Estimate Logs Insights scanned GB (from query habits)

Logs Insights is typically priced by GB scanned. If you don’t have measured “GB scanned” numbers yet, you can get a planning estimate from three inputs: log volume (GB/day), time range per query, and query frequency.

Step 1: estimate log volume (GB/day)

  • Use measured ingestion GB/day if you have it (best).
  • If not, estimate from requests/day × bytes/log and convert to GB/day.
  • Separate noisy success logs from error/security logs; they behave differently.

Related: CloudWatch Logs pricing.

Step 2: estimate scanned GB per query

First-order approximation (single log group): scanned GB/query ~= (GB/day) × (query_hours / 24).

  • If you query 1 hour of data, query_hours/24 ~= 1/24.
  • If you query 7 days, query_hours/24 ~= 7.
  • If you query multiple log groups, add them (or use total GB/day for those groups).

Step 3: estimate query frequency (the hidden driver)

  • Dashboards: users/day × dashboard views/day × refreshes/view.
  • Ad-hoc queries: engineer queries/day (incident days can be 10–50× higher).
  • Scheduled jobs: recurring searches and reports that run automatically.

Turn it into a monthly estimate

Monthly scanned GB ~= scanned GB/query × queries/day × 30.4

Logs Insights cost calculator Generic scan cost

Worked example (planning)

  • Ingestion for queried groups: 60 GB/day
  • Typical time range: 2 hours -> query_hours/24 ~= 0.083
  • Scanned GB/query ~= 60 * 0.083 ~= 5 GB/query
  • Queries/day: 200 (dashboards + ad-hoc)
  • Monthly scanned ~= 5 * 200 * 30.4 ~= 30,400 GB scanned/month

Treat this as an estimate and validate with measured scan data as soon as possible.

Incident multiplier (simple planning)

If you have 2 incident days per month where query volume is 10× higher and time ranges are wider, you can add a small “incident add-on” instead of pretending every day is identical.

  • Incident add-on ~= (scanned/day during incidents - normal scanned/day) × incident days

Common pitfalls

  • Using a “last 30 days” default window for routine dashboards.
  • Ignoring incident behavior (many repeated broad searches).
  • Scanning noisy success logs to answer a question about errors.
  • Not separating environments (prod vs staging) when modeling queries.

Validation checklist

  • Measure actual scanned GB from a representative week once you have access.
  • Validate dashboards: time range, refresh rate, and number of queries executed per view.
  • Validate which log groups are included in common queries (scope is the main lever).

Sources

Related guides

CloudWatch Logs Insights cost optimization (reduce GB scanned)
A practical playbook to reduce CloudWatch Logs Insights costs: measure GB scanned, fix query patterns, time-bound dashboards, and avoid repeated incident scans.
CloudWatch Logs Insights pricing: what to model (GB scanned)
A practical Logs Insights pricing checklist: the core unit is GB scanned. Model scanned GB from query habits, avoid dashboard re-scan traps, and validate with a measured baseline.
CloudWatch Logs pricing: ingestion, retention, and queries
A practical CloudWatch Logs pricing guide: model ingestion (GB/day), retention (GB-month), and query/scan costs (Insights/Athena). Includes pitfalls and a validation checklist.
AWS CloudWatch Metrics Pricing & Cost Guide
CloudWatch metrics cost model: custom metrics, API requests, dashboards, and retention.
CloudWatch dashboards pricing: what to include (dashboard-month + API)
A practical guide to CloudWatch dashboard costs: dashboard-month charges plus the hidden drivers (metrics API requests, alarms, and high-cardinality metrics).
CloudWatch metrics cost optimization: reduce custom metric sprawl
A practical playbook to reduce CloudWatch metrics costs: control custom metric cardinality, right-size resolution, reduce API polling, and validate observability coverage.

Related calculators

Log Cost Calculator
Estimate total log costs: ingestion, storage, and scan/search.
Log Ingestion Cost Calculator
Estimate monthly log ingestion cost from GB/day or from event rate and $/GB pricing.
Log Retention Storage Cost Calculator
Estimate retained log storage cost from GB/day, retention days, and $/GB-month pricing.
Log Search Scan Cost Calculator
Estimate monthly scan charges from GB scanned per day and $/GB pricing.
Metrics Time Series Cost Calculator
Estimate monthly metrics cost from active series and $ per series-month pricing.
CloudWatch Metrics Cost Calculator
Estimate CloudWatch metrics cost from custom metrics, alarms, dashboards, and API requests.

FAQ

What is the key input for Logs Insights pricing?
GB scanned. You can estimate it from log volume (GB/day), the time range you query, and how often you run queries (dashboards + incident searches).
Why is the estimate so sensitive to time range?
Because scanning is roughly proportional to the amount of data in the time window. Querying 24 hours instead of 1 hour can multiply scanned GB by ~24×.
Last updated: 2026-01-27