How to query AWS CloudWatch logs using AWS CloudWatch Insights?
I have a lot of AWS Lambda logs which I need to query to find the relevant log stream name,
I am logging a particular string in the logs,
Which I need to do a like or exact query on.
The log format is something like this -
Request ID => 572bf6d2-e3ff-45dc-bf7d-c9c858dd5ccd
I am able to query the logs without the UUID string -
But if I mention the UUID in the query, it does not show results -
Queries used -
fields @timestamp, @message
| filter @message like /Request ID =>/
| sort @timestamp desc
| limit 20
fields @timestamp, @message
| filter @message like /Request ID => 572bf6d2-e3ff-45dc-bf7d-c9c858dd5ccd/
| sort @timestamp desc
| limit 20
Answer
Have you tried adding an additional filter on the message field to your first query to further narrow your results?
fields @timestamp, @message
| filter @message like /Request ID =>/
| filter @message like /572bf6d2-e3ff-45dc-bf7d-c9c858dd5ccd/
| sort @timestamp desc
| limit 20
Alternatively if all of your logs follow the same format you could use the parse keyword to split out your UUID field and search on it with something like
fields @timestamp, @message
| parse @message "* * Request ID => *" as datetime, someid, requestuuid
| filter uuid like /572bf6d2-e3ff-45dc-bf7d-c9c858dd5ccd/
| sort @timestamp desc
| limit 20
Also try widening your relative time range at the top right of the query, just in case the request you're looking for has dropped outside of the 1hr range since attempting the first query.