AWS has increased Amazon CloudWatch Logs Insights query result limits from 10,000 to 100,000 rows and added pagination support for its GetQueryResults API to help developers and site reliability engineers (SREs) troubleshoot and debug large-scale distributed applications more efficiently.
The update to the monitoring and observability service, according to an AWS blog post, will reduce the need to repeatedly split queries into smaller time windows during incident investigations, debugging, and operational audits across enterprise environments.
Analysts see sound operational reasoning behind the move.
“The old 10,000-row CloudWatch limit was a real problem for large distributed systems. During outages, SRE teams often had to rerun the same query across multiple small time windows and manually combine results. Automated monitoring and compliance pipelines also needed extra custom logic, making systems more complex and fragile,” said Pareekh Jain, principal analyst at Pareekh Consulting.
“The new 100,000-result limit makes investigations much easier. Teams can now analyze larger incidents in a single query, reducing manual effort and speeding up troubleshooting. Dashboards, exports, and pattern analysis also work on more complete data,” Jain noted.
“In microservices environments where one request touches many services, teams now have a much better chance of seeing the full impact of a failure in one search,” Jain pointed out.
Pagination support could boost observability automation
The added pagination support for the GetQueryResults API, in fact, according to Avasant research director Gaurav Dewan, is the “bigger” architectural improvement.
“Previously, query APIs could return truncated datasets, requiring teams to re-run queries with additional filters or implement custom logic to retrieve complete results. This added complexity, especially for automated workflows such as runbooks, bots, or SIEM ingestion pipelines,” Dewan said.
“With pagination, query results can now be accessed incrementally in a structured way. This makes it easier to programmatically retrieve large datasets and is likely to improve the reliability of automation workflows built on top of CloudWatch,” Dewan added.
Despite the immediate benefits, neither analyst was convinced that the new update would eliminate the need for third-party observability or SIEM platforms in enterprise environments.
“It reduces friction at the margins, but doesn’t close the structural gaps that drive third-party observability or SIEM tools adoption,” Jain said.
While teams troubleshooting Lambda, ECS, or EKS workloads inside AWS may now rely more on CloudWatch for incident investigations instead of exporting logs to third-party tools simply because of earlier query limits, for SIEM, security analytics, compliance, or multi-cloud environments, platforms like Datadog, Splunk, or Elastic still offer broader cross-platform visibility, advanced correlation, and long-term governance features that CloudWatch does not fully address, Jain pointed out.
No direct cloud cost savings
Jain also downplayed the likelihood of major direct cloud cost savings from the update, noting that CloudWatch Logs Insights pricing is primarily based on the volume of data scanned rather than the number of results returned.
Instead, he said, the larger benefit is likely to come from operational efficiency and faster incident resolution.
“If SRE teams spend less time fighting query limits, rerunning searches, and stitching logs together, they can identify issues much faster. For large enterprise applications, even reducing outage investigation time from 15 minutes to 2 minutes can translate into significant operational and business value,” Jain said.
Enterprise users, according to AWS, can control the number of records returned in a query using the “LIMIT” command after setting the higher query ceilings either via the Amazon CloudWatch console or the AWS CLI. The feature has been made generally available across all AWS regions.