I got a query with @message result which looks like this: query: fields ContainerName, MemoryUtilized | filter Type like 'Container' | filter ContainerName not like '~internal~' and ContainerName not like 'log_router' | filter ContainerName like '-core' | limit 16
output:
Field Value
@ingestionTime
1678369720146
@log
590308924307:/aws/ecs/containerinsights/dev-clients/performance
@logStream
AgentTelemetry-b18071c1d2c64e7492ab5ad40658de3e
@message
{"Version":"0","Type":"Container","ContainerName":"solaris-core","TaskId":"0e43d5a866354de2aa2d2c88144f3891","TaskDefinitionFamily":"solaris","TaskDefinitionRevision":"94",....}
@timestamp
1678369560000
ClusterName
dev-clients
ContainerInstanceId
b18071c1d2c64e748662ab5ad40658
ContainerKnownStatus
RUNNING
ContainerName
solaris-core
how I can parse the above in cloudwatch log insgiht query, in a way I will get 'Type' and 'ContainerName' new ephemeral fields
Thanks
I try to run and it didn't help
fields ContainerName, MemoryUtilized | filter Type like 'Container' | filter ContainerName not like '~internal~' and ContainerName not like 'log_router' | filter ContainerName like '-core' | parse @message "'Type':'' ,'ContainerName': ''" as type, con_name | limit 16
