多次过滤相同的起始值

问题描述 投票:0回答:1

嗨,我正在使用日志洞察来进行查询,并且我正在尝试多次过滤系统提交的@message,为了每次都过滤相同的起始值,我尝试使用字段创建3个单独的值,然后进行过滤其中每一个,但是当我过滤其中一个时,其他两个也会受到同一过滤器的影响,这就是查询:

fields @logStream as stream, @message as ms1, @message as ms2, @message as ms3
| filter stream like /qt-/
| filter ms1 like /Message not yet played/
| filter ms2 like /INFO: Processing event message/
| filter ms3 like /Message already played/
| stats count(ms3) as n_messages by stream
amazon-web-services logging aws-cli amazon-cloudwatch aws-cloudwatch-log-insights
1个回答
0
投票

尝试通过独立使用字段和过滤子句来分离每个别名的过滤过程。

fields @logStream as stream, 
       @message as ms1, 
       @message as ms2, 
       @message as ms3
| filter stream like /qt-/
| fields @logStream as stream, 
         @message as ms1
| filter ms1 like /Message not yet played/
| fields @logStream as stream, 
         @message as ms2
| filter ms2 like /INFO: Processing event message/
| fields @logStream as stream, 
         @message as ms3
| filter ms3 like /Message already played/
| stats count(ms3) as n_messages by stream
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.