broker generates log entries for the following events:
**Topics**
+ [
### Connect log entry
](#log-mb-connect)
+ [
### Disconnect log entry
](#log-mb-disconnect)
+ [
### DeleteConnection log entry
](#log-mb-delete-connection)
+ [
### GetRetainedMessage log entry
](#log-mb-get-retain)
+ [
### ListRetainedMessage log entry
](#log-mb-list-retain)
+ [
### Publish-In log entry
](#log-mb-publish-in)
+ [
### Publish-Out log entry
](#log-mb-publish-out)
+ [
### Queued log entry
](#log-mb-queued)
+ [
### Subscribe log entry
](#log-mb-subscribe)
+ [
### Unsubscribe log entry
](#log-mb-unsubscribe)
### Connect log entry
The AWS IoT message broker generates a log entry with an `eventType` of `Connect` when an MQTT client connects.
#### Connect log entry example
```
{
"timestamp": "2017-08-10 15:37:23.476",
"logLevel": "INFO",
"traceId": "20b23f3f-d7f1-feae-169f-82263394fbdb",
"accountId": "123456789012",
"status": "Success",
"eventType": "Connect",
"protocol": "MQTT",
"clientId": "abf27092886e49a8a5c1922749736453",
"principalId": "145179c40e2219e18a909d896a5340b74cf97a39641beec2fc3eeafc5a932167",
"sourceIp": "205.251.233.181",
"sourcePort": 13490
}
```
In addition to the [Common CloudWatch Logs attributes](#cwl-common-attributes) ,`Connect` log entries contain the following attributes:
clientId
The ID of the client making the request.
principalId
The ID of the principal making the request.
protocol
The protocol used to make the request. Valid values are `MQTT` or `HTTP`.
sourceIp
The IP address where the request originated.
sourcePort
The port where the request originated.
### Disconnect log entry
The AWS IoT message broker generates a log entry with an `eventType` of `Disconnect` when an MQTT client disconnects.
#### Disconnect log entry example
```
{
"timestamp": "2017-08-10 15:37:23.476",
"logLevel": "INFO",
"traceId": "20b23f3f-d7f1-feae-169f-82263394fbdb",
"accountId": "123456789012",
"status": "Success",
"eventType": "Disconnect",
"protocol": "MQTT",
"clientId": "abf27092886e49a8a5c1922749736453",
"principalId": "145179c40e2219e18a909d896a5340b74cf97a39641beec2fc3eeafc5a932167",
"sourceIp": "205.251.233.181",
"sourcePort": 13490,
"reason": "DUPLICATE_CLIENT_ID",
"details": "A new connection was established with the same client ID",
"disconnectReason": "CLIENT_INITIATED_DISCONNECT"
}
```
In addition to the [Common CloudWatch Logs attributes](#cwl-common-attributes) ,`Disconnect` log entries contain the following attributes:
clientId
The ID of the client making the request.
principalId
The ID of the principal making the request.
protocol
The protocol used to make the request. Valid values are `MQTT` or `HTTP`.
sourceIp
The IP address where the request originated.
sourcePort
The port where the request originated.
reason
The reason why the client is disconnecting.
details
A brief explanation of the error.
disconnectReason
The reason why the client is disconnecting.
### DeleteConnection log entry
The AWS IoT message broker generates a log entry with an `eventType` of `DeleteConnection` when an MQTT client connection is deleted.
#### DeleteConnection log entry example
```
{
"timestamp": "2025-08-09 15:37:23.476",
"logLevel": "INFO",
"traceId": "20b23f3f-d7f1-feae-169f-82263394fbdb",
"accountId": "123456789012",
"status": "Success",
"eventType": "DeleteConnection",
"protocol": "HTTP",
"clientId": "abf27092886e49a8a5c1922749736453",
"principalId": "145179c40e2219e18a909d896a5340b74cf97a39641beec2fc3eeafc5a932167",
"sourceIp": "205.251.233.181",
"sourcePort": 13490
}
```
In addition to the [Common CloudWatch Logs attributes](#cwl-common-attributes) ,`DeleteConnection` log entries contain the following attributes:
clientId
The ID of the client that will be disconnected.
principalId
The ID of the principal making the request. For information about how to identify the principal using the principal ID, see [Compare IAM identities and credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction_identity-management.html) in the *IAM User Guide*.
protocol
The protocol used to make the request. The valid value is `HTTP`.
sourceIp
The IP address where the request originated.
sourcePort
The port where the request originated.
### GetRetainedMessage log entry
The AWS IoT message broker generates a log entry with an `eventType` of `GetRetainedMessage` when [https://docs.aws.amazon.com//iot/latest/developerguide/API_iotdata_GetRetainedMessage.html](https://docs.aws.amazon.com//iot/latest/developerguide/API_iotdata_GetRetainedMessage.html) is called.
#### GetRetainedMessage log entry example
```
{
"timestamp": "2017-08-07 18:47:56.664",
"logLevel": "INFO",
"traceId": "1a60d02e-15b9-605b-7096-a9f584a6ad3f",
"accountId": "123456789012",
"status": "Success",
"eventType": "GetRetainedMessage",
"protocol": "HTTP",
"topicName": "a/b/c",
"qos": "1",
"lastModifiedDate": "2017-08-07 18:47:56.664"
}
```
In addition to the [Common CloudWatch Logs attributes](#cwl-common-attributes) ,`GetRetainedMessage` log entries contain the following attributes:
lastModifiedDate
The Epoch date and time, in milliseconds, when the retained message was stored by AWS IoT.
protocol
The protocol used to make the request. Valid value: `HTTP`.
qos
The Quality of Service (QoS) level used in the publish request. Valid values are `0` or `1`.
topicName
The name of the subscribed topic.
### ListRetainedMessage log entry
The AWS IoT message broker generates a log entry with an `eventType` of `ListRetainedMessage` when [/iot/latest/developerguide/API_iotdata_ListRetainedMessages.html](/iot/latest/developerguide/API_iotdata_ListRetainedMessages.html) is called.
#### ListRetainedMessage log entry example
```
{
"timestamp": "2017-08-07 18:47:56.664",
"logLevel": "INFO",
"traceId": "1a60d02e-15b9-605b-7096-a9f584a6ad3f",
"accountId": "123456789012",
"status": "Success",
"eventType": "ListRetainedMessage",
"protocol": "HTTP"
}
```
In addition to the [Common CloudWatch Logs attributes](#cwl-common-attributes) ,`ListRetainedMessage` log entries contains the following attribute:
protocol
The protocol used to make the request. Valid value: `HTTP`.
### Publish-In log entry
When the AWS IoT message broker receives an MQTT message, it generates a log entry with an `eventType` of `Publish-In`.
#### Publish-In log entry example
```
{
"timestamp": "2017-08-10 15:39:30.961",
"logLevel": "INFO",
"traceId": "672ec480-31ce-fd8b-b5fb-22e3ac420699",
"accountId": "123456789012",
"status": "Success",
"eventType": "Publish-In",
"protocol": "MQTT",
"topicName": "$aws/things/MyThing/shadow/get",
"clientId": "abf27092886e49a8a5c1922749736453",
"principalId": "145179c40e2219e18a909d896a5340b74cf97a39641beec2fc3eeafc5a932167",
"sourceIp": "205.251.233.181",
"sourcePort": 13490,
"retain": "True"
}
```
In addition to the [Common CloudWatch Logs attributes](#cwl-common-attributes) ,`Publish-In` log entries contain the following attributes:
clientId
The ID of the client making the request.
principalId
The ID of the principal making the request.
protocol
The protocol used to make the request. Valid values are `MQTT` or `HTTP`.
retain
The attribute used when a message has the RETAIN flag set with a value of `True`. If the message doesn't have the RETAIN flag set, this attribute doesn't appear in the log entry. For more information, see [MQTT retained messages](mqtt.md#mqtt-retain) .
sourceIp
The IP address where the request originated.
sourcePort
The port where the request originated.
topicName
The name of the subscribed topic.
### Publish-Out log entry
When the message broker publishes an MQTT message, it generates a log entry with an `eventType` of `Publish-Out`
#### Publish-Out log entry example
```
{
"timestamp": "2017-08-10 15:39:30.961",
"logLevel": "INFO",
"traceId": "672ec480-31ce-fd8b-b5fb-22e3ac420699",
"accountId": "123456789012",
"status": "Success",
"eventType": "Publish-Out",
"protocol": "MQTT",
"topicName": "$aws/things/MyThing/shadow/get",
"clientId": "abf27092886e49a8a5c1922749736453",
"principalId": "145179c40e2219e18a909d896a5340b74cf97a39641beec2fc3eeafc5a932167",
"sourceIp": "205.251.233.181",
"sourcePort": 13490
}
```
In addition to the [Common CloudWatch Logs attributes](#cwl-common-attributes) ,`Publish-Out` log entries contain the following attributes:
clientId
The ID of the subscribed client that receives messages on that MQTT topic.
principalId
The ID of the principal making the request.
protocol
The protocol used to make the request. Valid values are `MQTT` or `HTTP`.
sourceIp
The IP address where the request originated.
sourcePort
The port where the request originated.
topicName
The name of the subscribed topic.
### Queued log entry
When a device with a persistent session is disconnected, the MQTT message broker stores the device's messages and AWS IoT generates log entries with an eventType of `Queued`. For more information about MQTT persistent sessions, see [MQTT persistent sessions](mqtt.md#mqtt-persistent-sessions) .
#### Queued server error log entry example
```
{
"timestamp": "2022-08-10 15:39:30.961",
"logLevel": "ERROR",
"traceId": "672ec480-31ce-fd8b-b5fb-22e3ac420699",
"accountId": "123456789012",
"topicName": "$aws/things/MyThing/get",
"clientId": "123123123",
"qos": "1",
"protocol": "MQTT",
"eventType": "Queued",
"status": "Failure",
"details": "Server Error"
}
```
In addition to the [Common CloudWatch Logs attributes](#cwl-common-attributes) ,`Queued` server error log entries contain the following attributes:
clientId
The ID of the client to which the message is queued.
details
**`Server Error`**
A server error prevented the message from being stored.
protocol
The protocol used to make the request. The value will always be `MQTT`.
qos
The Quality of Service (QoS) level of the request. The value will always be 1 because the messages with QoS of 0 aren't stored.
topicName
The name of the subscribed topic.
#### Queued success log entry example
```
{
"timestamp": "2022-08-10 15:39:30.961",
"logLevel": "INFO",
"traceId": "672ec480-31ce-fd8b-b5fb-22e3ac420699",
"accountId": "123456789012",
"topicName": "$aws/things/MyThing/get",
"clientId": "123123123",
"qos": "1",
"protocol": "MQTT",
"eventType": "Queued",
"status": "Success"
}
```
In addition to the [Common CloudWatch Logs attributes](#cwl-common-attributes) ,`Queued` success log entries contain the following attributes:
clientId
The ID of the client to which the message is queued.
protocol
The protocol used to make the request. The value will always be `MQTT`.
qos
The Quality of Service (QoS) level of the request. The value will always be 1 because the messages with QoS of 0 aren't stored.
topicName
The name of the subscribed topic.
#### Queued throttled log entry example
```
{
"timestamp": "2022-08-10 15:39:30.961",
"logLevel": "ERROR",
"traceId": "672ec480-31ce-fd8b-b5fb-22e3ac420699",
"accountId": "123456789012",
"topicName": "$aws/things/MyThing/get",
"clientId": "123123123",
"qos": "1",
"protocol": "MQTT",
"eventType": "Queued",
"status": "Failure",
"details": "Throttled while queueing offline message"
}
```
In addition to the [Common CloudWatch Logs attributes](#cwl-common-attributes) ,`Queued` throttled log entries contain the following attributes:
clientId
The ID of the client to which the message is queued.
details
**`Throttled while queueing offline message`**
The client exceeded the ` [Queued messages per second per account](https://docs.aws.amazon.com//general/latest/gr/iot-core.html#genref_queued_messages_per_second_per_account) ` limit, so the message wasn't stored.
protocol
The protocol used to make the request. The value will always be `MQTT`.
qos
The Quality of Service (QoS) level of the request. The value will always be 1 because the messages with QoS of 0 aren't stored.
topicName
The name of the subscribed topic.
### Subscribe log entry
The AWS IoT message broker generates a log entry with an `eventType` of `Subscribe` when an MQTT client subscribes to a topic.
