How can I make a full-text search through AWS Cloudwatch?

I use structured logging (hence: logging json strings) and I use a log identifier. So in my code, each log message has a unique identifier so that I can search in both directions: When I see a log message, I know where it comes from and when I expect log messages, I can search for this identifier.

My log-strings look like this:

{"log-id": "##_foo_bar-1", "message": "some explanation", "customer_id": 123}

I'm not too sure if I need to do something else with Cloudwatch, as it looks like this:

[2018-02-06 08:34:09,946]:[INFO]: {"log-id": "##_foo_bar-1", "message": "some explanation", "customer_id": 123}

Recently, I was looking for my identifier ##_foo_bar-1 and Cloudwatch told me:

I also tried:

{$.log-id = "##_foo_bar-1"}

No sucess. But it is for sure in the logs (I have seen it, after manually going through it).

How can I find it with the search function?

Putting the search term in quotes should work, like this: "##_foo_bar-1"

Searching for {$.log-id = "##_foo_bar-1"} should also work. I tried logging the same example statement you have in your question and this is what I get:

Maybe your log message is not recognized as json, do you see it parsed and colorized like in my screenshot?