3

I'm trying to write a query for our cloudwatch log insights so I can see more information based on errors. The query I wrote is this:

      FIELDS coalesce(error.message, err.message) as errorMessage,
             coalesce(error.type, err.type) as errorType
             level
             | FILTER @message like /(?i)(Exception|Error)/
             | stats count(*) as count by errorMessage, level, errorType

I want to include the @message on the output so I can see the stack trace too, but no matter what I try I can't get it to work. I can't seem to find anything on aws documenation, so is something like this possible?

The result I'm getting:

errorMessage, level, errorType, count

The result I'm trying to have

errorMessage, level, errorType, count, @message

I don't need each error message just one error message so I get the stack trace and the count too.

Argjent
  • 103
  • 2
  • 5
  • Same problem here: `fields device, payload.uptimeFormatted, payload.uptimeMillis as UptimeInMilliseconds | filter device like /.+/ | filter UptimeInMilliseconds like /.+/ | stats max(UptimeInMilliseconds) as MaxUptimeInMilliseconds group by device | sort MaxUptimeInMilliseconds desc` I try to group all the uptime entries (one device published multiple messages as it published every hour) by the most recent one and then I want to print that uptime in millis, but also the one that is already human readable. Can't get it to work – GC268DM Aug 18 '22 at 15:18
  • Did you ever get this working? Seems like a really necessary feature. – snowe Jul 13 '23 at 21:29

0 Answers0