0

I have a simple message in the form of json like below in one of the log group. The query that I use is {$.level = "INFO"} This doesn't bring up any result. What could be the problem? Can somebody help please.

{
    "level": "INFO",
    "location": "lambda_handler:31",
    "message": {
        "msg": "abc",
        "event": {
            "Records": [
                {
                   .
                   .
                   .
                 }]
}
}
}
The Enthusiast
  • 93
  • 1
  • 11

1 Answers1

0

Now CloudWatch Log Insights allows to filter based on json fields. The sintax is as following:

Filter based on field 'level'

filter level = 'INFO'
| display level, @message

enter image description here

Filter based on nested fields

filter message.msg != '123'
| display message.msg, @message

enter image description here

Documentation: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_AnalyzeLogData-discoverable-fields.html#CWL_AnalyzeLogData-discoverable-JSON-logs

OARP
  • 3,429
  • 1
  • 11
  • 20