By using AWS re:Post, you agree to the Terms of Use
/Cannot filter using the isValidIp function in CloudWatch/

Cannot filter using the isValidIp function in CloudWatch



I'm currently experiencing issues when trying to use the "isValidIp" function for filtering logs in CloudWatch

fields @timestamp, StatusCode, RequestPath, @@m, isValidIp(Host),!(isValidIp(Host))
| filter !(isValidIp(Host))

I expect the query above to filter all logs where "Host" is not a valid IP address, but nothing is being filtered. At the same time, I render isValidIp(Host) and !(isValidIp(Host)) and see that these can clearly render the correct values for the function.

Is there some limitation or is my syntax incorrect?

Here is a link to a screenshot of the query and results:

asked 2 months ago5 views
1 Answers

I couldn't see the screenshot you shared, so I'm guessing a little here...

IsValidIp will return a boolean (true if valid), so I think you will need to use it in a condition in filter.

For example

| filter isValidIp(Host)

Hope that helps!

answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions