user3625533
Reputation: 415
Cloud watch query for message like list of strings
Am using a query to search the messages like 'string' using below
fields @timestamp, @message
| filter @message like /engineer/
| sort @timestamp desc
| limit 20
wants to search message contains any of the strings in a list and tried the below query but, its not working. Am getting the results which does not contain those values.
fields @timestamp, @message
| filter @message like /[engineer|doctor|builder]/
| sort @timestamp desc
| limit 20
Intention is to get logs which contains engineer OR doctor OR builder
Upvotes: 5
Views: 8200
Answers (1)
Dejan Peretin
Reputation: 12089
This should work:
filter @message like /(engineer|builder|doctor)/
Using the square brackets will match individual characters, [doctor] matches something like (d|o|c|t|o|r)
Upvotes: 6
Related Questions
- Amazon Cloudwatch Logs Insights with JSON fields
- AWS Log Insights query with string contains
- Parse message in CloudWatch Logs Insights
- How to search for multiple strings in logs using aws cloudwatch log insights query?
- How to query AWS CloudWatch logs using AWS CloudWatch Insights?
- How to display all CloudWatch logs from log stream if one log has a specific message?
- AWS CloudWatch Logs filter expression for AND
- How do I filter and extract raw log event data from Amazon Cloudwatch
- Filter log streams in aws cloudwatch
- Parse cloudwatch logs using filter patterns