CloudWatch Logs insights Query to Get count of Given strings

Question

I have a CloudWatch log group that contains log statements in bulk, here I want to filter the logs which contain the string "ABC".

Then I want the count of "XYZ", "PQR",

My current approach:

fields @message
| filter @message like /ABC/
| filter @message like /XYZ/
| stats count() as XYZ_COUNT

fields @message
| filter @message like /ABC/
| filter @message like /PQR/
| stats count() as PQR_COUNT

Can we achieve it in a single query instead?

score 4 · Accepted Answer · answered Sep 13 '22 at 13:38

After digging the docs I got the way we can do it, here it is.

fields @message
| filter @message like /ABC/
| parse @message 'XYZ' as @xyz
| parse @message 'PQR' as @pqr
| stats count(@xyz) as XYZ_COUNT, count(@pqr) as PQR_COUNT

Let me know if any better approach is there.

CloudWatch Logs insights Query to Get count of Given strings

1 Answers1