#### MQTT 3 Subscribe log entry example
```
{
"timestamp": "2017-08-10 15:39:04.413",
"logLevel": "INFO",
"traceId": "7aa5c38d-1b49-3753-15dc-513ce4ab9fa6",
"accountId": "123456789012",
"status": "Success",
"eventType": "Subscribe",
"protocol": "MQTT",
"topicName": "$aws/things/MyThing/shadow/#",
"clientId": "abf27092886e49a8a5c1922749736453",
"principalId": "145179c40e2219e18a909d896a5340b74cf97a39641beec2fc3eeafc5a932167",
"sourceIp": "205.251.233.181",
"sourcePort": 13490
}
```
In addition to the [Common CloudWatch Logs attributes](#cwl-common-attributes) ,`Subscribe` log entries contain the following attributes:
clientId
The ID of the client making the request.
principalId
The ID of the principal making the request.
protocol
The protocol used to make the request. The value will always be `MQTT`.
sourceIp
The IP address where the request originated.
sourcePort
The port where the request originated.
topicName
The name of the subscribed topic.
#### MQTT 5 Subscribe log entry example
```
{
"timestamp": "2022-11-30 16:24:15.628",
"logLevel": "INFO",
"traceId": "7aa5c38d-1b49-3753-15dc-513ce4ab9fa6",
"accountId": "123456789012",
"status": "Success",
"eventType": "Subscribe",
"protocol": "MQTT",
"topicName": "test/topic1,$invalid/reserved/topic",
"subscriptions": [
{
"topicName": "test/topic1",
"reasonCode": 1
},
{
"topicName": "$invalid/reserved/topic",
"reasonCode": 143
}
],
"clientId": "abf27092886e49a8a5c1922749736453",
"principalId": "145179c40e2219e18a909d896a5340b74cf97a39641beec2fc3eeafc5a932167",
"sourceIp": "205.251.233.181",
"sourcePort": 13490
}
```
For MQTT 5 Subscribe operations, in addition to the [Common CloudWatch Logs attributes](#cwl-common-attributes) and the [MQTT 3 Subscribe log entry attributes](#log-mb-connect.example.subscribe), MQTT 5 `Subscribe` log entries contain the following attribute:
subscriptions
A list of mappings between the requested topics in the Subscribe request and the individual MQTT 5 reason code. For more information, see [MQTT reason codes](https://docs.aws.amazon.com//iot/latest/developerguide/mqtt.html#mqtt5-reason-codes).
### Unsubscribe log entry
The AWS IoT message broker generates a log entry with an `eventType` of `Unsubscribe` when an MQTT client unsubscribes to an MQTT topic.
#### MQTT unsubscribe log entry example
```
{
"timestamp": "2024-08-20 22:53:32.844",
"logLevel": "INFO",
"traceId": "db6bd09a-2c3f-1cd2-27cc-fd6b1ce03b58",
"accountId": "123456789012",
"status": "Success",
"eventType": "Unsubscribe",
"protocol": "MQTT",
"clientId": "abf27092886e49a8a5c1922749736453",
"principalId": "145179c40e2219e18a909d896a5340b74cf97a39641beec2fc3eeafc5a932167",
"sourceIp": "205.251.233.181",
"sourcePort": 13490
}
```
In addition to the [Common CloudWatch Logs attributes](#cwl-common-attributes) ,`Unsubscribe` log entries contain the following attributes:
protocol
The protocol used to make the request. The value will always be `MQTT`.
clientId
The ID of the client making the request.
principalId
The ID of the principal making the request.
sourceIp
The IP address where the request originated.
sourcePort
The port where the request originated.
## Server certificate OCSP log entries
AWS IoT Core generates log entries for the following event:
**Topics**
+ [
### RetrieveOCSPStapleData log entry
](#log-retrieve-ocsp-staple)
+ [
### RetrieveOCSPStapleData log entry for private endpoints
](#log-retrieve-ocsp-staple-private-endpoint)
### RetrieveOCSPStapleData log entry
AWS IoT Core generates a log entry with an `eventType` of `RetrieveOCSPStapleData` when the server retrieves the OCSP staple data.
#### RetrieveOCSPStapleData log entry examples
The following is a log entry example of `Success`.
```
{
"timestamp": "2024-01-30 15:39:30.961",
"logLevel": "INFO",
"traceId": "180532b7-0cc7-057b-687a-5ca1824838f5",
"accountId": "123456789012",
"status": "Success",
"eventType": "RetrieveOCSPStapleData",
"domainConfigName": "test-domain-config-name",
"connectionDetails": {
"httpStatusCode": "200",
"ocspResponderUri": "http://ocsp.example.com",
"sourceIp": "205.251.233.181",
"targetIp": "250.15.5.3"
},
"ocspRequestDetails": {
"requesterName": "iot.amazonaws.com",
"requestCertId": "30:3A:30:09:06:05:2B:0E:03:02:1A:05:00:04:14:9C:FF:90:A1:97:B0:4D:6C:01:B9:69:96:D8:3E:E7:A2:51:7F:30:C4:04:14:7C:84:78:AE:12:58:71:38:0C:65:FC:17:77:7D:14:DD:69:73:71:46:02:01:01"
},
"ocspResponseDetails": {
"responseCertId": "30:3A:30:09:06:05:2B:0E:03:02:1A:05:00:04:14:9C:FF:90:A1:97:B0:4D:6C:01:B9:69:96:D8:3E:E7:A2:51:7F:30:C4:04:14:7C:84:78:AE:12:58:71:38:0C:65:FC:17:77:7D:14:DD:69:73:71:46:02:01:01",
"ocspResponseStatus": "successful",
"certStatus": "good",
"signature": "4C:6F:63:61:6C:20:52:65:73:70:6F:6E:64:65:72:20:53:69:67:6E:61:74:75:72:65",
"thisUpdateTime": "Jan 31 01:21:02 2024 UTC",
"nextUpdateTime": "Feb 02 00:21:02 2024 UTC",
"producedAtTime": "Jan 31 01:37:03 2024 UTC",
"stapledDataPayloadSize": "XXX"
}
}
```
The following is a log entry example of `Failure`.
