CloudWatch Logs Insight queries
Hello, good evening.
I'm doing a query in CloudWatch Logs Insight to get two date fields, calculate the difference, and display all three fields on the same line.
I extract the two fields (startdate, enddate) with regular expressions. ¿Is it possible to do that operation in CloudWatch?
If you can help me I appreciate a lot.
Thank you so much
- Newest
- Most votes
- Most comments
How about toMillis(startdate) - toMillis(enddate) to give you the difference?
This may work? You may have to put your regex into the fields line to output the result..
fields startdate,enddate,toMillis(startdate) - toMillis(enddate)
Hello,
You can further parse the startdate and enddate to calculate the time difference. I've illustrated this with example log events.
Log event 1: 2023-03-16T23:24:38.973 2023-03-16T23:24:40.586 Log event 2: 2023-03-16T23:23:38.973 2023-03-16T23:24:40.000
Following query will parse the timestamps to 4 segments: date, hours, minutes, seconds
Difference between start and end time is calculated and multiplied to convert the difference to seconds.
PARSE @message "T:: T::" as startdate, s_hour, s_min, s_sec, enddate, e_hour, e_min, e_sec | fields (((e_hour - s_hour) * 3600) + ((e_min - s_min) * 60) + (e_sec - s_sec)) as TimeDifference | display @message, TimeDifference
Relevant content
- asked 5 years ago
- asked 10 months ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
