amazon-cloudwatch - Cloudwatch 洞察查询修改

Question

Current query :
fields  @message
| filter @message like /ABCD/
| stats count(@message)

结果：@messages 1 55 现在需要在此查询中添加更多类似过滤器的内容，例如 /BCDE/,/EFGH/,/IJKL/..... 预期结果应该类似于 @ABCD @BCDE @EFGH @IJKL.. . 55 66 77 88。

能弄成这样吗？必须在整个 CloudWatch 日志中搜索所有搜索关键字。

score 7 · Accepted Answer

这应该适合你：

fields  @message
| filter @message like /ABCD|BCDE|EFGH|IJKL/ 
| fields strcontains(@message, "ABCD") as @CONTAINS_ABCD,
         strcontains(@message, "BCDE") as @CONTAINS_BCDE,
         strcontains(@message, "EFGH") as @CONTAINS_EFGH,
         strcontains(@message, "IJKL") as @CONTAINS_IJKL
| stats sum(@CONTAINS_ABCD) as @ABCD, 
        sum(@CONTAINS_BCDE) as @BCDE, 
        sum(@CONTAINS_EFGH) as @EFGH, 
        sum(@CONTAINS_IJKL) as @IJKL

amazon-cloudwatch - Cloudwatch 洞察查询修改

1 回答 1

Related

Reference