Search code examples
amazon-web-servicesamazon-cloudwatchamazon-cloudwatchlogsaws-cloudwatch-log-insights

AWS cloudwatch insight query composition for the following log

Trying to compose an insight query which would extract the following fields.

apiname, endpoint, responseCode, status

from the log: "{\n \"apiName\": \"test_Authentication\",\n \"endpoint\": \"https://test.cloud.com\",\n \"responseCode\": 200,\n \"status\": \"Healthy\",\n}

As of now I am getting empty fields:

enter image description here

Solution

  • I tried with the parse message in the query which gave the result I am looking for.

    | parse @message '"apiName\":*,' as apiName
| parse @message '"endpoint\":*,' as endpoint
| parse @message '"responseCode\":*,' as responseCode
| parse @message '"status\":*,' as status
| sort @timestamp desc
| limit 20