CloudWatch Log Insights results @LogStream not always clickable.

0

Hi, I notice a strange behavior with Log Insights results.

If the display command ends with @LogStream the stream is not clickable.

But if I add another field after the @LogStream, it become clickable.

fields @timestamp, @message, @logStream
| filter @message like /Error/
# Sadly the below display show the logStream as text.
# | display  @timestamp, @message,  @logStream
# with the below display logStream is clickable.
| display  @timestamp, @message,  @logStream, @log
| limit 80
| sort @timestamp asc
asked 3 months ago54 views
2 Answers
1

I tried querying a single log group and it likely inferred it to be that log group. That means even if display ends with @logStream it will show it as a link. However if I query against multiple log groups, I will have to also return the log group name so that the log stream link can be generated.

profile picture
EXPERT
answered 3 months ago
0

Hello,

The difference could be generated because of the query being executed against multiple log groups.

When the following query is executed by selecting a single log group, it is understood that the log event in the query result belongs to the selected log group and the log stream link is provided.

fields @timestamp, @message, @logStream | filter @message like /Error/ | display @timestamp, @message, @logStream | limit 80 | sort @timestamp asc

When the same query is executed by selecting multiple log groups, the corresponding log group of the log event cannot be identified and hence the log stream link is not obtained.

@log is a log group identifier in the form of account-id:log-group-name. When querying multiple log groups, this can be useful to identify which log group a particular event belongs to. Refer to the document https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_AnalyzeLogData-discoverable-fields.html Hence, the log stream link can be obtained by executing the following query upon selecting multiple log groups

fields @timestamp, @message, @logStream | filter @message like /Error/ | display @timestamp, @message, @logStream, @log | limit 80 | sort @timestamp asc

Hence, while querying for multiple log groups you will have to use @log in the query to get the log stream link in the query result.

If you have any questions specific to a particular log group, also feel free to raise a case with AWS Support and we can assist you in troubleshooting specifically for a resource.

I trust that you find above information helpful.

SUPPORT ENGINEER
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions