Cloudwatch Log Insights Query
0
I want to be able to filter the eventName of S3 by PutObject and CopyObject.
fields @timestamp, @message, @logStream, @log, detail.eventName
| sort @timestamp desc
| limit 1000
| filter detail.eventName in ["PutObject", "CopyObject"]
The above query only returns 1 result which I expect more
fields @timestamp, @message, @logStream, @log, detail.eventName
| sort @timestamp desc
| limit 1000
| filter detail.eventName in ["PutObject"]
Also returns one result
fields @timestamp, @message, @logStream, @log, detail.eventName
| sort @timestamp desc
| limit 1000
| filter detail.eventName="PutObject"
Returns a few result which is correct.
How do I set the filter so that the result returns EventName is either PutObject and CopyObject.
질문됨 2달 전523회 조회
1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
1
Try this and let me know if it works:
fields @timestamp, @message, @logStream, @log, detail.eventName | sort @timestamp desc | limit 1000 | filter (detail.eventName="PutObject" or detail.eventName="CopyObject")
관련 콘텐츠
AWS 공식업데이트됨 2년 전- AWS 공식업데이트됨 2년 전
- AWS 공식업데이트됨 2년 전
Yes, it works! What didn't "in" work when applying it to the filter?