Metric Filter Creation from CloudWatch Log

Hello there,

I understand that you would like to extract values from Log events using Metric Filter.

Give your Log Event, you can try few methods.

06-22-2022 14:01:01:: 1 DB::TABLE_UPDATE batches- ZZZZ\Noodles\GhostProcessor\Batches::processBatches 0 batches successfully closed {

First, you can use the space-delimited log matching with [date, time, w3, w4, w5, w6, BatchProcessCount, w8] which the BatchProcessCount field will be assigned the number after ..processBatches in your log event.

Second, if you don't know how many space-delimited fields are there in your Log event you can use ellipsis (...) to reference any unnamed fields and if you are only interested in that number. [..., BatchProcessCount, w8=batches, w9=successfully, w10=closed, w11]

In both cases $BatchProcessCount will be extracting the number after ...processBatches in your log event.

You can review the filter pattern syntax detail from 1

Hope this helps,

Thanks

Hi there,

I understand that you want to extract the number 0 after processBatches, but you are not getting your desired results.

By looking at your filter pattern, your log event message, it consists of 10 space-delimited fields, while your filter pattern consists of 3 fields.

This is how I extracted your filter pattern:

06-22-2022 14:01:01:: 1 DB::TABLE_UPDATE batches- ZZZZ\Noodles\GhostProcessor\Batches::processBatches 0 batches successfully closed

[06-22-2022, 14:01:01::, 1, DB::TABLE_UPDATE, batches-, ZZZZ\Noodles\GhostProcessor\Batches::processBatches, number=0, batches, successfully, closed]

Reference: [1] https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html

I hope the above information is helpful. For any concerns, feel free to reach out.