I'm trying to compare the contents of one ephemeral field to those of another within CloudWatch Logs Insights. The contents are "CompanyRequestID"s, parsed from the log stream @message, and the @requestId in the lambda Report. The requestIds are just strings like 1234-678-5476
In "English" I'm trying to write:
Filter IF contents of parsed-ephemeral-field (CompanyRequestID) equals exactly the contents of @requestId
fields @message, @timestamp, @requestId, @billedDuration
| parse @message "XXXX=*, CompanyGeneratedRequestID=*, XXXX=*" as X1, CompanyRequestID, X2
| display CompanyRequestID, @requestId, @billedDuration
As you can see, the fields don't align in the table as they're from different "types".
I want to essentially (but I can't figure out how):
| filter CompanyRequestID = @requestId
| stats sum(@billedDuration)
Once I can filter matching requestIds then I can sum the billedduration etc
Thanks in advance! New to this and struggling!