```
{
"timestamp": "2024-01-30 15:39:30.961",
"logLevel": "ERROR",
"traceId": "180532b7-0cc7-057b-687a-5ca1824838f5",
"accountId": "123456789012",
"status": "Failure",
"reason": "A non 2xx HTTP response was received from the OCSP responder.",
"eventType": "RetrieveOCSPStapleData",
"domainConfigName": "test-domain-config-name",
"connectionDetails": {
"httpStatusCode": "444",
"ocspResponderUri": "http://ocsp.example.com",
"sourceIp": "205.251.233.181",
"targetIp": "250.15.5.3"
},
"ocspRequestDetails": {
"requesterName": "iot.amazonaws.com",
"requestCertId": "30:3A:30:09:06:05:2B:0E:03:02:1A:05:00:04:14:9C:FF:90:A1:97:B0:4D:6C:01:B9:69:96:D8:3E:E7:A2:51:7F:30:C4:04:14:7C:84:78:AE:12:58:71:38:0C:65:FC:17:77:7D:14:DD:69:73:71:46:02:01:01"
}
}
```
For the `RetrieveOCSPStaple` operation, in addition to the [Common CloudWatch Logs attributes](#cwl-common-attributes) , the log entries contain the following attributes:
reason
The reason why the operation fails.
domainConfigName
The name of your domain configuration.
connectionDetails
A brief explanation of the connection details.
+ httpStatusCode
HTTP status codes that are returned by the OCSP responder in response to the client's request made to the server.
+ ocspResponderUri
The OCSP responder URI that AWS IoT Core fetches from the server certificate.
+ sourceIp
The source IP address of the AWS IoT Core server.
+ targetIp
The target IP address of the OCSP responder.
ocspRequestDetails
Details of the OCSP request.
+ requesterName
The identifier for the AWS IoT Core server that sends a request to the OCSP responder.
+ requestCertId
The certificate ID of the request. This is the ID of the certificate for which the OCSP response is being requested.
ocspResponseDetails
Details of the OCSP response.
+ responseCertId
The certificate ID of the OCSP response.
+ ocspResponseStatus
The status of the OCSP response.
+ certStatus
The status of the certificate.
+ signature
The signature that's applied to the response by a trusted entity.
+ thisUpdateTime
The time at which the status being indicated is known to be correct.
+ nextUpdateTime
The time at or before which newer information will be available about the status of the certificate.
+ producedAtTime
The time at which the OCSP responder signed this response.
+ stapledDataPayloadSize
The payload size of the stapled data.
### RetrieveOCSPStapleData log entry for private endpoints
AWS IoT Core generates a log entry with an `eventType` of `RetrieveOCSPStapleData` when the server retrieves the OCSP staple data.
#### RetrieveOCSPStapleData log entry examples for private endpoints
The following is a log entry example of `Success`.
```
{
"timestamp": "2024-01-30 15:39:30.961",
"logLevel": "INFO",
"traceId": "180532b7-0cc7-057b-687a-5ca1824838f5",
"accountId": "123456789012",
"status": "Success",
"eventType": "RetrieveOCSPStapleData",
"domainConfigName": "test-domain-config-name",
"lambdaDetails": {
"lambdaArn": "arn:aws:lambda:us-west-2:123456789012:function:my-function",
"sourceArn": "arn:aws:iot:us-west-2:123456789012:domainconfiguration/testDomainConfigure/6bzfg"
},
"authorizedResponderArn": "arn:aws:acm:us-west-2:123456789012:certificate/certificate_ID",
"ocspRequestDetails": {
"requesterName": "iot.amazonaws.com",
"requestCertId": "30:3A:30:09:06:05:2B:0E:03:02:1A:05:00:04:14:9C:FF:90:A1:97:B0:4D:6C:01:B9:69:96:D8:3E:E7:A2:51:7F:30:C4:04:14:7C:84:78:AE:12:58:71:38:0C:65:FC:17:77:7D:14:DD:69:73:71:46:02:01:01"
},
"ocspResponseDetails": {
"responderId": "04:C1:3F:8F:27:D6:49:13:F8:DE:B2:36:9D:85:8E:F8:31:3B:A6:D0"
"responseCertId": "30:3A:30:09:06:05:2B:0E:03:02:1A:05:00:04:14:9C:FF:90:A1:97:B0:4D:6C:01:B9:69:96:D8:3E:E7:A2:51:7F:30:C4:04:14:7C:84:78:AE:12:58:71:38:0C:65:FC:17:77:7D:14:DD:69:73:71:46:02:01:01",
"ocspResponseStatus": "successful",
"certStatus": "good",
"signature": "4C:6F:63:61:6C:20:52:65:73:70:6F:6E:64:65:72:20:53:69:67:6E:61:74:75:72:65",
"thisUpdateTime": "Jan 31 01:21:02 2024 UTC",
"nextUpdateTime": "Feb 02 00:21:02 2024 UTC",
"producedAtTime": "Jan 31 01:37:03 2024 UTC",
"stapledDataPayloadSize": "XXX"
}
}
```
The following is a log entry example of `Failure`.
```
{
"timestamp": "2024-01-30 15:39:30.961",
"logLevel": "ERROR",
"traceId": "180532b7-0cc7-057b-687a-5ca1824838f5",
"accountId": "123456789012",
"status": "Failure",
"reason": "The payload returned by the Lambda function exceeds the maximum response size of 7 kilobytes.",
"eventType": "RetrieveOCSPStapleData",
"domainConfigName": "test-domain-config-name",
"lambdaDetails": {
"lambdaArn": "arn:aws:lambda:us-west-2:123456789012:function:my-function",
"sourceArn": "arn:aws:iot:us-west-2:123456789012:domainconfiguration/testDomainConfigure/6bzfg"
},
"authorizedResponderArn": "arn:aws:acm:us-west-2:123456789012:certificate/certificate_ID",
"ocspRequestDetails": {
"requesterName": "iot.amazonaws.com",
"requestCertId": "30:3A:30:09:06:05:2B:0E:03:02:1A:05:00:04:14:9C:FF:90:A1:97:B0:4D:6C:01:B9:69:96:D8:3E:E7:A2:51:7F:30:C4:04:14:7C:84:78:AE:12:58:71:38:0C:65:FC:17:77:7D:14:DD:69:73:71:46:02:01:01"
}
}
```
For the `RetrieveOCSPStaple` operation, in addition to the [Common CloudWatch Logs attributes](#cwl-common-attributes) and the attributes in [RetrieveOCSPStapleData log entry](https://docs.aws.amazon.com//iot/latest/developerguide/cwl-format.html#log-retrieve-ocsp-staple), the log entries for private endpoints contain the following attributes:
lambdaDetails
Details of the Lambda function.
