Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo

CloudWatch Log Insights results @LogStream not always clickable.

0

Hi, I notice a strange behavior with Log Insights results.

If the display command ends with @LogStream the stream is not clickable.

But if I add another field after the @LogStream, it become clickable.

fields @timestamp, @message, @logStream
| filter @message like /Error/
# Sadly the below display show the logStream as text.
# | display  @timestamp, @message,  @logStream
# with the below display logStream is clickable.
| display  @timestamp, @message,  @logStream, @log
| limit 80
| sort @timestamp asc
posta 2 anni fa862 visualizzazioni
3 Risposte
1

I tried querying a single log group and it likely inferred it to be that log group. That means even if display ends with @logStream it will show it as a link. However if I query against multiple log groups, I will have to also return the log group name so that the log stream link can be generated.

profile pictureAWS
ESPERTO
con risposta 2 anni fa
1

Hello,

The difference could be generated because of the query being executed against multiple log groups.

When the following query is executed by selecting a single log group, it is understood that the log event in the query result belongs to the selected log group and the log stream link is provided.

fields @timestamp, @message, @logStream | filter @message like /Error/ | display @timestamp, @message, @logStream | limit 80 | sort @timestamp asc

When the same query is executed by selecting multiple log groups, the corresponding log group of the log event cannot be identified and hence the log stream link is not obtained.

@log is a log group identifier in the form of account-id:log-group-name. When querying multiple log groups, this can be useful to identify which log group a particular event belongs to. Refer to the document https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_AnalyzeLogData-discoverable-fields.html Hence, the log stream link can be obtained by executing the following query upon selecting multiple log groups

fields @timestamp, @message, @logStream | filter @message like /Error/ | display @timestamp, @message, @logStream, @log | limit 80 | sort @timestamp asc

Hence, while querying for multiple log groups you will have to use @log in the query to get the log stream link in the query result.

If you have any questions specific to a particular log group, also feel free to raise a case with AWS Support and we can assist you in troubleshooting specifically for a resource.

I trust that you find above information helpful.

AWS
TECNICO DI SUPPORTO
con risposta 2 anni fa
0

The tldr summary of the other posts for clarity:

fields @timestamp, @message, @logStream // Only gives you link when a SINGLE log group is selected
fields @timestamp, @message, @logStream, @log // Adding @log also gives you link when MULTIPLE log groups are selected
con risposta 16 giorni fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande