AWS Log Insights Query - Filter Begins with specific IP address

Question

Is it possible to query log insights data and filter based on IP addresses that start with specific values. The query below is returning too much data... In addition to returning data that begin with 98, it is also returning data with IP addresses that have 98 in the middle of the string.

fields @timestamp, @message, @logStream, @log
| filter (event.src_ip like /98./) 
| sort @timestamp desc
| limit 20

score 0 · Answer 1 · answered Mar 24 '23 at 18:56

0

I believe I have found the answer using Regular Expressions. I needed to use the ^ character at the beginning of the expression.

fields @timestamp, @message, @logStream, @log
| filter (event.src_ip like /^98./) 
| sort @timestamp desc
| limit 20

answered Mar 24 '23 at 18:56

Paul Wasserman

137
2
13

AWS Log Insights Query - Filter Begins with specific IP address

1 Answers1