Skip to content

Instantly share code, notes, and snippets.

@ajorpheus

ajorpheus/cwl_insights_parse_regex.sh

Forked from vatshat/cwl_insights_parse_regex.sh
Created February 22, 2023 17:34
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ajorpheus/56cda5abf04ab2f73b4b1ec394ae6297 to your computer and use it in GitHub Desktop.
Save ajorpheus/56cda5abf04ab2f73b4b1ec394ae6297 to your computer and use it in GitHub Desktop.
Download ZIP
An example of how to use regex in the parse statement of a CloudWatch Insights query
Raw
cwl_insights_parse_regex.sh
#!/usr/bin/env bash
query_string=$(cat << EndOfMessage
fields @timestamp, @logStream, headers.X-Amzn-Trace-Id, @transId, @message
| parse @message /(transactionId:[ ]?)(?<@transId>[a-zA-Z0-9]+)/
| filter @transId = a4c475516be5445a87fbb81bb7a4b365
EndOfMessage
) \
&& \
query_id=`aws logs start-query --log-group-name /aws/lambda/console_log \
--start-time $(TZ='UTC' date -d "-1 day" +%s%3N) \
--end-time $(TZ='UTC' date +%s%3N) \
--query-string "$query_string" --output text` \
&& \
aws logs get-query-results --query-id $query_id | python -m json.tool
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment