Suppose I have the following Insights query
fields @timestamp, @message
| parse @message 'status=*" as status
| display @timestamp, status, @message
Some log messages don't have a status. I'd like to filter those out. How do I do that?
You can use the ispresent() function: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html
Like this:
fields @timestamp, @message
| parse @message 'status=*" as status
| display @timestamp, status, @message
| filter ispresent(status)