+ lambdaArn
The ARN of the Lambda function.
+ sourceArn
The ARN of the domain configuration.
authorizedResponderArn
The ARN of the authorizer responder if there is one configured in the domain configuration.
## Device Shadow log entries
The AWS IoT Device Shadow service generates log entries for the following events:
**Topics**
+ [
### DeleteThingShadow log entry
](#log-shadow-delete-thing-shadow)
+ [
### GetThingShadow log entry
](#log-shadow-get-thing-shadow)
+ [
### UpdateThingShadow log entry
](#log-shadow-update-thing-shadow)
### DeleteThingShadow log entry
The Device Shadow service generates a log entry with an `eventType` of `DeleteThingShadow` when a request to delete a device's shadow is received.
#### DeleteThingShadow log entry example
```
{
"timestamp": "2017-08-07 18:47:56.664",
"logLevel": "INFO",
"traceId": "1a60d02e-15b9-605b-7096-a9f584a6ad3f",
"accountId": "123456789012",
"status": "Success",
"eventType": "DeleteThingShadow",
"protocol": "MQTT",
"deviceShadowName": "Jack",
"topicName": "$aws/things/Jack/shadow/delete"
}
```
In addition to the [Common CloudWatch Logs attributes](#cwl-common-attributes) ,`DeleteThingShadow` log entries contain the following attributes:
deviceShadowName
The name of the shadow to update.
protocol
The protocol used to make the request. Valid values are `MQTT` or `HTTP`.
topicName
The name of the topic on which the request was published.
### GetThingShadow log entry
The Device Shadow service generates a log entry with an `eventType` of `GetThingShadow` when a get request for a shadow is received.
#### GetThingShadow log entry example
```
{
"timestamp": "2017-08-09 17:56:30.941",
"logLevel": "INFO",
"traceId": "b575f19a-97a2-cf72-0ed0-c64a783a2504",
"accountId": "123456789012",
"status": "Success",
"eventType": "GetThingShadow",
"protocol": "MQTT",
"deviceShadowName": "MyThing",
"topicName": "$aws/things/MyThing/shadow/get"
}
```
In addition to the [Common CloudWatch Logs attributes](#cwl-common-attributes) ,`GetThingShadow` log entries contain the following attributes:
deviceShadowName
The name of the requested shadow.
protocol
The protocol used to make the request. Valid values are `MQTT` or `HTTP`.
topicName
The name of the topic on which the request was published.
### UpdateThingShadow log entry
The Device Shadow service generates a log entry with an `eventType` of `UpdateThingShadow` when a request to update a device's shadow is received.
#### UpdateThingShadow log entry example
```
{
"timestamp": "2017-08-07 18:43:59.436",
"logLevel": "INFO",
"traceId": "d0074ba8-0c4b-a400-69df-76326d414c28",
"accountId": "123456789012",
"status": "Success",
"eventType": "UpdateThingShadow",
"protocol": "MQTT",
"deviceShadowName": "Jack",
"topicName": "$aws/things/Jack/shadow/update"
}
```
In addition to the [Common CloudWatch Logs attributes](#cwl-common-attributes) ,`UpdateThingShadow` log entries contain the following attributes:
deviceShadowName
The name of the shadow to update.
protocol
The protocol used to make the request. Valid values are `MQTT` or `HTTP`.
topicName
The name of the topic on which the request was published.
## Rules engine log entries
The AWS IoT rules engine generates logs for the following events:
**Topics**
+ [
### FunctionExecution log entry
](#log-rules-fn-exec)
+ [
### RuleExecution log entry
](#log-rules-rule-ex)
+ [
### RuleMatch log entry
](#log-rules-rule-match)
+ [
### RuleExecutionThrottled log entry
](#log-rules-rule-msg-throttled)
+ [
### RuleNotFound log entry
](#log-rules-rule-not-found)
+ [
### StartingRuleExecution log entry
](#log-rules-start-rule-ex)
### FunctionExecution log entry
The rules engine generates a log entry with an `eventType` of `FunctionExecution` when a rule's SQL query calls an external function. An external function is called when a rule's action makes an HTTP request to AWS IoT or another web service (for example, calling `get_thing_shadow` or `machinelearning_predict`).
#### FunctionExecution log entry example
```
{
"timestamp": "2017-07-13 18:33:51.903",
"logLevel": "DEBUG",
"traceId": "180532b7-0cc7-057b-687a-5ca1824838f5",
"status": "Success",
"eventType": "FunctionExecution",
"clientId": "N/A",
"topicName":"rules/test",
"ruleName": "ruleTestPredict",
"ruleAction": "MachinelearningPredict",
"resources": {
"ModelId": "predict-model"
},
"principalId": "145179c40e2219e18a909d896a5340b74cf97a39641beec2fc3eeafc5a932167"
}
```
In addition to the [Common CloudWatch Logs attributes](#cwl-common-attributes) ,`FunctionExecution` log entries contain the following attributes:
clientId
`N/A` for `FunctionExecution` logs.
principalId
The ID of the principal making the request.
resources
A collection of resources used by the rule's actions.
ruleName
The name of the matching rule.
topicName
The name of the subscribed topic.
### RuleExecution log entry
When the AWS IoT rules engine triggers a rule's action, it generates a `RuleExecution` log entry.
