Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

AWS CloudWatch Log Metric Filter with JSON key has character space

Tags:

amazon-cloudwatchlogs

amazon-cloudwatch-metrics

When creating an AWS CloudWatch Log Metric Filter, how would you match terms in JSON Log Events where the key has a character space in the name?

For example, let's assume there's a log line with JSON element like the following...

{"Event":"SparkListenerLogStart","Spark Version":"2.4.0-SNAPSHOT"}

How would you reference the "Spark Version"? $."Spark Version", $.Spark Version, $.Spark\ Version, and $.[Spark Version] don't work.

I couldn't find the answer in the AWS Filter and Pattern Syntax documentation.

like image 845
Max Avatar asked Sep 17 '18 01:09

Max

People also ask

What are Cloudwatch Logs metric filters?

CloudWatch Logs Metric Filters allow you to create filter patterns to search for and match terms, phrases, or values in your CloudWatch Logs log events, and turn these into metrics that you can graph in CloudWatch Metrics or use to create a CloudWatch Alarm.

What is Amazon CloudWatch logs dimension support?

Amazon CloudWatch Logs announces Dimension support for Metric Filters. CloudWatch Logs Metric Filters allow you to create filter patterns to search for and match terms, phrases, or values in your CloudWatch Logs log events, and turn these into metrics that you can graph in CloudWatch Metrics or use to create a CloudWatch Alarm.

How do I increase the value of a CloudWatch metric?

When a metric filter finds one of the terms, phrases, or values in your log events, you can increment the value of a CloudWatch metric. For example, you can create a metric filter to search for and count the occurrence of the word ERROR in your log events.

How do I use Cloudwatch Logs insights?

CloudWatch Logs Insights lets you interactively query and analyze your log data. The query can be applied to single or multiple log groups of your choice, and within an absolute or relative timeframe of your interest. This is especially helpful if you would like to identify potential root causes when an incident occurs.

Video Answer

1 Answers

At the time of writing, this is not possible. AWS will probably fix that at some point, but for now the only workaround would be to use the non-JSON syntax and search for the exact string. The following filter:

"\"Spark Version\":\"2.4.0-SNAPSHOT\""

will match:

{"Event":"SparkListenerLogStart","Spark Version":"2.4.0-SNAPSHOT"}
like image 116
Daniel Vassallo Avatar answered Sep 18 '22 08:09

Daniel Vassallo
Sign in to Comment

Related questions

Add CloudWatch Logs to To SNS Email
AWS logs agent setup
How to send Cloudwatch log details via email?
How to get an alarm when there are no logs for a time period in AWS Cloudwatch?
AWS CloudWatch logs: How to send an email notification when particular error message is logged by lambda
How to setup Cloudwatch log for a Lambda created in Cloudformation
Unable to get aws:PrincipalOrgID to work with creating subscription filter
Trying to use Logstash to index FROM Cloudwatch Logs
AWS CloudWatch: EndpointConnectionError: Could not connect to the endpoint URL
AWS Lambda error There was an error loading Log Streams
Cloudwatch Logs Insights working with multiple @messages
Create a logStream for each log file in cloudwatchLogs
CloudWatchLogs line length limit
CloudWatch agent doesn't recognize presence of IAM Role
What are Vended Logs in AWS CloudWatch?
Using regular expression filter as aws cloudwatch logs metric filter
AWS Cloud Watch: Metric Filter Value Extraction
Aws Batch not logging to Cloudwatch
Enable cloudwatch logs for kinesis firehose cloudformation

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!