I have this AWS CloudWatch query, that I've created via the AWS CLI with aws logs start-query
:
display @timestamp, @message
| sort @timestamp asc
| filter @message not like "GET / HTTP/1.1"'
When using aws logs get-query-results
, this query returns @timestamp
& @message
as needed but also an extra @ptr
field.
How can I change my query to not return the @ptr
field?
How can I change my query to not return the
@ptr
field?
You can't filter out the @ptr
field server-side as it's returned by GetQueryResults
at the API level as the log record identifier & there's no option to exclude it from the results.
Client-side however, some jq
magic can remove the ptr
field from the AWS CLI output.
Try:
aws logs get-query-results \
--query-id 'xxx' \
| jq 'del(.results[][] | select(.field == "@ptr"))'
This filter tells jq
to delete all objects in each array within results
, where field
is equal to @ptr
.
Output before filtering:
{
"results": [
[
{
"field": "@timestamp",
"value": "2023-09-25 22:41:44.378"
},
{
"field": "@message",
"value": "END RequestId: 69cdac96-c8d1-4935-94e4-6ce45acc4935\n"
},
{
"field": "@ptr",
"value": "Cl0KIAocNTg1NDcwMzQ2NjkyOi9hd3MvbGFtYmRhL2FhYRADEjUaGAIGUHTBkwAAAAAkeektAAZRIMOgAAACMiABKIDihfSsMTC644X0rDE4BUDRBUjiD1DpCBgAIAEQAxgB"
}
]
],
...
}
Output after filtering via jq
:
{
"results": [
[
{
"field": "@timestamp",
"value": "2023-09-25 22:41:44.378"
},
{
"field": "@message",
"value": "END RequestId: 69cdac96-c8d1-4935-94e4-6ce45acc4935\n"
}
]
],
...
}