A CloudWatch alternative, built for Lambda debugging

TL;DR

CloudWatch is where your Lambda logs live — and the console shows them as raw streams you reassemble by hand. LogStitch is a native Mac app that reads those exact same CloudWatch logs and groups them by request ID into invocations, stitches a request across functions, and clusters errors into ranked patterns. It doesn't replace CloudWatch — your logs, alarms, and metrics stay put. It replaces the console as the place you read Lambda logs. Stay on the free console if you rarely look; switch if you debug Lambda all day.

Everyone debugging serverless starts in the same place: the CloudWatch console. It's free, it's already there, and for a quick look it's fine. The pain shows up when something's actually broken — when you're trying to find one failing invocation among hundreds of concurrent executions, scattered across log streams, interleaved by timestamp. This page compares reading Lambda logs in the CloudWatch console with doing it in LogStitch — honestly, including the times you should just stay in the console.

First, the important disclaimer: LogStitch is not a replacement for CloudWatch. Your functions still write to CloudWatch Logs; your alarms, metrics, and dashboards still live in CloudWatch. LogStitch is a read client — it fetches those logs with your IAM credentials and gives you a better surface to read and debug them on. Think of it as replacing the console log viewer, not the service.

At a glance

Reading Lambda logs, side by side. This compares the CloudWatch console experience with LogStitch — not CloudWatch's storage, alarms, or metrics, which LogStitch doesn't touch.

Reading Lambda logs CloudWatch console LogStitch
PlatformAny browser, any OS, phoneNative macOS only (26.1+)
SetupNone — logs are already thereInstall app, add an AWS profile (14-day trial)
Cost to read logsFree (you pay ingest/storage regardless)One-time $49 / $99
Unit you readLog streams (per execution environment)Invocations (per request ID)
Concurrent invocationsScattered across streams / interleavedSeparated — one invocation at a time
Group logs by request IDManual — filter on the request IDAutomatic
One request across functionsNo — open each log group in turnStitched (correlation ID / X-Ray / temporal)
Structured-JSON log linesRaw textParsed tree, per-field copy, level badges
Error-pattern clusteringNoYes — templated + impact-ranked
Anomaly detectionSeparate setup (alarms / anomaly detection)Built in — z-score on errors, duration, cold starts, cost
History past retentionNo — expires per policyYes — local SQLite keeps it
Offline accessNoYes
Live tailYes — billed $0.01/min*Yes — included
Alarms, metrics, dashboardsYes — full CloudWatchOut of scope — reads logs
Non-Lambda logs (ECS, API GW, VPC…)YesLambda-focused
MCP / AI integrationNoBuilt-in MCP server for Claude
Best forOccasional reads; the whole AWS platformDaily Lambda debugging

* CloudWatch Live Tail is billed at $0.01 per minute of streaming in commercial regions. Browsing existing log streams in the console has no per-read charge — you pay for ingestion and storage regardless of which tool reads the logs. See the official AWS CloudWatch pricing page for your region.

Where the CloudWatch console wins

A comparison that only lists the incumbent's weaknesses isn't honest. Here's where the console is the right tool — and it genuinely is, often.

1. It's free and already there

There is nothing to install, nothing to buy, and nothing to configure. The moment your Lambda runs, its logs are in CloudWatch and you can read them. You're already paying for ingestion and storage, so reading them in the console costs you $0 more. For a quick check or an occasional look, that's unbeatable.

2. Any device, any OS — including your phone

On-call at 3am from your phone? Borrowed a Windows laptop? The console is a URL. LogStitch is a macOS app (26.1+), so if you're not at a Mac, it's not an option and the console is exactly what you want.

3. It's the whole platform, not just logs

CloudWatch is alarms, metrics, dashboards, subscription filters, and logs from every service — ECS, API Gateway, VPC flow logs, RDS, your own EC2 apps. LogStitch reads Lambda logs and nothing else. If your debugging spans more than Lambda, or you need alarms and metrics in the same place, that's CloudWatch's job, not LogStitch's.

4. Team access and sharing are built in

Everyone with the right IAM role already has the console. You can copy a deep link to a log group and time range and paste it in Slack, and a teammate sees the same view. LogStitch is a single-user local app; it has no shared team workspace.

Where LogStitch wins for Lambda debugging

The console is a general-purpose log viewer for all of AWS. LogStitch assumes one thing — that you're debugging Lambda — and builds everything around it. That focus is where the time savings come from.

1. Invocations, not log streams

CloudWatch organizes Lambda logs by log stream — one per execution environment (container), not one per request. A single stream holds many sequential invocations, and concurrent invocations land in different streams. So the merged view interleaves executions by timestamp, and reading one request means filtering on its request ID and stitching the lines back together yourself. LogStitch reads the request ID stamped on every line and groups the logs into invocations automatically — one execution, in order, as a single unit you can actually read.

2. One request, across every function it touched

A serverless request usually spans several functions. In the console that means opening each function's log group in turn, filtering on the request or correlation ID in each, and interleaving the results by hand. LogStitch stitches the invocations from all the functions a single request passed through into one ordered timeline, with end-to-end duration. It matches them by a correlation ID you log in structured JSON, an AWS X-Ray trace ID, or temporal proximity.

Cross-function stitching works within a single AWS account and region. Cross-account and cross-region correlation are not supported.

3. Structured log lines, not raw text

The console shows log lines as raw text — a structured JSON log or error arrives as a single wrapped blob, and the START/END/REPORT boilerplate sits inline. LogStitch parses each line: it pretty-prints JSON as a syntax-highlighted tree with per-field copy, badges each line by level (ERROR/INFO/DEBUG), stamps a relative offset from the start of the invocation, and folds the REPORT line into structured stats — duration, billed duration, max memory, cold-start. A raw view is one toggle away when you want it.

4. Error patterns and anomalies, surfaced for you

LogStitch clusters similar errors by generalizing them into templates (stripping UUIDs, timestamps, IDs, and numbers) so recurring failures collapse into one ranked pattern with a count, and it flags z-score deviations on error rate, P95 duration, cold-start rate, and cost against each function's own 7-day baseline. The console shows you the lines; noticing the trend is on you. Getting the equivalent in CloudWatch means wiring up metric filters, alarms, and anomaly detection by hand.

5. History past retention, and offline

LogStitch stores fetched logs in a local SQLite database, so a past incident is still readable after CloudWatch's retention window has expired those logs — and you can read it on a plane with no network. The console only shows what's currently in CloudWatch, online.

6. An MCP server so Claude can query your logs

LogStitch ships a local Model Context Protocol server bound to 127.0.0.1, exposing tools to search logs, drill into invocations, list error patterns and anomalies, and pull cost summaries. Claude Code or any MCP-aware client on your machine can debug your Lambda logs by conversation — with your AWS credentials staying in the Keychain. The console has no equivalent.

"Isn't CloudWatch free?" — the honest answer

Yes. Reading logs in the CloudWatch console costs nothing beyond the ingestion and storage you already pay for. LogStitch is $49 (Personal) or $99 (Business), once. So the comparison isn't dollars against dollars — it's a one-time price against your time.

Here's the time cost the console hides. It's 2pm, the error rate on createUser just spiked, and you need a failing invocation to look at:

  • Open the log group. The failures are spread across dozens of streams (one per warm container), so you switch to "Search log group."
  • Filter for ERROR. The results interleave error lines from many different invocations by timestamp.
  • Pick one, copy its RequestId, then filter again on that ID to isolate the single invocation.
  • Read START → your lines → ERROREND, mentally skipping the REPORT boilerplate, and expand the one-line JSON error blob to actually read it.
  • Repeat for the next failing request. And the next incident. And the one after that.

In LogStitch the same task is: open createUser, click the spiking error pattern (already clustered with a count), click a failing invocation, read the formatted timeline with the JSON error expanded. Minutes become seconds — and it's seconds every incident, not just once.

So do the math on your own time, not ours: if invocation-first debugging saves you even 20 minutes a week, the one-time Business license pays for itself in well under a working day of saved effort, and everything after that is free. But if you only open Lambda logs a handful of times a month, that time saving never adds up — stay on the free console, and we'll happily tell you so.

LogStitch fetches logs through your own AWS credentials, so the standard CloudWatch API charges for retrieving logs (FilterLogEvents/GetLogEvents) land on your AWS bill either way — the same calls the console makes on your behalf. LogStitch caches fetched ranges locally, so re-reading the same window doesn't re-hit AWS.

Workflow: same task, both tools

The same job, walked through each. "Find a failing createUser invocation from the 2pm spike and see why it broke."

In the CloudWatch console

  1. Open the /aws/lambda/createUser log group, switch to the right region.
  2. Concurrent invocations are spread across streams, so choose "Search log group" for a merged view.
  3. Filter ERROR. Results interleave error lines from many invocations by timestamp.
  4. Pick one, copy its RequestId.
  5. Filter again on that request ID to isolate the single invocation.
  6. Read it top to bottom, skipping START/END/REPORT noise and expanding the JSON error blob by eye.
Steps to a root-cause invocation: ~6 actions, two filter passes

In LogStitch

  1. Open createUser. The Patterns tab already shows the spiking error, clustered with its count.
  2. Click the pattern, then click any of the failing invocations under it.
  3. Read the invocation as one formatted timeline — JSON error expanded, level-badged, cold-start and duration in the header.
Steps to a root-cause invocation: 3 clicks, no filtering

The console flow isn't broken — it's what a general-purpose log viewer over per-container streams requires. The LogStitch flow is what becomes possible when the tool already knows a "Lambda invocation" is the thing you're looking for.

When to use each

A practical decision framework, by the question you're actually trying to answer.

"I read Lambda logs a few times a month."
Use the CloudWatch console. Free covers you.
"I'm on-call from my phone."
Use the console. It's a URL on any device.
"I need alarms, metrics, or non-Lambda logs."
Use CloudWatch. LogStitch only reads Lambda logs.
"I debug Lambda for hours every week."
Use LogStitch. Invocation-first reading + patterns save the time.
"I chase failures across concurrent executions."
Use LogStitch. Grouped by request ID, not scattered across streams.
"I follow one request across several functions."
Use LogStitch. It stitches the whole request into one timeline.
"I need logs after retention expired."
Use LogStitch. Local SQLite keeps what it fetched.
"I want Claude to query my logs safely."
Use LogStitch. The MCP server keeps creds in the Keychain.
"I'm on Windows or Linux."
Use the console. LogStitch is macOS-only.

FAQ

Does LogStitch replace CloudWatch?
No. Your Lambda functions still send their logs to CloudWatch, and CloudWatch remains your store of record along with alarms, metrics, and dashboards. LogStitch is a Mac client that reads those same logs using your IAM credentials and presents them grouped by request ID. It replaces the CloudWatch console as the place you read Lambda logs — not CloudWatch itself.
CloudWatch is free to read — why pay for LogStitch?
Reading logs in the CloudWatch console costs nothing beyond the ingestion and storage you already pay for. LogStitch is a one-time $49 or $99 purchase. So the real question isn't dollars, it's time: LogStitch groups logs into invocations, clusters errors into ranked patterns, and stitches a request across functions, which turns minutes of stream-hopping into seconds per incident. If you only read Lambda logs a few times a month, the free console is the right call and LogStitch isn't worth the spend.
Why is reading Lambda logs in the CloudWatch console so painful?
Because CloudWatch organizes logs by log stream — one stream per Lambda execution environment (container), not by request. A single stream holds many sequential invocations, and concurrent invocations are scattered across different streams. A merged log-group view interleaves them by timestamp, so to read one invocation you filter on its request ID and reassemble it by eye. LogStitch does that grouping automatically, presenting each invocation as one coherent unit.
Can LogStitch read Lambda logs older than my retention window?
LogStitch stores the logs it has already fetched in a local SQLite database, so you can re-read a past incident even after CloudWatch's retention policy has expired those logs. It can't fetch logs CloudWatch has already deleted — only what it captured while they were still available.
Do I need to change my Lambda code or set up X-Ray?
No, not to read a single function. LogStitch groups a function's logs into invocations out of the box. Cross-function stitching uses a correlation ID you log in structured JSON, an AWS X-Ray trace ID if one is present, or temporal proximity as a fallback. Structured-JSON rendering just needs your logs to be JSON. None of it requires changing how Lambda writes to CloudWatch.
Will LogStitch work without AWS console access?
Yes. LogStitch only needs IAM credentials with read access to CloudWatch Logs (e.g. logs:FilterLogEvents, logs:GetLogEvents). You do not need a console login. Credentials are stored in the macOS Keychain and never leave your machine.

Read your CloudWatch logs the way Lambda actually runs.

Free 14-day trial. No card, no account, no telemetry. Point it at your AWS profiles and see your invocations grouped and stitched in under a minute.