0

I have a question concerning log insights in aws. How is it possible to fetch all the occurrences in a log ? I tried with and without a regex and the parse will only fetch the first occurrence.

I have a log like this (and multiple entries of this kind of log):

[ERROR] - [{'id': 'id1'}, {'id': 'id2'}, {'id': 'id3'}]

And I want to extract all the ids, so I tried :

parse @message "id': '*'" as id

which return only id1 (the first occurrence) by log

and I also tried a regex :

parse @message /id': '(?<id>\S*)'/

which return only id1 (the first occurrence) as well by log

I expect something like [id1, id2, id3] or multiple line in the result (one by match).

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
Pred05
  • 492
  • 1
  • 3
  • 13

1 Answers1

0

I still haven't found a nice way to handle this, it seems like we can't get more than one result from one log

But maybe you can use the practice shared on the answer linked below and find how many items exist in each message and you can also get list of the values by string manipulation

fields (strlen(@message)-strlen(replace(@message, "'id'", ""))) / strlen("'id'") as count, 
       replace(replace(replace(@message, "}", ""), "},", ","), "{'id': ", "") as list
# would return 3, ['id1', 'id2', 'id3']

https://stackoverflow.com/a/73254710/1762994

Michal Tsadok
  • 143
  • 1
  • 4