#### RuleExecution log entry example
```
{
"timestamp": "2017-08-10 16:32:46.070",
"logLevel": "INFO",
"traceId": "30aa7ccc-1d23-0b97-aa7b-76196d83537e",
"accountId": "123456789012",
"status": "Success",
"eventType": "RuleExecution",
"clientId": "abf27092886e49a8a5c1922749736453",
"topicName": "rules/test",
"ruleName": "JSONLogsRule",
"ruleAction": "RepublishAction",
"resources": {
"RepublishTopic": "rules/republish"
},
"principalId": "145179c40e2219e18a909d896a5340b74cf97a39641beec2fc3eeafc5a932167"
}
```
#### RuleExecution with batching log entry example
```
{
"logLevel": "INFO",
"accountId": "123456789012",
"status": "Success",
"eventType": "RuleExecution",
"ruleName": "rule_test",
"ruleAction": "HttpAction",
"resources": {
"Url": "https://example.com",
"ConfirmationUrl": "https://example.com"
},
"details": "HttpAction made a request to the specified endpoint",
"batchDetails": {
"timestamps": [
"1234567890123",
"1234567890123",
"1234567890123"
],
"traceIds": [
"30aa7ccc-1d23-0b97-aa7b-76196d83537e",
"30aa7ccc-1d23-0b97-aa7b-76196d83537c",
"30aa7ccc-1d23-0b97-aa7b-76196d83537d"
],
"clientIds": [
"N/A",
"N/A",
"N/A"
],
"topicNames": [
"topic/ruletest",
"topic/ruletest",
"topic/ruletest"
],
"principalIds": [
"145179c40e2219e18a909d896a5340b74cf97a39641beec2fc3eeafc5a932167",
"145179c40e2219e18a909d896a5340b74cf97a39641beec2fc3eeafc5a932167",
"145179c40e2219e18a909d896a5340b74cf97a39641beec2fc3eeafc5a932167"
],
"batchSize": 3,
"batchSizeInBytes": 114
}
}
```
In addition to the [Common CloudWatch Logs attributes](#cwl-common-attributes), `RuleExecution` log entries contain the following attributes:
clientId
The ID of the client making the request.
principalId
The ID of the principal making the request.
resources
A collection of resources used by the rule's actions.
ruleAction
The name of the action triggered.
ruleName
The name of the matching rule.
topicName
The name of the subscribed topic.
### RuleMatch log entry
The AWS IoT rules engine generates a log entry with an `eventType` of `RuleMatch` when the message broker receives a message that matches a rule.
#### RuleMatch log entry example
```
{
"timestamp": "2017-08-10 16:32:46.002",
"logLevel": "INFO",
"traceId": "30aa7ccc-1d23-0b97-aa7b-76196d83537e",
"accountId": "123456789012",
"status": "Success",
"eventType": "RuleMatch",
"clientId": "abf27092886e49a8a5c1922749736453",
"topicName": "rules/test",
"ruleName": "JSONLogsRule",
"principalId": "145179c40e2219e18a909d896a5340b74cf97a39641beec2fc3eeafc5a932167"
}
```
In addition to the [Common CloudWatch Logs attributes](#cwl-common-attributes) ,`RuleMatch` log entries contain the following attributes:
clientId
The ID of the client making the request.
principalId
The ID of the principal making the request.
ruleName
The name of the matching rule.
topicName
The name of the subscribed topic.
### RuleExecutionThrottled log entry
When an execution is throttled, the AWS IoT rules engine generates a log entry with an `eventType` of `RuleExecutionThrottled`.
#### RuleExecutionThrottled log entry example
```
{
"timestamp": "2017-10-04 19:25:46.070",
"logLevel": "ERROR",
"traceId": "30aa7ccc-1d23-0b97-aa7b-76196d83537e",
"accountId": "123456789012",
"status": "Failure",
"eventType": "RuleExecutionThrottled",
"clientId": "abf27092886e49a8a5c1922749736453",
"topicName": "$aws/rules/example_rule",
"ruleName": "example_rule",
"principalId": "145179c40e2219e18a909d896a5340b74cf97a39641beec2fc3eeafc5a932167",
"reason": "RuleExecutionThrottled",
"details": "Exection of Rule example_rule throttled"
}
```
In addition to the [Common CloudWatch Logs attributes](#cwl-common-attributes) ,`RuleExecutionThrottled` log entries contain the following attributes:
clientId
The ID of the client making the request.
details
A brief explanation of the error.
principalId
The ID of the principal making the request.
reason
The string "RuleExecutionThrottled".
ruleName
The name of the rule to be triggered.
topicName
The name of the topic that was published.
### RuleNotFound log entry
When the AWS IoT rules engine cannot find a rule with a given name, it generates a log entry with an `eventType` of `RuleNotFound`.
#### RuleNotFound log entry example
```
{
"timestamp": "2017-10-04 19:25:46.070",
"logLevel": "ERROR",
"traceId": "30aa7ccc-1d23-0b97-aa7b-76196d83537e",
"accountId": "123456789012",
"status": "Failure",
"eventType": "RuleNotFound",
"clientId": "abf27092886e49a8a5c1922749736453",
"topicName": "$aws/rules/example_rule",
"ruleName": "example_rule",
"principalId": "145179c40e2219e18a909d896a5340b74cf97a39641beec2fc3eeafc5a932167",
"reason": "RuleNotFound",
"details": "Rule example_rule not found"
}
```
In addition to the [Common CloudWatch Logs attributes](#cwl-common-attributes) ,`RuleNotFound` log entries contain the following attributes:
clientId
The ID of the client making the request.
details
A brief explanation of the error.
principalId
The ID of the principal making the request.
reason
The string "RuleNotFound".
ruleName
The name of the rule that could not be found.
topicName
The name of the topic that was published.
### StartingRuleExecution log entry
When the AWS IoT rules engine starts to trigger a rule's action, it generates a log entry with an `eventType` of `StartingRuleExecution`.
#### StartingRuleExecution log entry example
```
{
"timestamp": "2017-08-10 16:32:46.002",
"logLevel": "DEBUG",
"traceId": "30aa7ccc-1d23-0b97-aa7b-76196d83537e",
"accountId": "123456789012",
"status": "Success",
"eventType": "StartingRuleExecution",
"clientId": "abf27092886e49a8a5c1922749736453",
"topicName": "rules/test",
"ruleName": "JSONLogsRule",
"ruleAction": "RepublishAction",
"principalId": "145179c40e2219e18a909d896a5340b74cf97a39641beec2fc3eeafc5a932167"
}
```
In addition to the [Common CloudWatch Logs attributes](#cwl-common-attributes) ,`rule-` log entries contain the following attributes:
clientId
The ID of the client making the request.
principalId
The ID of the principal making the request.
ruleAction
The name of the action triggered.
ruleName
The name of the matching rule.
topicName
The name of the subscribed topic.
