如何使用 AWS CloudWatch Insights 查询 AWS CloudWatch 日志?
[英]How to query AWS CloudWatch logs using AWS CloudWatch Insights?
问题描述
I have a lot of AWS Lambda logs which I need to query to find the relevant log stream name,
我有很多 AWS Lambda 日志,我需要查询这些日志以找到相关日志 stream 名称,
I am logging a particular string in the logs,我在日志中记录了一个特定的字符串,
Which I need to do a like or exact query on.我需要对其进行类似或精确的查询。
The log format is something like this -日志格式是这样的 -
Request ID => 572bf6d2-e3ff-45dc-bf7d-c9c858dd5ccd
I am able to query the logs without the UUID string -我可以在没有 UUID 字符串的情况下查询日志 -
But if I mention the UUID in the query, it does not show results -但是如果我在查询中提到 UUID,它不会显示结果 -
Queries used -使用的查询 -
fields @timestamp, @message
| filter @message like /Request ID =>/
| sort @timestamp desc
| limit 20
fields @timestamp, @message
| filter @message like /Request ID => 572bf6d2-e3ff-45dc-bf7d-c9c858dd5ccd/
| sort @timestamp desc
| limit 20
1 个解决方案
解决方案1
0 已采纳 2019-10-08 02:10:30
Have you tried adding an additional filter on the message field to your first query to further narrow your results?您是否尝试在第一个查询的消息字段上添加额外的过滤器以进一步缩小结果范围?
fields @timestamp, @message
| filter @message like /Request ID =>/
| filter @message like /572bf6d2-e3ff-45dc-bf7d-c9c858dd5ccd/
| sort @timestamp desc
| limit 20
Alternatively if all of your logs follow the same format you could use the parse keyword to split out your UUID field and search on it with something like或者,如果您的所有日志都遵循相同的格式,您可以使用 parse 关键字来拆分您的 UUID 字段并使用类似的内容进行搜索
fields @timestamp, @message
| parse @message "* * Request ID => *" as datetime, someid, requestuuid
| filter uuid like /572bf6d2-e3ff-45dc-bf7d-c9c858dd5ccd/
| sort @timestamp desc
| limit 20
Also try widening your relative time range at the top right of the query, just in case the request you're looking for has dropped outside of the 1hr range since attempting the first query.还可以尝试在查询的右上角扩大您的相对时间范围,以防您要查找的请求在尝试第一次查询后超出 1 小时范围。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.