What is the reason that no filtered results are being returned?
A setup of the Amazon CloudWatch interface VPC endpoint is required for filtering the CloudWatch Logs in the VPC.
CloudWatch Logs only publishes metric data for events that happen after the filter is created.
The log group for CloudWatch Logs should be first streamed to Amazon OpenSearch Service before metric filtering returns the results.
Metric data points for logs groups can be filtered only after they are exported to an Amazon S3 bucket.
Explanations:
Setting up a VPC endpoint is not required for filtering CloudWatch Logs. The metric filter operates directly within CloudWatch Logs, and access issues would not prevent filtering from returning results.
CloudWatch Logs only publishes metric data for log events that occur after the metric filter has been created. Therefore, if the filter was applied to existing log data, it will not return results for past events.
There is no requirement for log groups to be streamed to Amazon OpenSearch Service for metric filtering to work. Metric filters operate directly on the logs stored in CloudWatch Logs without needing to be sent to OpenSearch.
Metric filtering does not require logs to be exported to an S3 bucket. Metric filters can be applied directly to logs in CloudWatch Logs, and data points can be generated without the need for S3 export.