'filter JSON log events in CloudWatch with field dotted keys

I'm trying to filter logs in CloudWatch that field key has dot inside.

For example, suppose we have the following JSON

{
    "trace.traceid": "18552fad59836133",
    "trace.spanid": "6eca8ae25f08605a",
    "peer.address": "111.111.111.222:4444",
    "eventType": "UpdateTrail",
    "sourceIPAddress": "111.111.111.111"
}

and I want to use the selector {$.peer.address="111.111.111.222:4444"} but the dot indicates field "address" inside object "peer" and not the flat key as described.

amazon-cloudwatch


Solution 1:[1]

The following syntax could possibly work:

"\"peer.address\": \"111.111.111.222:4444\""

It will search for the exact string. Please note that in this syntax spacing matters.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Alex Volchetsky

Related Questions

Amazon Cloudwatch only receiving mem_used_percent and nothing else, despite numerous other metrics specified in config

aws Sagemaker autoscaling with instance metrics per instance

Install SSL certificates in my AWS canary puppeteer script

User is not authorized to perform: SNS:CreateTopic on resource

DiskSpaceUtilization metrics for EC2 instance in python boto script showing empty response

cloudwatch command get-metric-data

CloudWatch Agent: batch size equal to "1" - is it a bad idea?

collectd is reporting "Request is missing Authentication Token" when trying to post the metrics to AWS cloudwatch by custom collectd plugin

Configuring events on the amazon managed blockchain

Cumulative sum of AWS Cloudwatch Metric

CloudWatch Logs Filter case insensitive multiple terms or connected

How to query AWS CloudWatch logs using AWS CloudWatch Insights?

Filtering AWS CloudWatch raw log events by multiple values / AWS CLI

How to Monitor health of AWS cloudwatch agents?

Unable to Start AWS CloudAgent service