amazon-cloudwatch amazon-cloudwatchlogs aws-cloudwatch-log-insights

What is the cloudwatch insights logs equivalent of SQL's "WHERE IN ('foo', 'bar')"

This is not valid:

fields @timestamp, log
| sort @timestamp desc
| filter kubernetes.pod_name like /my-pod/
| filter log.someId IN (156446, 156447, 156448, 156449, 156450, 156451, 156453, 156454, 156455, 156456, 156457, 156458, 156459, 156460, 156461, 156462, 154832, 154379, 154380, 154381, 154382, 153597, 145666, 145647, 145627, 139961, 139967, 142303, 142597, 130045, 129441, 131003, 123103, 122227, 122294 )

the last part is not correct. What is the correct way to accomplish this?

Solution

Figured it out. Just use [] instead of (). So:

fields @timestamp, log
| sort @timestamp desc
| filter kubernetes.pod_name like /my-pod/
| filter log.someId IN [156446, 156447, 156448, 156449, 156450, 156451, 156453, 156454, 156455, 156456, 156457, 156458, 156459, 156460, 156461, 156462, 154832, 154379, 154380, 154381, 154382, 153597, 145666, 145647, 145627, 139961, 139967, 142303, 142597, 130045, 129441, 131003, 123103, 122227, 122294]