For logs sent to AWS cloudwatch-logs, I want to create metric filter separating a numeric field from the log matching pattern.
So as per documentation there is [w1=word_pattern1||word_pattern2, w2, ...] like expression to get fields (based on space separator/delimiter). But my logs have some other separators say like : or ,. So is there any way of parsing such fields using some regex pattern.
sample log pattern:
date-time:action:filename:status
e.g.
2018-11-02 12:23:00:delete-file:filename-20180709:done
or like
2018-11-02 12:23:00, deleting-file filename-20180709 done
I can parse the log line for file code with grok regex like:
(?<date>[\w-]+ [\w:]+), (?<action>\w+-\w+) filename-(?<file-code>\d{8}) \w+
but I'm not able to find any equivalent for the metric filter. Is it possible?
I used to work in the team that built CloudWatch Logs. At the time of writing, regular expressions are not supported in metric filters.