Reading the documentation seems that is possible in AWS Cloudwatch to run queries with multiple log groups but I can not see any example on how to do it.
I would like to join two log groups using common attributes and select some logs using filter.
Has anyone run into the same problem and found a solution? Thanks in advance.
Working code:
"SOURCE 'abc/application.log' | filter @message not like \"ThrottlingException\"\n| fields logMessage"
Not working code:
"SOURCE 'abc/application.log' 'abc-onebox/application.log' | filter @message not like \"ThrottlingException\"\n| fields logMessage"
"SOURCE IN ['abc/application.log', 'abc-onebox/application.log'] | filter @message not like \"ThrottlingException\"\n| fields logMessage"
I was able to fix this issue by doing the following. The AWS documentation lives here
"SOURCE 'abc/application.log' | SOURCE 'abc-onebox/application.log' | filter @message not like \"ThrottlingException\"\n| fields logMessage"