Hi
I'm currently experiencing issues when trying to use the "isValidIp" function for filtering logs in CloudWatch
fields @timestamp, StatusCode, RequestPath, @@m, isValidIp(Host),!(isValidIp(Host))
| filter !(isValidIp(Host))
I expect the query above to filter all logs where "Host" is not a valid IP address, but nothing is being filtered.
At the same time, I render isValidIp(Host)
and !(isValidIp(Host))
and see that these can clearly render the correct values for the function.
Is there some limitation or is my syntax incorrect?
Here is a link to a screenshot of the query and results: https://ibb.co/NSM8qM3