Transform parsed field depending on another parsed field's value
I have four months of logs for the time it takes some internal process to finish.
The problem is that this time is given in different units (millis, seconds, minutes) depending on how long it took (not my decision, this is legacy code).
Example:
Process finished after 732 ms
Process finished after 3.53 s
Process finished after 10.84 min
I want to use Log Insights to obtain a graphical representation of this time distribution.
- I know how to
filter @message like /Process finished after/to get only the messages I need. - I know how to
parse @message " after * *" as t_elapsed, t_unitto extract the time and unit into variables. - I don't know how to convert all values to the same unit (as in, divide
t_elapsedby 1000 ift_unitis "ms", multiply it by 60 ift_unitis "min", or leave it as-is ift_unitis "s") - I'm not sure about how to graph the values in such a way that it looks like a distribution. Maybe something along the lines of
stats count(*) as c by ceil(t_elapsed)with a bar-type visualization? But this obviously needs allt_elapsedvalues to be in the same unit...
So, if I manage to convert all t_elapsed values to seconds, I think I'll be able to get a proper graph.
Any tips?
PS: advice about the graph itself is also welcome.
AWS CloudWatch Logs Insights does not support conditional statements as SQL for example does, but this is how I worked around it:
As time units (in your example) are limited to s, ms and min, it is possible to parse the durations explicitly (t_elapsed_ms, t_elapsed_s and t_elapsed_min) .
Using the fields statement again, I created new fields for the converted values. Luckily the arithmetic operations work with null values in our favour and return null if one of the operands is null.
Finally, using display with coalesce, the only not-null t_elapsed* field is returned as elapsed_s.
fields @timestamp, @message, @logStream, @log
| parse @message " after * ms" as t_elapsed_ms
| parse @message " after * s" as t_elapsed_s
| parse @message " after * min" as t_elapsed_min
| fields t_elapsed_min * 60 as t_elapsed_min_as_s, t_elapsed_ms / 1000 as t_elapsed_ms_as_s
| display coalesce(t_elapsed_min_as_s, t_elapsed_ms_as_s, t_elapsed_s) as elapsed_s
| sort @timestamp desc
| limit 1000
See AWS documentation on boolean, comparison, numeric, datetime, and other functions for CloudWatch Logs Insights service.
Here is my test: 
- How to create a size condition using AWS dynamodb-mapper-js
- Unable to read text file in Glue job
- Lambda Provisioned Concurrency showing 0 available. But I'm not using any
- How to use AWS Secret Manger in JavaScript file hosted on ECS container
- Creating a schedule expression for eventbridge using terraform
- AWS RDS restoring snapshot with upgraded engine version giving error
- Error with not existing instance profile while trying to get a django project running on AWS Beanstalk
- Timeout when trying to retrieve EC2 instance-id metadata from within it
- Lease table is not updated when new shards are added causing stale workers in KCL
- libsndfile.so.1: cannot open shared object file: No such file or directory
- Why does ECS binpack strategy on memory always scale up a new EC2 instance despite available resources?
- How to pull every single image (tag or untagged) from AWS ECR?
- In CloudFormation how can I link RDS and Secrets Manager so I don't have to hardcode the password?
- Renaming AWS GraphQL Schema Types
- How to install postgresql-client to Amazon EC2 Linux machine?
- PyCharm: Why "Python Console" is not accessing ~\.aws\credentials file? How to set it within "Python Console"
- Is it possible to run aws s3 sync with boto3?
- Python 3 asyncio with aioboto3 seems sequential
- Serverless / AWS Lambda - Create the triggers for the published lambda versions
- AWS Glue missing permissions
- Invoking lambda from API gateway test, but hitting the endpoint does not invoke the lambda. 500 returned
- terraform destroy needs original terraform code to destroy?
- AWS CDK Change S3 deployment folder lifecycle time
- How to correctly/safely access parameters from AWS SSM Parameter store for my Python script on EC2 instance?
- Why is my image not displaying on my Web page?
- How to copy blobs from azure to aws using python?
- S3 Bucket action doesn't apply to any resources
- Couldn't proceed with upgrade process as new nodes are not joining node group standard-workers
- How to customize "From" name for SNS emails
- Changing the name of a Load Balancer on AWS Console