I followed the instructions from documentation, but could not find it useful in my scenario. https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html#extract-log-event-values
I am able to filter json values as well as columns data, but unable to filter for example took_millis[19] value from the log. I tried multiple filters like this [,,,,,,took_millis >= 100,...], [,,,,,,f7=took, milliseconds>=100,...] but no luck so far.
I want to filter slow log queries that are taking more than 100ms.
Example log data for elasticsearch slow queries is attached. Please have a look and share the filter pattern for cloudwatch events.
[2021-11-22T01:25:17,133][WARN ][index.search.slowlog.query] [319eDpW] [locations][1] took[19.3ms], took_millis[19], types[data_en], stats[], search_type[QUERY_THEN_FETCH], total_shards[6], source[...]
