Extract numeric value from string in Cloudwatch to use in metrics (e.g. "64MB")

Question

Is it possible to create a metric that extracts a numeric value from a string in Cloudwatch logs so I can graph / alarm it?

For example, the log may be: 20190827 1234 class: File size: 64MB

I realize I can capture the space delimited fields by using a filter pattern like: [date, time, class, word1, word2, file_size]

And file_size will be "64MB", but how do I convert that to a numeric 64 to be graphed?

Bonus question, is there any way of matching "File size:" as one field instead of creating a field for each space delimited word?

Pradeep Singh · Answer 1 · 2021-08-29T12:08:46.630

1

Use abs to cast to number, or any other numberic function

Using Glob Expressions

fields @message
| parse @message "File size: *MB" as size
| filter abs(size)<64
| limit 20

Using Regular Expressions

fields @message
| parse @message /File size:\s+(?<size>\d+)MB/
| filter abs(size)<64
| limit 20

To learn how glob or regular expression can be used, see Cloud Watch Logs Query Syntax

edited Aug 29 '21 at 12:08

answered Aug 29 '21 at 11:50

Pradeep Singh

1

This has nothing to do with metric filters that the question is about. There is no doubt Logs Insights have powerful query language but the question was about extracting a value from a log to create a metric, which is different. – avepr Oct 27 '22 at 11:12

1 Answers1