create-export-task | Filter CloudWatch logs using JMESpath

1

My objective is to create a mechanism for exporting CloudWatch logs to S3 on a case-by-case basis. Given my logs appear in the following format:

{ "level": "error", "message": "Oops", "errorCode": "MY_ERROR_CODE_1" }
{ "level": "info", "message": "All good" }
{ "level": "info", "message": "Something else" }

I'd like the export to only include the error logs. Using create-export-task, is it possible to use the query param to filter the response data given the above log structure?

I'm not sure whether the log structure is incorrect for this use or if I have misunderstood the purpose of the query param.

My JMESPath attempts so far have been unsuccessful. Some attempts include:

aws logs create-export-task \
    --log-group-name myGroup \
    --log-stream-name-prefix myGroup-test \
    --from 1664537580000 \
    --to 1664537640000 \
    --destination myGroup-archive-ab1 \
    --destination-prefix test \
    --query '{Message: message, Error: errorCode}'

and same command, but with the following query --query '{Message: .message, Error: .errorCode}' which produces the following error:

Bad value for --query {Message: .message, Error: .errorCode}: invalid token: Parse error at column 10, token "." (DOT), for expression: "{Message: .message, Error: .errorCode}"

No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions