TechQA.

Cloudwatch logs "AND NOT" search

2.6k views Asked by At

I'm searching Cloudwatch log events for errors with the following criteria:

?"error" ?"ERROR" ?"Error:"

How can I exclude specific terms from the result? For example, if I don't care about specific_error, how can I specify not to match on it?

I'm expecting to be able to do something like:

(?"error" AND -"specific_error") ?"ERROR" ?"Error:"
amazon-cloudwatchlogs
Original Q&A
1

There are 1 answers

0
rotarydial On BEST ANSWER

In the CloudWatch console, this can be accomplished with the - operand before the term you wish to exclude:

"error" -"something minor happened"

This is from the AWS docs for "Matching terms in log events".

cloudwatch exclusive filter

Similarly, using aws logs tail, you can pass this to the --filter-pattern argument:

$ aws logs tail --format short /aws/lambda/my_lambda --filter-pattern '"error" -"something minor happened"' --since 3h

2021-07-09T19:28:47 error:   something bad happened
2021-07-09T19:28:51 error:   something bad happened
2021-07-09T19:29:52 error:   something REALLY bad happened
2021-07-09T19:30:15 error:   something CATASTROPHIC happened! Aiee!
2021-07-09T19:30:36 error:   something bad happened

Related Questions in AMAZON-CLOUDWATCHLOGS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions