AWS CloudWatch Logs Insights concatenation values

Asked Feb 04 '22 at 09:41

Active Feb 04 '22 at 13:01

Viewed 1,193 times

I would like to move val2 from second row to first row and show just one row for this @timestamp value. There are have same @timestamp value.

What I have for now

@timestamp	id	value1	value2
2022-02-04T12:21:51.085+03:00	test-id	val1
2022-02-04T12:21:51.085+03:00			val2

What I expect:

@timestamp	id	value1	value2
2022-02-04T12:21:51.085+03:00	test-id	val1	val2

Here is my query:

fields @timestamp, @message 
| parse @message /-(?<requestId>([A-Za-z0-9]{5,})).*id=(?<id>[^,]+).*x-value1=(?<value1>([A-Za-z0-9-_,()!@#$%<>:*?\s]+[.]{1}[A-Za-z]{3,4}))/ 
| filter strcontains(@message, 'x-value1=') or strcontains(@message, concat(requestId, ') Method request body before transformations: {')) 
| parse @message "Method request body before transformations: {*}" as value2 
| display @timestamp, id, value1, value2

edited Feb 04 '22 at 13:01

asked Feb 04 '22 at 09:41

alexigov

Logs insights can only operate on a single message at a time. – gshpychka Feb 04 '22 at 10:58
Are you able to solve this? – Ali Hasan Jun 02 '22 at 15:19

AWS CloudWatch Logs Insights concatenation values

0 Answers0