sridhar249
Reputation: 5061
Cloudwatch: merging the result from 2 fields into one
fields @timestamp, @message
| parse durationMs /(?<duration>[\d]+ )/
| parse message /(GET \/[^\s]+ [\d]+ )(?<responseTime>[\d]+)/
| display @timestamp, duration, responseTime
| sort @timestamp descThis query works for me and fetches the values. The query is currently parsing the durationMs field and getting the value into duration field. Also parsing message field and getting the value into responseTime field.
I am looking for a way to parse durationMs and message fields and get the value into only one field. Is this possible? Please help.
Upvotes: 3
Views: 1065
Answers (1)
sridhar249
Reputation: 5061
coalesce function did the job for me.
fields @timestamp, @message
| parse durationMs /(?<duration>[\d]+ )/
| parse message /(GET \/[^\s]+ [\d]+ )(?<responseTime>[\d]+)/
| display @timestamp, coalesce(duration, responseTime) as response_time
| sort @timestamp descUpvotes: 2
Related Questions
- How to connect PG Admin to PostgreSQL on Azure?
- Cannot connect to azure PostresSQL database - The Username should be in <username@hostname> format
- connecting postgresql to go
- How to connect to Google CloudSQL PostgresSQL
- Unable to connect Azure Database for PostgreSQL servers from Azure function app
- How to connect to Google Cloud SQL (PostgreSQL) from Cloud Functions?
- Connecting to azure flexible postgres server via node pg
- Connecting to postgres on google cloud VM instance with golang?
- How to connect to Cloud-SQL from Cloud Function in Go?
- How connect to postgres from a golang app when using docker-compose?