How to write AWS Log Insights query for multiple string patterns

Question

I want to write a log insights query to search for multiple string patterns in log groups.

I know that I can use the following query to find a specific string in logs :

 fields @timestamp, @message
| filter @message like "test string"
| sort @timestamp desc

But, I want to extend this to find multiple string patterns with regular expressions.

Can someone help to understand how to achieve this. I tried looking in internet and reading aws document but could not figure out how to do.

@OmarRosadio I am trying to do breach monitoring for log4jshell issue .. so looking for patterns like : jndi: etc — Sushil, Dec 23 '21 at 14:30

score 1 · Answer 1 · answered Aug 03 '22 at 23:58

1

How about using slashes, rather than quotes. That searches a regex pattern:

fields @timestamp, @message
| filter @message like /test string/
| sort @timestamp desc

answered Aug 03 '22 at 23:58

Lode

score 1 · Answer 2 · answered Dec 16 '22 at 11:45

I use the bellow syntax when I search for multiple strings:

Match all messages that have both 'string1' and 'string2':

fields @timestamp, @message 
| filter @message like 'string1' and  @message like 'string2'
| sort @timestamp desc
| limit 20```

Match all messages that have either 'string1' or 'string2':

fields @timestamp, @message
| filter @message like 'string1' or  @message like 'string2'
| sort @timestamp desc
| limit 20```

2 Answers2