Cloudwatch Log Insights Query
0
I want to be able to filter the eventName of S3 by PutObject and CopyObject.
fields @timestamp, @message, @logStream, @log, detail.eventName
| sort @timestamp desc
| limit 1000
| filter detail.eventName in ["PutObject", "CopyObject"]
The above query only returns 1 result which I expect more
fields @timestamp, @message, @logStream, @log, detail.eventName
| sort @timestamp desc
| limit 1000
| filter detail.eventName in ["PutObject"]
Also returns one result
fields @timestamp, @message, @logStream, @log, detail.eventName
| sort @timestamp desc
| limit 1000
| filter detail.eventName="PutObject"
Returns a few result which is correct.
How do I set the filter so that the result returns EventName is either PutObject and CopyObject.
已提问 2 个月前523 查看次数
1 回答
- 最新
- 投票最多
- 评论最多
1
Try this and let me know if it works:
fields @timestamp, @message, @logStream, @log, detail.eventName | sort @timestamp desc | limit 1000 | filter (detail.eventName="PutObject" or detail.eventName="CopyObject")
相关内容
AWS 官方已更新 2 年前- AWS 官方已更新 2 年前
- AWS 官方已更新 2 年前
- AWS 官方已更新 2 年前
Yes, it works! What didn't "in" work when applying it to the filter?