Menu
Current query :
fields @message
| filter @message like /ABCD/
| stats count(@message)
result: @messages 1 55 now need to add more like a filter in this query like/BCDE/,/EFGH/,/IJKL/..... the expected result should be like @ABCD @BCDE @EFGH @IJKL... 55 66 77 88.
Can get like this? all the search keywords must be searched in the entire CloudWatch log.
293
This should work for you:
fields @message
| filter @message like /ABCD|BCDE|EFGH|IJKL/
| fields strcontains(@message, "ABCD") as @CONTAINS_ABCD,
strcontains(@message, "BCDE") as @CONTAINS_BCDE,
strcontains(@message, "EFGH") as @CONTAINS_EFGH,
strcontains(@message, "IJKL") as @CONTAINS_IJKL
| stats sum(@CONTAINS_ABCD) as @ABCD,
sum(@CONTAINS_BCDE) as @BCDE,
sum(@CONTAINS_EFGH) as @EFGH,
sum(@CONTAINS_IJKL) as @IJKL
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
