Cloudwatch 记录在 concat 输出上合并的洞察力
Cloudwatch logs insight coalesce on concat output
我对 cloudwatch 日志有以下查询
fields replace(path,'%20',' ') as pathz
|parse pathz /^(?<url1>.*) [!A-Z0-9-]*(?<url2>[ˆ!].*)$/
| fields concat(url1, url2) as url
| display coalesce(url,pathz) as furl
解析的 3 个样本路径是:
/v1/routing/pega-public/prweb/api/v1/assignments/ASSIGN-WORKLIST GNR-AUTO-WORK ST-4102!RACCOLTADATIPRELIMINARI_FLOW
/v1/routing/pega-public/prweb/api/DeviceInfoPackage/v1/SetInitialCaseInfomation
/v1/routing/pega-public/prweb/api/v1/cases/GNR-AUTO-WORK 43FFC9776C00474388A664A8A3E24B68
所需的输出是删除数据:
/v1/routing/pega-public/prweb/api/v1/assignments/ASSIGN-WORKLIST GNR-AUTO-WORK RACCOLTADATIPRELIMINARI_FLOW
/v1/routing/pega-public/prweb/api/DeviceInfoPackage/v1/SetInitialCaseInfomation
/v1/routing/pega-public/prweb/api/v1/cases/GNR-AUTO-WORK
但我无法得到它
第三行为空
这是因为 concat 输出没有 return 'null' 可以被 coalesce 跳过
但它 return 是一个匹配的空字符串
我在文档和互联网上的几个示例中进行了深入研究,但没有办法让它正常工作
这样解决了:
fields @timestamp, status, replace(path,'%20',' ') as pathx
|parse pathx /(?<a1>^[^ ]+ *[A-Z-]*)( (?<a2>[A-Z0-9-]+){1,2}(?<a3>.*))*/
|filter
|display concat(a1,a3) as cleanurl
我对 cloudwatch 日志有以下查询
fields replace(path,'%20',' ') as pathz
|parse pathz /^(?<url1>.*) [!A-Z0-9-]*(?<url2>[ˆ!].*)$/
| fields concat(url1, url2) as url
| display coalesce(url,pathz) as furl
解析的 3 个样本路径是:
/v1/routing/pega-public/prweb/api/v1/assignments/ASSIGN-WORKLIST GNR-AUTO-WORK ST-4102!RACCOLTADATIPRELIMINARI_FLOW
/v1/routing/pega-public/prweb/api/DeviceInfoPackage/v1/SetInitialCaseInfomation
/v1/routing/pega-public/prweb/api/v1/cases/GNR-AUTO-WORK 43FFC9776C00474388A664A8A3E24B68
所需的输出是删除数据:
/v1/routing/pega-public/prweb/api/v1/assignments/ASSIGN-WORKLIST GNR-AUTO-WORK RACCOLTADATIPRELIMINARI_FLOW
/v1/routing/pega-public/prweb/api/DeviceInfoPackage/v1/SetInitialCaseInfomation
/v1/routing/pega-public/prweb/api/v1/cases/GNR-AUTO-WORK
但我无法得到它
第三行为空 这是因为 concat 输出没有 return 'null' 可以被 coalesce 跳过 但它 return 是一个匹配的空字符串
我在文档和互联网上的几个示例中进行了深入研究,但没有办法让它正常工作
这样解决了:
fields @timestamp, status, replace(path,'%20',' ') as pathx
|parse pathx /(?<a1>^[^ ]+ *[A-Z-]*)( (?<a2>[A-Z0-9-]+){1,2}(?<a3>.*))*/
|filter
|display concat(a1,a3) as cleanurl