AWS Log Insights Query With String Contains
Answer :
I think you need to select them as fields and then filter on their value. e.g:
fields @timestamp, @message, strcontains(@message, "user not found") AS unf | filter unf=1 | sort @timestamp desc | limit 20 Or use regex
fields @timestamp, @message | filter @message like /User\snot\sfound/ | ... (haven't tested them)
This should work fine
fields @timestamp, @message | filter @message like /user not found/ | sort @timestamp desc | limit 20
Comments
Post a Comment