Menu
how to I query with contains string in AWS Log insights
fields @timestamp, @message filter @message = "user not found" | sort @timestamp desc | limit 20 fields @timestamp, @message filter @message strcontains("User not found") | sort @timestamp desc | limit 20 
502
Use the sort command to display log events in ascending ( asc ) or descending ( desc ) order. Use the limit command to specify the number of log events that you want your query to return. Use the parse command to extract data from a log field and create an ephemeral field that you can process in your query.
For information about how to create a log group, see Create a log group in CloudWatch Logs in the Amazon CloudWatch Logs User Guide. Choose Actions, and then choose Create metric filter. For Filter Pattern, enter { $. latency = * } , and then choose Next.
This should work fine
fields @timestamp, @message | filter @message like /user not found/ | sort @timestamp desc | limit 20 I think you need to select them as fields and then filter on their value. e.g:
fields @timestamp, @message, strcontains(@message, "user not found") AS unf | filter unf=1 | sort @timestamp desc | limit 20 Or use regex
fields @timestamp, @message | filter @message like /User\snot\sfound/ | ... (haven't tested them)
30
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
