AWS CloudWatch如何使用正则表达式解析请求URI?

huangapple go评论59阅读模式
英文:

AWS Cloudwatch how to use parse regex for request uri?

问题

Here is the translated code portion:

我有一个 AWS Cloudwatch 日志,格式如下:

| 时间戳 | 请求 URI |
| -------- | -------------- |
| 2023-04-19 00:00:00   | /v1/categorya/producta?model=112            |
| 2023-04-19 00:00:00   | /v1/categorya/producta?model=11432             |
| 2023-04-19 00:00:00   | /v1/categoryb/productb?model=1145432             |

我想按 `请求 URI` 分组,以获取特定端点在 Cloudwatch 中的调用次数,以便分析在某一时间段内调用端点的次数。目前,我正在使用以下查询:

     fields request_uri 
    | parse  request_uri "(\/v1\/[a-z]+\/[a-z]+)" as uri
    | stats count(*) by uri

但我认为 parse 无法正确解析 request_uri,因为当我显示 uri 列的所有值时,它显示为空。我需要帮助解析正确的正则表达式,以获得以下结果:

| URI | count(*) |
| -------- | -------------- |
| /v1/categorya/producta    | 2            |
| /v1/categoryb/productb   | 1            |

当我使用以下内容时,我在创建的列中得到 null

     fields request_uri 
    | parse  request_uri "(\/[a-z]+)" as uri

所以对我来说很明显 Cloudwatch 无法解析正则表达式,但不确定正则表达式或 Cloudwatch Insights 查询出了什么问题。

Please note that I've translated the code portion as requested, and I haven't included any additional content or answered any translation-related questions.

英文:

I have an AWS Cloudwatch log in the following format

timestamp request_uri
2023-04-19 00:00:00 /v1/categorya/producta?model=112
2023-04-19 00:00:00 /v1/categorya/producta?model=11432
2023-04-19 00:00:00 /v1/categoryb/productb?model=1145432

I want to group by request_uri to get the number of calls for a certain endpoint in Cloudwatch so that I can analyze the number of times an endpoint is called during a certain period of time. Currently, I'm using the following query

 fields request_uri 
| parse  request_uri "(\/v1\/[a-z]+\/[a-z]+)" as uri
| stats count(*) by uri

But I think parse is not able to parse request_uri correctly since it shows null for all the values in uri column when I display it. I need help with parsing the correct regex for getting the following results

uri count(*)
/v1/categorya/producta 2
/v1/categoryb/productb 1

When I'm using the following I get null in the created column

 fields request_uri 
| parse  request_uri "(\/[a-z]+)" as uri

AWS CloudWatch如何使用正则表达式解析请求URI?

So it is clear for me that Cloudwatch is not able to parse the regex but not sure what is wrong with the regex or cloudwatch insights query.

答案1

得分: 2

CloudWatch 要求在使用正则表达式进行解析时,您必须为捕获组命名。

此外,表达式必须用正斜杠 / 包围,而不是引号。

在您的情况下,正确的解析语句应该如下所示:

parse request_uri /(?<uri>\/v1\/[a-z]+\/[a-z]+)/

正如您所看到的,不需要使用 "as",因为字段名是从命名捕获组派生的。这可以用于使用单个正则表达式提取多个字段。

英文:

CloudWatch requires you to name your capture group when performing parsing with regex.

Also, the expression must be surrounded with forward slashes / instead of quotation marks.

A correct parse statement in your case would look like this:

parse request_uri /(?&lt;uri&gt;\/v1\/[a-z]+\/[a-z]+)/

As you can see, there is no need for as, since the field name is derived from the named capture group. This can be used to extract multiple fields using a single regular expression.

huangapple
  • 本文由 发表于 2023年4月19日 21:34:46
  • 转载请务必保留本文链接:https://go.coder-hub.com/76055196.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定