By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Cannot filter using the isValidIp function in CloudWatch

0

Hi

I'm currently experiencing issues when trying to use the "isValidIp" function for filtering logs in CloudWatch

fields @timestamp, StatusCode, RequestPath, @@m, isValidIp(Host),!(isValidIp(Host))
| filter !(isValidIp(Host))

I expect the query above to filter all logs where "Host" is not a valid IP address, but nothing is being filtered. At the same time, I render isValidIp(Host) and !(isValidIp(Host)) and see that these can clearly render the correct values for the function.

Is there some limitation or is my syntax incorrect?

Here is a link to a screenshot of the query and results: https://ibb.co/NSM8qM3

Topics
Management & Governance
Tags
Amazon CloudWatch
Language
English
jn-vuffeli
asked 2 years ago208 views
1 Answer
0

I couldn't see the screenshot you shared, so I'm guessing a little here...

IsValidIp will return a boolean (true if valid), so I think you will need to use it in a condition in filter.

For example

| filter isValidIp(Host)

Hope that helps!

AWS
AWS-SA
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content