CloudWatch Insights 查詢:格式化 DateTime 字符串以進行分組
[英]CloudWatch Insights query: Format a DateTime string for grouping
原文
2021-05-07 20:28:19
8
2
amazon-web-services/
amazon-cloudwatch/
amazon-cloudwatchlogs/
aws-cloudwatch-log-insights
問題描述
我有 json 格式的 CloudWatch 日志,其條目類似於:
{
"message": "resource_liked",
"context": {
"date": {
"date": "2021-05-07 16:52:11.000000",
"timezone_type": 3,
"timezone": "UTC"
},
...
我正在嘗試編寫一個 CloudWatch 洞察查詢來制作一個簡單的直方圖:每小時日志中的事件數。
但是,我不能使用日志條目的@timestamp屬性。 我需要在條目的消息正文中使用context.date.date 。
使用@timestamp編寫這個查詢很簡單:
stats count(*) by datefloor(@timestamp, 1h)
但是,我不確定如何使用消息的context.date.date來代替。
我假設我需要將看起來像2021-05-07 16:52:11.000000的日期時間格式化為 aws 理解為日期時間的東西,但我找不到如何。
到目前為止我嘗試過的
stats count(*) by datefloor(context.date.date, 1h) -> "Invalid Date"
stats count(*) by datefloor(toMillis(context.date.date), 1h) -> "Invalid Date"
stats count(*) by datefloor(substr(context.date.date, 0, 19), 1h) -> “無效日期”
stats count(*) by datefloor(concat(replace(substr(context.date.date, 0, 23), ' ', 'T'), '-00:00'), 1h) -> 無效日期。 這使得該字段看起來與 @timestamp 的顯示方式完全相同。
2 個解決方案
解決方案1
0 2021-05-20 09:14:32
| parse @message '"date": "*:' as hour
| stats count() as cnt by hour
解決方案2
0 2022-01-02 15:57:53
可能有助於將字符串日期時間轉換為數值毫秒,請注意,由於閏年計算,最大年份為 2100。
fields "2021-05-07 16:52:11.000000" as reqDateTime
| parse reqDateTime "*-*-* *:*:*.*" as reqYear, reqM, reqD, reqH, reqMin, reqSec, reqMilliSec
| fields reqYear - 1970 as reqYearDiff, reqYear % 4 == 0 as reqIsLeapYear, reqM/1 as reqMonth, reqD/1 as reqDay, reqH/1 as reqHour, reqMin/1 as reqMinute, reqSec/1 as reqSecond, reqMilliSec/1 as reqMilliSecond
| fields ((reqYearDiff * 365) + ((reqYear % 4 == 1) * 1) + floor(reqYearDiff / 4) # as yearsToDays
+ ((reqMonth == 2) * 31) #
+ ((reqMonth == 3) * 59) #
+ ((reqMonth == 4) * 90) #
+ ((reqMonth == 5) * 120) #
+ ((reqMonth == 6) * 151) #
+ ((reqMonth == 7) * 181) #
+ ((reqMonth == 8) * 212) #
+ ((reqMonth == 9) * 243) #
+ ((reqMonth == 10) * 273) #
+ ((reqMonth == 11) * 304) #
+ ((reqMonth == 12) * 334) #
+ ((reqMonth > 2) and (reqIsLeapYear == 1)) # as monthsToDays
+ reqDay - 1) * 24 * 60 * 60 * 1000 # as daysToMilliSeconds
+ reqHour * 60 * 60 * 1000 # as hoursToMilliSeconds
+ reqMinute * 60 * 1000 # as minutesToMilliSeconds
+ reqSecond * 1000 # as secondsToMilliSeconds
+ reqMilliSecond
as reqMilliSeconds
| display reqMilliSeconds, fromMillis(reqMilliSeconds), reqYear, reqMonth, reqDay, reqHour, reqMinute, reqSecond, reqMilliSecond
| limit 1
CloudWatch Insights 過濾到僅包含查詢字符串的主頁請求
[英]CloudWatch Insights filter to only homepage requests including with query string
使用 CloudWatch Insights 在 Glue Query 中查詢 Python 日志
[英]Query Python logs in Glue Query with CloudWatch Insights
在 AWS Cloudwatch Logs Insights 上按時間戳查詢過濾
[英]Filter by timestamp query on AWS Cloudwatch Logs Insights
如何使用 AWS CloudWatch Insights 查詢 AWS CloudWatch 日志?
[英]How to query AWS CloudWatch logs using AWS CloudWatch Insights?
AWS Cloudwatch Log Insights - 替換字符串 function
[英]AWS Cloudwatch Log Insights - replace string function
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
Amazon CloudWatch Insights 查詢
CloudWatch Insights 過濾到僅包含查詢字符串的主頁請求
使用 CloudWatch Insights 在 Glue Query 中查詢 Python 日志
Cloudwatch Insights查詢結果保留多長時間?
Cloudwatch 見解,按 JSON 個值的值查詢圖形?
在 AWS Cloudwatch Logs Insights 上按時間戳查詢過濾
如何使用 AWS CloudWatch Insights 查詢 AWS CloudWatch 日志?
AWS Cloudwatch Log Insights - 替換字符串 function
如何在見解查詢中按其值拆分 Cloudwatch 字段
CloudWatch Logs 洞察查詢以獲取給定字符串的計數
相關標簽