## Job log entries
The AWS IoT Job service generates log entries for the following events. Log entries are generated when an MQTT or HTTP request is received from the device.
**Topics**
+ [
### DescribeJobExecution log entry
](#log-job-describe-job-ex)
+ [
### GetPendingJobExecution log entry
](#log-job-get-pending-job-ex)
+ [
### ReportFinalJobExecutionCount log entry
](#log-job-report-final-job-ex-count)
+ [
### StartNextPendingJobExecution log entry
](#log-job-start-next-pending-job-ex)
+ [
### UpdateJobExecution log entry
](#log-job-update-job-ex)
### DescribeJobExecution log entry
The AWS IoT Jobs service generates a log entry with an `eventType` of `DescribeJobExecution` when the service receives a request to describe a job execution.
#### DescribeJobExecution log entry example
```
{
"timestamp": "2017-08-10 19:13:22.841",
"logLevel": "DEBUG",
"accountId": "123456789012",
"status": "Success",
"eventType": "DescribeJobExecution",
"protocol": "MQTT",
"clientId": "thingOne",
"jobId": "002",
"topicName": "$aws/things/thingOne/jobs/002/get",
"clientToken": "myToken",
"details": "The request status is SUCCESS."
}
```
In addition to the [Common CloudWatch Logs attributes](#cwl-common-attributes) ,`GetJobExecution` log entries contain the following attributes:
clientId
The ID of the client making the request.
clientToken
A unique, case-sensitive identifier to ensure the idempotency of the request. For more information, see [How to Ensure Idempotency](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html).
details
Other information from the Jobs service.
jobId
The job ID for the job execution.
protocol
The protocol used to make the request. Valid values are `MQTT` or `HTTP`.
topicName
The topic used to make the request.
### GetPendingJobExecution log entry
The AWS IoT Jobs service generates a log entry with an `eventType` of `GetPendingJobExecution` when the service receives a job execution request.
#### GetPendingJobExecution log entry example
```
{
"timestamp": "2018-06-13 17:45:17.197",
"logLevel": "DEBUG",
"accountId": "123456789012",
"status": "Success",
"eventType": "GetPendingJobExecution",
"protocol": "MQTT",
"clientId": "299966ad-54de-40b4-99d3-4fc8b52da0c5",
"topicName": "$aws/things/299966ad-54de-40b4-99d3-4fc8b52da0c5/jobs/get",
"clientToken": "24b9a741-15a7-44fc-bd3c-1ff2e34e5e82",
"details": "The request status is SUCCESS."
}
```
In addition to the [Common CloudWatch Logs attributes](#cwl-common-attributes) ,`GetPendingJobExecution` log entries contain the following attributes:
clientId
The ID of the client making the request.
clientToken
A unique, case sensitive identifier to ensure the idempotency of the request. For more information, see [How to Ensure Idempotency](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html).
details
Other information from the Jobs service.
protocol
The protocol used to make the request. Valid values are `MQTT` or `HTTP`.
topicName
The name of the subscribed topic.
### ReportFinalJobExecutionCount log entry
The AWS IoT Jobs service generates a log entry with an `entryType` of `ReportFinalJobExecutionCount` when a job is completed.
#### ReportFinalJobExecutionCount log entry example
```
{
"timestamp": "2017-08-10 19:44:16.776",
"logLevel": "INFO",
"accountId": "123456789012",
"status": "Success",
"eventType": "ReportFinalJobExecutionCount",
"jobId": "002",
"details": "Job 002 completed. QUEUED job execution count: 0 IN_PROGRESS job execution count: 0 FAILED job execution count: 0 SUCCEEDED job execution count: 1 CANCELED job execution count: 0 REJECTED job execution count: 0 REMOVED job execution count: 0"
}
```
In addition to the [Common CloudWatch Logs attributes](#cwl-common-attributes) ,`ReportFinalJobExecutionCount` log entries contain the following attributes:
details
Other information from the Jobs service.
jobId
The job ID for the job execution.
### StartNextPendingJobExecution log entry
When it receives a request to start the next pending job execution, the AWS IoT Jobs service generates a log entry with an `eventType` of `StartNextPendingJobExecution`.
#### StartNextPendingJobExecution log entry example
```
{
"timestamp": "2018-06-13 17:49:51.036",
"logLevel": "DEBUG",
"accountId": "123456789012",
"status": "Success",
"eventType": "StartNextPendingJobExecution",
"protocol": "MQTT",
"clientId": "95c47808-b1ca-4794-bc68-a588d6d9216c",
"topicName": "$aws/things/95c47808-b1ca-4794-bc68-a588d6d9216c/jobs/start-next",
"clientToken": "bd7447c4-3a05-49f4-8517-dd89b2c68d94",
"details": "The request status is SUCCESS."
}
```
In addition to the [Common CloudWatch Logs attributes](#cwl-common-attributes) ,`StartNextPendingJobExecution` log entries contain the following attributes:
clientId
The ID of the client making the request.
clientToken
A unique, case sensitive identifier to ensure the idempotency of the request. For more information, see [How to Ensure Idempotency](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html).
details
Other information from the Jobs service.
protocol
The protocol used to make the request. Valid values are `MQTT` or `HTTP`.
topicName
The topic used to make the request.
### UpdateJobExecution log entry
The AWS IoT Jobs service generates a log entry with an `eventType` of `UpdateJobExecution` when the service receives a request to update a job execution.
#### UpdateJobExecution log entry example
```
{
"timestamp": "2017-08-10 19:25:14.758",
"logLevel": "DEBUG",
"accountId": "123456789012",
"status": "Success",
"eventType": "UpdateJobExecution",
"protocol": "MQTT",
"clientId": "thingOne",
"jobId": "002",
"topicName": "$aws/things/thingOne/jobs/002/update",
"clientToken": "myClientToken",
"versionNumber": "1",
"details": "The destination status is IN_PROGRESS. The request status is SUCCESS."
}
```
In addition to the [Common CloudWatch Logs attributes](#cwl-common-attributes) ,`UpdateJobExecution` log entries contain the following attributes:
clientId
The ID of the client making the request.
clientToken
A unique, case sensitive identifier to ensure the idempotency of the request. For more information, see [How to Ensure Idempotency](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html).
details
Other information from the Jobs service.
jobId
The job ID for the job execution.
protocol
The protocol used to make the request. Valid values are `MQTT` or `HTTP`.
topicName
The topic used to make the request.
versionNumber
The version of the job execution.
