Convert string to number in AWS log insight
I'm attempting to get the value of subtracting two numbers from a log messages that looks like this.
"[Statistics] | 1697041097288531000 | 1697041097406589000 | 1697041097458528733"
I attempted the following query via aws log insights, with no luck. Is it even possible to do this in aws log insights?
fields @timestamp, @message
| filter @message like /[Statistics]/
| parse MessageTemplate "*|*|*|*" as header, pub1, pub2, pub3
| stats abs(pub2) - abs(pub1) as elaspedTime by @timestamp
| limit 20
please note my logs are JSON logs with a field called MessageTemplate.
The result I get is as follows, as you can see the elaspedTime column is empty I was hoping to see the result of subtracting pub2 from pub1. So if we use the example message I provided I above, I would expect to see the result of 1697041097406589000 - 1697041097288531000 as the elaspedTime value for one of the rows.
If I swap out the pub1 and pub2 fields for hard coded numbers it works, but of course I'm trying to use the string values and have them cast to numbers from the log message.
stats accepts constant values, grouping values or aggregation functions as its parameters.
When you replace your fields with hardcoded numbers, they become constant values. But you're neither grouping by pub1 and pub2 nor aggregating them, so abs(pub2) - abs(pub1) cannot be evaluated within stats context. Most database engines would throw an error at this point, but Log Insights just swallows it and returns an empty value instead.
It looks like you don't really need stats here. Replace your query with:
fields @timestamp, @message
| filter @message like /[Statistics]/
| parse MessageTemplate "*|*|*|*" as header, pub1, pub2, pub3
| fields abs(pub2) - abs(pub1) as elapsedTime
| limit 20
- How to pull every single image (tag or untagged) from AWS ECR?
- In CloudFormation how can I link RDS and Secrets Manager so I don't have to hardcode the password?
- How to install postgresql-client to Amazon EC2 Linux machine?
- PyCharm: Why "Python Console" is not accessing ~\.aws\credentials file? How to set it within "Python Console"
- Is it possible to run aws s3 sync with boto3?
- Python 3 asyncio with aioboto3 seems sequential
- Serverless / AWS Lambda - Create the triggers for the published lambda versions
- AWS Glue missing permissions
- Invoking lambda from API gateway test, but hitting the endpoint does not invoke the lambda. 500 returned
- terraform destroy needs original terraform code to destroy?
- How to correctly/safely access parameters from AWS SSM Parameter store for my Python script on EC2 instance?
- Why is my image not displaying on my Web page?
- How to copy blobs from azure to aws using python?
- S3 Bucket action doesn't apply to any resources
- Couldn't proceed with upgrade process as new nodes are not joining node group standard-workers
- How to customize "From" name for SNS emails
- Changing the name of a Load Balancer on AWS Console
- how to decrease the exceution time of aws lambda function nodejs
- Timeout when trying to retrieve EC2 instance-id metadata from within it
- Row was updated or deleted by another transaction (or unsaved-value mapping was incorrect)
- Downloading an entire S3 bucket?
- Unable to unzip .zip file on linux machine
- Missing Authentication Token while accessing API Gateway?
- AWS S3 Access Denied when open object URL in browser
- How to update a nested field in dynamodb via cli?
- AWS Lambda NodeJs unable to return response
- How can I access my AWS MSK managed kafka queue from my local machine and EC2 instances in other regions
- How to recreate EC2 instances of an autoscaling group with terraform?
- AWS Cloudwatch Alarm Issue
- AWS EC2 | using Rusoto SDK: Couldn't find AWS credentials