I have a question on using CloudWatch Log Insights when it comes to JSON files.
I am trying to include two log streams in one query for CloudWatch Logs Insights where I would want to focus on "level" to find errors:
Here is my code:
filter @logStream = 'ingest-23j23d3-daf4343ff3, ingest-2fdfd434d-dsa32434d'
| fields @message, @timestamp
| parse @message '"level": "*"' as level
| filter level == "error"
Here is an example of the JSON:
{
"message": "Could not delete old file cache entries: rimraf: callback function required",
"level": "error"
}
How can I incorporate more than one @logStream in my query. Also, can anyone direct me to maneuvering the JSON file for future use. I would greatly appreciate it.
I was able to fix the issue I had. Since I had no knowledge of Regex, I had to go into it's documentation and also AWS's and find ways of displaying my data:
filter level = "error" | filter strcontains(@logStream, 'ingest-')
| fields @timestamp, @message, level
I was able to filter my levels (which were debug, info, and error) to only show error. From here, I filtered ALL my logstreams beginning with ingest to find the error logs. I hope this helps anybody out in need of answers.