0

I am trying to get one log result per @message instead of having an aggregated one. See image

The query I am running is this

fields @timestamp, @message, @logStream
| parse @logStream /.*\/.*\/(?<step>.*?)\/.*/
| display @timestamp, step, @message
| parse @message /^.*Workflow\:\s(?<@workflow>\d*)/
| sort @timestamp desc
| limit 100

image example

Richard
  • 15
  • 1
  • 4

0 Answers0