I need to be able to search for certain errors using Cloudwatch logs insights.
I tried to use parse syntax but failed to get any results.
Sample error logs from my forever log
StatusCodeError: 400 - "[{"errorCode":400002,"message":"Field Validation Error","details":"Missing mandatory field dbc.","type":"REQUEST_ERROR","field":"dbc"}]" at new StatusCodeError (/home/ubuntu/admin-portal-backend/node_modules/request-promise-core/lib/errors.js:32:15) [2019-07-28T06:37:21.961Z] ERROR: Admin API/12643 on ip-172-31-72-36: 400 - "[{"errorCode":400002,"message":"Field Validation Error","details":"Missing mandatory field dbc.","type":"REQUEST_ERROR","field":"dbc"}]" (req_id=f141a42d-235f-4a0e-af84-a5264fd251bf) StatusCodeError: 400 - "[{"errorCode":400002,"message":"Field Validation Error","details":"Missing mandatory field dbc.","type":"REQUEST_ERROR","field":"dbc"}]" at new StatusCodeError (/home/ubuntu/admin-portal-backend/node_modules/request-promise-core/lib/errors.js:32:15) [2019-07-28T06:37:23.584Z] ERROR: Admin API/12643 on ip-172-31-72-36: 400 - "[{"errorCode":400002,"message":"Field Validation Error","details":"Missing mandatory field dbc.","type":"REQUEST_ERROR","field":"dbc"}]" (req_id=4716a8b8-c22a-48af-a371-84ebdac741d2) StatusCodeError: 400 - "[{"errorCode":400002,"message":"Field Validation Error","details":"Missing mandatory field dbc.","type":"REQUEST_ERROR","field":"dbc"}]" at new StatusCodeError (/home/ubuntu/admin-portal-backend/node_modules/request-promise-core/lib/errors.js:32:15) [2019-07-28T06:37:24.482Z] ERROR: Admin API/12643 on ip-172-31-72-36: 400 - "[{"errorCode":400002,"message":"Field Validation Error","details":"Missing mandatory field dbc.","type":"REQUEST_ERROR","field":"dbc"}]" (req_id=aca7bbbc-7247-4845-94ef-76ed6abddbc1)
To run a CloudWatch Logs Insights sample queryIn the navigation pane, choose Logs, and then choose Logs Insights. On the Logs Insights page, the query editor contains a default query that returns the 20 most recent log events. In the Select log group(s) drop down, choose one or more log groups to query.
Searching on a massive amount of logs in the cloudwatch logs console can be pretty slow, which is where cloudwatch logs insights comes in.
If you want to search for a specific string in cloudwatch logs insights you could do something like
fields @timestamp, @message
| filter @message like /your text to search/
| sort @timestamp desc
| limit 20
First, change Row to Text to access the logs as plain text:
Then search in the search field:
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With