- 最新
- 投票最多
- 评论最多
Hi Andyn,
That {$.requestId="abc123"} looks like a valid filter for JSON formatted logs, and yes it is supported and it should work if the log event(s) are in the log group. You can check more details from (1).
I just checked the 'log event' and 'filter pattern' you have provided which is working as expected on my end with replication. Have you checked the retention policy of the Log Group ? and whether the log event(s) that should be matching are recent(not past the Retention policy period)?
For instance, to check whether your filter pattern is working or not you can setup a test Log Group/Log Stream and create log event using the Console. The steps are -> CW Console -> Log Groups -> go into the Log Stream -> Action -> Create log event. Then you can test with adjusting the filter with matching and non-matching patterns to see if the filter works or not.
If you are still encountering problems filtering the log events, please try with specific and short time ranges rather than just filtering with default settings on the console. Further, if you have a Premium Support subscription consider creating Technical Support case under CloudWatch Logs service so that we can assist you in a private setting.
(1) Filter and pattern syntax - Matching terms in JSON log events - https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html#matching-terms-events-json
Thanks
Try to run it from Logs Insights and using smth like filter requestId="abc123"
Some doc is here: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_AnalyzeLogData_RunSampleQuery.html
相关内容
AWS 官方已更新 2 年前- AWS 官方已更新 2 年前
- AWS 官方已更新 2 年前
The filter works when I manually create the log event and search it. Problem seems to be searching older events. They just dont show up. I have log events from 2 weeks ago. I set the search range to 4 weeks. Still does not find it. I am testing this because I noticed that our log group metric filter alarms are not working because the filter is not catching events. The filter works when I test them when creating the alarm, but when I test them manually in log group filter it does not work. The alarms are not getting triggered because the {$.xxx} filter thing is not working. I will probably need to resort to straight text string matching. Something definitely wrong here with filtering.