CloudWatch | Filter by a string contained in a log stream name
Hello everyone,
CloudWatch logs have the following log group fields:
- Timestamp
- Ingestion time
- Message
- Event ID
- Log stream name
Log fields are inside square brackets and separated by arrows. I would like to exclude logs that contain a particular string in the log field name, underlined red, for example "driver". I tried to do it from the console but the console allows filtering by JSON or text message and message attributes only.
How can I create a metric filter either from aws console or aws cli to exclude logs produced by the log stream that contains string "driver" in the name?
Thank you
- Newest
- Most votes
- Most comments
Hello,
Thank you for reaching out.
To exclude terms in log events using metric filters, you can use the "Not Equal" symbol ("!=") before the term or terms which you want to exclude. For example to exclude the term "driver", you can use the filter below:
[w1!=driver, w2].
The above filter matches all other logs but excludes the log events with the term "driver".
You can test using the symbol in your logs and confirm if this works for you. If you have any challenges, I would recommend opening a case with support and share the sample logs for further insight.
Relevant content
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 months ago
The string "driver" is inside the log stream name not inside the log event itself. I am not sure if I can filter by attributes other than log event. The filter mentioned above isn't working in my case. Thank you