Say I have the following log line
{
"@t": "2022-05-24T00:02:12.0888863Z",
"@m": "An error occurred",
"@l": "Error",
"action" : "blah"
}
This is the logging format generated by Serilogs Compact Json Formatter. I like the format otherwise, just wish it was easier to search on.
Now I can easily search for action = blah like so
{$.action = "blah"} but what I really want to search on is the log level @l = Error.
This doesn't work though
{$.@l= "Error"}
So far I've been doing a string literal search like this
"\"@l\":\"Error\""
but I can't combine multiple search terms when searching like that.
I'm wondering if there's an actual way to search for this in a structured way and being able to combine conditions?
I don't think you can filter Log Events this way but you can easily use Log Insights instead. From your Log Events view click the Actions button and choose 'View in Log Insights', then create a query something like:
filter @logStream = 'my-log-stream-name'
| fields @timestamp, @message
| filter @@l = 'Error'