Suppose I have the following Insights query
fields @timestamp, @message
| parse @message 'status=*" as status
| display @timestamp, status, @message
Some log messages don't have a status. I'd like to filter those out. How do I do that?
Asked
Active
Viewed 7,011 times
6
kane
- 5,465
- 6
- 44
- 72
1 Answers
11
You can use the ispresent() function: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html
Like this:
fields @timestamp, @message
| parse @message 'status=*" as status
| display @timestamp, status, @message
| filter ispresent(status)
Dejan Peretin
- 10,891
- 1
- 45
- 54