英文:
AWS Cloudwatch how to use parse regex for request uri?
问题
Here is the translated code portion:
我有一个 AWS Cloudwatch 日志,格式如下:
| 时间戳 | 请求 URI |
| -------- | -------------- |
| 2023-04-19 00:00:00 | /v1/categorya/producta?model=112 |
| 2023-04-19 00:00:00 | /v1/categorya/producta?model=11432 |
| 2023-04-19 00:00:00 | /v1/categoryb/productb?model=1145432 |
我想按 `请求 URI` 分组,以获取特定端点在 Cloudwatch 中的调用次数,以便分析在某一时间段内调用端点的次数。目前,我正在使用以下查询:
fields request_uri
| parse request_uri "(\/v1\/[a-z]+\/[a-z]+)" as uri
| stats count(*) by uri
但我认为 parse 无法正确解析 request_uri,因为当我显示 uri 列的所有值时,它显示为空。我需要帮助解析正确的正则表达式,以获得以下结果:
| URI | count(*) |
| -------- | -------------- |
| /v1/categorya/producta | 2 |
| /v1/categoryb/productb | 1 |
当我使用以下内容时,我在创建的列中得到 null
fields request_uri
| parse request_uri "(\/[a-z]+)" as uri
所以对我来说很明显 Cloudwatch 无法解析正则表达式,但不确定正则表达式或 Cloudwatch Insights 查询出了什么问题。
Please note that I've translated the code portion as requested, and I haven't included any additional content or answered any translation-related questions.
英文:
I have an AWS Cloudwatch log in the following format
| timestamp | request_uri |
|---|---|
| 2023-04-19 00:00:00 | /v1/categorya/producta?model=112 |
| 2023-04-19 00:00:00 | /v1/categorya/producta?model=11432 |
| 2023-04-19 00:00:00 | /v1/categoryb/productb?model=1145432 |
I want to group by request_uri to get the number of calls for a certain endpoint in Cloudwatch so that I can analyze the number of times an endpoint is called during a certain period of time. Currently, I'm using the following query
fields request_uri
| parse request_uri "(\/v1\/[a-z]+\/[a-z]+)" as uri
| stats count(*) by uri
But I think parse is not able to parse request_uri correctly since it shows null for all the values in uri column when I display it. I need help with parsing the correct regex for getting the following results
| uri | count(*) |
|---|---|
| /v1/categorya/producta | 2 |
| /v1/categoryb/productb | 1 |
When I'm using the following I get null in the created column
fields request_uri
| parse request_uri "(\/[a-z]+)" as uri
So it is clear for me that Cloudwatch is not able to parse the regex but not sure what is wrong with the regex or cloudwatch insights query.
答案1
得分: 2
CloudWatch 要求在使用正则表达式进行解析时,您必须为捕获组命名。
此外,表达式必须用正斜杠 / 包围,而不是引号。
在您的情况下,正确的解析语句应该如下所示:
parse request_uri /(?<uri>\/v1\/[a-z]+\/[a-z]+)/
正如您所看到的,不需要使用 "as",因为字段名是从命名捕获组派生的。这可以用于使用单个正则表达式提取多个字段。
英文:
CloudWatch requires you to name your capture group when performing parsing with regex.
Also, the expression must be surrounded with forward slashes / instead of quotation marks.
A correct parse statement in your case would look like this:
parse request_uri /(?<uri>\/v1\/[a-z]+\/[a-z]+)/
As you can see, there is no need for as, since the field name is derived from the named capture group. This can be used to extract multiple fields using a single regular expression.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论