带有 JSON 字段的 Amazon Cloudwatch Logs Insights [英] Amazon Cloudwatch Logs Insights with JSON fields

查看:37
本文介绍了带有 JSON 字段的 Amazon Cloudwatch Logs Insights的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试将 Logs Insights 与其中一个字段中包含 JSON 的数据一起使用,并解析 JSON 字段

I am trying to use Logs Insights with data containing JSON in one of the fields, and to parse the JSON fields

当我将数据与入门代码一起放入见解时,我的数据如下所示

My data looks like the following when I put it in insights with the starter code

fields @timestamp, @message
| sort @timestamp desc
| limit 25

如何轻松提取嵌套 JSON 中的 path 变量以对其执行聚合?通过查看一些文档,我认为 @message.path 会起作用,但似乎并非如此.有没有人在 Insights 中成功解释过 JSON 日志

How can I easily extract the path variable in my nested JSON to perform aggregations on it ? By looking at some documentation, I thought @message.path would work but it does not seem so. Has anyone successfully interpreted JSON logs in Insights

我的数据示例

#
@timestamp
@message
1
2018-12-19 23:42:52.000
I, [2018-12-19T23:42:52.629855 #23447] INFO -- : [2ce588f1-c27d-4a55-ac05-62a75b39e762] {"method":"GET","path":"/api/v1/professionals/ID","format":"json","controller":"API::V1::Public::ProfessionalsController","action":"show","status":200,"duration":285.27,"view":222.36,"time":"2018-12-19T23:42:52.344+00:00","params":{"include":"user,tags,promotions,company_sector,similar_professionals.tags,similar_professionals.user","format":"json","compress":false,"id":"ID"},"@timestamp":"2018-12-19T23:42:52.629Z","@version":"1","message":"[200] GET /api/v1/professionals/ID (API::V1::Public::ProfessionalsController#show)"}
@logStream  i-05d1d61ab853517a0
@message  I, [2018-12-19T23:42:52.629855 #23447] INFO -- : [2ce588f1-c27d-4a55-ac05-62a75b39e762] {"method":"GET","path":"/api/v1/professionals/ID","format":"json","controller":"API::V1::Public::ProfessionalsController","action":"show","status":200,"duration":285.27,"view":222.36,"time":"2018-12-19T23:42:52.344+00:00","params":{"include":"xxx","format":"json","compress":false,"id":"ID"},"@timestamp":"2018-12-19T23:42:52.629Z","@version":"1","message":"[200] GET /api/v1/professionals/ID (API::V1::Public::ProfessionalsController#show)"}
@timestamp  1545262972000
2
2018-12-19 23:42:16.000
I, [2018-12-19T23:42:16.723472 #851] INFO -- : [ea712503-eb86-4a6e-ab38-ddbcd6c2b4d0] {"method":"GET","path":"/api/v1/heartbeats/new","format":"json","controller":"API::V1::Public::HeartbeatsController","action":"new","status":201,"duration":9.97,"view":3.2,"time":"2018-12-19T23:42:16.712+00:00","params":{"format":"json","compress":false},"@timestamp":"2018-12-19T23:42:16.722Z","@version":"1","message":"[201] GET /api/v1/heartbeats/new (API::V1::Public::HeartbeatsController#new)"}

推荐答案

CloudWatch Insights Logs 自动发现以下日志类型的字段:

CloudWatch Insights Logs automatically discovers fields for the following log types:

CloudWatch Logs Insights 自动发现 Lambda 日志中的日志字段,但仅针对每个日志事件中的第一个嵌入的 JSON 片段(注意:重点是我的).如果 Lambda 日志事件包含多个 JSON 片段,您可以使用 parse 命令解析和提取日志字段.有关更多信息,请参阅 JSON 日志中的字段.

Lambda logs

CloudWatch Logs Insights automatically discovers log fields in Lambda logs, but only for the first embedded JSON fragment in each log event (Note: emphasis mine). If a Lambda log event contains multiple JSON fragments, you can parse and extract the log fields by using the parse command. For more information, see Fields in JSON Logs.

请参阅字段在 JSON 日志中.

来源: 支持日志和发现的字段

如果 @messageI, [2018-12-11T13:20:27] INFO -- : {method":GET"}

然后您可以像这样选择和过滤字段:

Then you can select and filter the fields like so:

fields @timestamp, @message, method
| filter method = "GET"
| sort @timestamp desc

它也适用于嵌套字段,即 params.format = "json"results.0.firstName = "Paul".

It works with nested fields too, i.e. params.format = "json" or results.0.firstName = "Paul".

这篇关于带有 JSON 字段的 Amazon Cloudwatch Logs Insights的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