Log Insights Queries
- Extracting fields from message using parse
fields @timestamp, @message
| parse @message "* - - [*] \"* * \"" as clientip, generated_time, request, other
| sort @timestamp desc
- Further fields
fields @timestamp, @message
| parse @message "* - - [*] \"* / *\" * * * " as clientip, generated_time, request, http, statuscode, size, other
| sort @timestamp desc
* In the log analytics we can use some functions
* Lets get started from stats
* The above query returns a time series data
* Query to show only valid ip addresses responses
fields @timestamp, @message
| parse @message "* - - [*] \"* / *\" * * * " as clientip, generated_time, request, http, statuscode, size, other
| filter isValidIp('clientip')
| display clientip, statuscode
| sort @timestamp desc
- Pricing of Cloud Watch Alarms Refer Here
- Note: Refer Here for the json and yaml tutorial
