I have to find the results in cloud watch log insights and below are the fields in logs :
Field Value
@ingestionTime
1681410599635
@log
875721534563:ftp_Logs
@logStream
server
@message
MDTM|13/04/2023 06:29:57 PM|[SFTP:2547246_0:abc:x.x.x.x] READ: *fileExists /abc/xyz.txt:true*
@timestamp
1681410598624
I tried using
fields @timestamp, @message, @logStream, @log
| filter @message="abc"
| sort @timestamp desc
| limit 2000
but not getting any results , if can help in parsing or filtering
filter @message="abc" finds the logs where the entire message is literally abc and nothing else.
What you want is filter @message like "abc". See the docs.