I'm using CloudWatch metric filters. I have a JSON log which looks like this:
log.info("Null message generated for request: {}", request)
I'm attempting to create a metric filter for this particular JSON log. I initially tried the following pattern:
"Null message generated for request"
But then, the logs metric filter attempts to see if there are individual occurrences of these terms in the JSON log. For example, I had a log statement like:
{
"timeMillis": 1609952498430,
"thread": "main",
"level": "INFO",
"loggerName": "com.ewr.behvr.api.ProcessEventApi",
"message": "The result generated markup: MarkupMessage{ \"messageTitle\" : \"Null event\", \"text\": \"Request resulted in a Null message\"}",
"threadId": 1,
"threadPriority": 5
}
Unfortunately, the filter matches this message as well, which is not supposed to be the case.
I tried using the $. symbol with JSON log events, but I can only do equality checks and cannot compare strings with that.
Any idea on how I can get this metric filter to work? and not have false positives?
Thanks!
After experimentation and reading through the docs once again, I was able to come up with a filter expression that looked like this:
{($.loggerName="com.ewr.behvr.api.ProcessEventApi") && ($.message="Null message generated for request:*")}
I didn't realize that I could add wildcards within the value itself. Once I used this expression, I was able to get the correct set of logs to match.