My objective is to create a mechanism for exporting CloudWatch logs to S3 on a case-by-case basis. Given my logs appear in the following format:
{ "level": "error", "message": "Oops", "errorCode": "MY_ERROR_CODE_1" }
{ "level": "info", "message": "All good" }
{ "level": "info", "message": "Something else" }
I'd like the export to only include the error logs. Using create-export-task, is it possible to use the query
param to filter the response data given the above log structure?
I'm not sure whether the log structure is incorrect for this use or if I have misunderstood the purpose of the query param.
My JMESPath attempts so far have been unsuccessful. Some attempts include:
aws logs create-export-task \
--log-group-name myGroup \
--log-stream-name-prefix myGroup-test \
--from 1664537580000 \
--to 1664537640000 \
--destination myGroup-archive-ab1 \
--destination-prefix test \
--query '{Message: message, Error: errorCode}'
and same command, but with the following query --query '{Message: .message, Error: .errorCode}'
which produces the following error:
Bad value for --query {Message: .message, Error: .errorCode}: invalid token: Parse error at column 10, token "." (DOT), for expression:
"{Message: .message, Error: .errorCode}"