Emanuele
Reputation: 73
Parse message in CloudWatch Logs Insights
Here are two example messages of the lambda: WARNING:
Field Value
@ingestionTime 1653987507053
@log XXXXXXX:/aws/lambda/lambda-name
@logStream 2022/05/31/[$LATEST]059106a15343448486b43f8b1168ec64
@message 2022-05-31T08:58:18.293Z b1266ad9-95aa-4c4e-9416-e86409f6455e WARN error catched and errorHandler configured, handling the error: Error: Error while executing handler: TypeError: Cannot read property 'replace' of undefined
@requestId b1266ad9-95aa-4c4e-9416-e86409f6455e
@timestamp 1653987498296
ERROR:
Field Value
@ingestionTime 1653917638480
@log XXXXXXXX:/aws/lambda/lambda-name
@logStream 2022/05/30/[$LATEST]bf8ba722ecd442dbafeaeeb3e7251024
@message 2022-05-30T13:33:57.406Z 8b5ec77c-fb30-4eb3-bd38-04a10abae403 ERROR Invoke Error {"errorType":"Error","errorMessage":"Error while executing configured error handler: Error: No body found in handler event","stack":["Error: Error while executing configured error handler: Error: No body found in handler event"," at Runtime.<anonymous> (/var/task/index.js:3180:15)"]}
@requestId 8b5ec77c-fb30-4eb3-bd38-04a10abae403
@timestamp 1653917637407
errorMessage
Error while executing configured error handler: Error: No body found in handler event
errorType
Error
stack.0 Error: Error while executing configured error handler: Error: No body found in handler event
stack.1 at Runtime.<anonymous> (/var/task/index.js:3180:15)
Can you help me understand how to set up the query in order to have a table with the following columns and their values: from @message extract timestamp, requestID, type (WARN or ERROR), errorMessage and if feasible also the name of the lambda from @log and the @logStream.
Upvotes: 3
Views: 22748
Answers (1)
Shaked Lokits
Reputation: 106
If we'd look at the documentation on AWS Insights parse method
We can use asterisks * to capture details which for you would be:
fields @timestamp, @message, @log, @logStream, @requestId
| parse @message "* * * *" as timestamp, requestId, type, body
| display @timestamp, @requestId, @log, @logStream, body
If you'd like to also capture the error message try to now parse the body as well:
fields @timestamp, @message, @log, @logStream, @requestId
| parse @message "* * * *" as timestamp, requestId, type, body
| parse body "*,\"errorMessage\":\"*\"*" as startBody, errorMessage, endBody
| display @timestamp, @requestId, @log, @logStream, body, errorMessage
Should work but please feel free to look up any additional information in the AWS documentation, they've made it very thorough👌🏽
Upvotes: 6
Related Questions
- How to extract data from array in a JSON message using CloudWatch Logs Insights?
- How to correctly parse lambda's whitespace separated log in Logs Insights
- parse syntax for xml message in CloudWatch Insights
- Parsing logs in Cloudwatch insight
- Parse message in Log Insight
- AWS Cloudwatch Insights - parse a string as JSON
- CloudWatch insights log parsing
- Parsing JSON with CloudWatch Insight Logs
- Amazon Cloudwatch Logs Insights parse with regex
- Parse cloudwatch logs using filter patterns