How to correctly parse lambda's whitespace separated log in Logs Insights
i have this type of log in @message:
2022-06-16T10:35:12.921Z 8984a0e4-0ff0-4cfd-ac5a-a312ec3f6157 DEBUG successfully retrieved 15758 object
How can i parse this log to have different columns with: timestamp (2022-06-16T10:35:12.921Z), requestID (8984a0e4-0ff0-4cfd-ac5a-a312ec3f6157), type(DEBUG), message (successfully retrieved 15758 object)?
I've tried with this query but the field type and message are not correctly recognized:
fields @timestamp, @message, @requestId
| parse @message "* * * *" as timestamp, requestId, type, message
| display @timestamp, @requestId, type, message
the result is that timestamp and requestID are correctly identified, while in type there is "15758" instead of DEBUG and in message there is "object"....
how can i modify this query to have the correct output fields?
The parsing engine for CloudWatch Logs insights supports using regular expressions, so you can use a regex to obtain the desired result:
fields @timestamp, @message
| parse @message /^(?<timestamp>[^\s]+) (?<requestId>[^\s]+) (?<type>[^\s]+) (?<message>.+$)/
| display timestamp, requestId, type, message
will result in:
To see how this regex works in action you can use this regex101 link.
- How to pass multi value query string parameter to lambda on api gateway?
- AWS Cognito - User pool xxxx does not exist
- AWS: Problem accessing metadata tags from within EC2
- How to restrict AWS Cognito users from taking certain actions?
- Is the object URL in s3 only for public access?
- Allocate configuration for the cluster in ECS, where each instance receives a unique value
- Lambda authorizer response using async/await in Node.js
- What is the difference between using a load balancer and a NAT Gateway on AWS?
- How to properly replace resource in Terraform
- AWS InvalidSignatureException, Signature expired when running from docker container
- Signature expired: is now earlier than error : InvalidSignatureException
- SQL Error [1114] [HY000]: The table '/rdsdbdata/tmp/#sql161_17a011_a' is full
- How to Automate Redshift Cluster Start/Stop for night time?
- ActiveRecord::StatementInvalid: PG::InsufficientPrivilege: ERROR: permission denied for relation schema_migrations
- Moving RedShift Query to Sub Query Causes Problem
- AWS S3 filter by tags. search by tags
- How do I set the name of the default profile in AWS CLI?
- AWS CodeCommit with git-remote-codecommit
- What languages are Amazon's AWS Management Console written?
- How can I use multible terraform tf files in one jenkins script?
- I can't delete my VPC
- 1 subdomain doesn't support HSTS
- Missing NVMe SSD in AWS Kubernetes
- How to resolve the 'Application Error: A Server-Side Exception Has Occurred' while deploying a Next.js website on Amplify?
- How do I run the config command on aws elasticache (redis)
- AWS Elastic Beanstalk + Laravel, Nginx Configuration
- rsyslogd using 100% CPU Utilization on all RHEL EC2 Instances
- How to upload local files to S3 quickly?
- How to update lambda@edge ARN in cloudfront distribution using CLI
- How to pass API Gateway authorizer context to a HTTP integration