## Device provisioning log entries
The AWS IoT Device Provisioning service generates logs for the following events.
**Topics**
+ [
### GetDeviceCredentials log entry
](#log-provision-get-device-credentials)
+ [
### ProvisionDevice log entry
](#log-provision-provision-device)
### GetDeviceCredentials log entry
The AWS IoT Device Provisioning service generates a log entry with an `eventType` of `GetDeviceCredential` when a client calls `GetDeviceCredential`.
#### GetDeviceCredentials log entry example
```
{
"timestamp" : "2019-02-20 20:31:22.932",
"logLevel" : "INFO",
"traceId" : "8d9c016f-6cc7-441e-8909-7ee3d5563405",
"accountId" : "123456789101",
"status" : "Success",
"eventType" : "GetDeviceCredentials",
"deviceCertificateId" : "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"details" : "Additional details about this log."
}
```
In addition to the [Common CloudWatch Logs attributes](#cwl-common-attributes) ,`GetDeviceCredentials` log entries contain the following attributes:
details
A brief explanation of the error.
deviceCertificateId
The ID of the device certificate.
### ProvisionDevice log entry
The AWS IoT Device Provisioning service generates a log entry with an `eventType` of `ProvisionDevice` when a client calls `ProvisionDevice`.
#### ProvisionDevice log entry example
```
{
"timestamp" : "2019-02-20 20:31:22.932",
"logLevel" : "INFO",
"traceId" : "8d9c016f-6cc7-441e-8909-7ee3d5563405",
"accountId" : "123456789101",
"status" : "Success",
"eventType" : "ProvisionDevice",
"provisioningTemplateName" : "myTemplate",
"deviceCertificateId" : "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"details" : "Additional details about this log."
}
```
In addition to the [Common CloudWatch Logs attributes](#cwl-common-attributes) ,`ProvisionDevice` log entries contain the following attributes:
details
A brief explanation of the error.
deviceCertificateId
The ID of the device certificate.
provisioningTemplateName
The name of the provisioning template.
## Dynamic thing group log entries
AWS IoT Dynamic Thing Groups generate logs for the following event.
**Topics**
+ [
### AddThingToDynamicThingGroupsFailed log entry
](#log-dynthing-add-thing-to-dynamic-thing-groups-failed)
### AddThingToDynamicThingGroupsFailed log entry
When AWS IoT was not able to add a thing to the specified dynamic groups, it generates a log entry with an `eventType` of `AddThingToDynamicThingGroupsFailed`. This happens when a thing met the criteria to be in the dynamic thing group; however, it could not be added to the dynamic group or it was removed from the dynamic group. This can happen because:
+ The thing already belongs to the maximum number of groups.
+ The **--override-dynamic-groups** option was used to add the thing to a static thing group. It was removed from a dynamic thing group to make that possible.
For more information, see [Dynamic Thing Group Limitations and Conflicts](dynamic-thing-groups.md#dynamic-thing-group-limitations).
#### AddThingToDynamicThingGroupsFailed log entry example
This example shows the log entry of an `AddThingToDynamicThingGroupsFailed` error. In this example, *TestThing* met the criteria to be in the dynamic thing groups listed in `dynamicThingGroupNames`, but could not be added to those dynamic groups, as described in `reason`.
```
{
"timestamp": "2020-03-16 22:24:43.804",
"logLevel": "ERROR",
"traceId": "70b1f2f5-d95e-f897-9dcc-31e68c3e1a30",
"accountId": "57EXAMPLE833",
"status": "Failure",
"eventType": "AddThingToDynamicThingGroupsFailed",
"thingName": "TestThing",
"dynamicThingGroupNames": [
"DynamicThingGroup11",
"DynamicThingGroup12",
"DynamicThingGroup13",
"DynamicThingGroup14"
],
"reason": "The thing failed to be added to the given dynamic thing group(s) because the thing already belongs to the maximum allowed number of groups."
}
```
In addition to the [Common CloudWatch Logs attributes](#cwl-common-attributes) , `AddThingToDynamicThingGroupsFailed` log entries contain the following attributes:
dynamicThingGroupNames
An array of the dynamic thing groups to which the thing could not be added.
reason
The reason why the thing could not be added to the dynamic thing groups.
thingName
The name of the thing that could not be added to a dynamic thing group.
## Fleet indexing log entries
AWS IoT fleet indexing generates log entries for the following events.
**Topics**
+ [
### NamedShadowCountForDynamicGroupQueryLimitExceeded log entry
](#log-named-shadow-dynamic-group)
### NamedShadowCountForDynamicGroupQueryLimitExceeded log entry
A maximum of 25 named shadows per thing are processed for query terms that are not data source specific in dynamic groups. When this limit is breached for a thing, the `NamedShadowCountForDynamicGroupQueryLimitExceeded` event type will be emitted.
#### NamedShadowCountForDynamicGroupQueryLimitExceeded log entry example
This example shows the log entry of a `NamedShadowCountForDynamicGroupQueryLimitExceeded` error. In this example, all-values based `DynamicGroup` results can be inaccurate, as described in the `reason` field.
```
{
"timestamp": "2020-03-16 22:24:43.804",
"logLevel": "ERROR",
"traceId": "70b1f2f5-d95e-f897-9dcc-31e68c3e1a30",
"accountId": "571032923833",
"status": "Failure",
"eventType": "NamedShadowCountForDynamicGroupQueryLimitExceeded",
"thingName": "TestThing",
"reason": "A maximum of 25 named shadows per thing are processed for non-data source specific query terms in dynamic groups."
}
```
## Common CloudWatch Logs attributes
All CloudWatch Logs log entries include these attributes:
accountId
Your AWS account ID.
eventType
The event type for which the log was generated. The value of the event type depends on the event that generated the log entry. Each log entry description includes the value of `eventType` for that log entry.
logLevel
The log level being used. For more information, see [Log levels](configure-logging.md#log-level) .
status
The status of the request.
timestamp
The human-readable UTC timestamp of when the client connected to the AWS IoT message broker.
traceId
A randomly generated identifier that can be used to correlate all logs for a specific request.