Menu
I have logfiles which contain specific spring patterns. These string patterns occur frequently per log event. For example:
<abc>108</abc>xyz<abc>22222</abc>
I want to count the occurence of <abc> for a specific period of time in CloudWatch.
I did this to count the occurences per minute:
fields @timestamp
| parse @message "<abc>" as abc
| filter strcontains(@message, "<abc>")
| stats count(abc) by bin(1m)
But it just counts one for a log event that contains <abc> at least once. In the example above I would expect two.
How can I achieve this?
332
asked Oct 23 '25 17:10
I don't see a single function that will give you what you need, but you can do something like this:
fields @timestamp, @message
| filter strcontains(@message, "<abc>")
| fields (strlen(@message)-strlen(replace(@message, "<abc>", ""))) / strlen("<abc>")
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
