admin管理员组

文章数量:1334127

I have an AWS CW log of multiple camera devices. These device can go offline and comeback online and report this to the log. I want to alert when a camera goes offline but does not come back online with 60 seconds.

I have the following query but it does not work if camera does not comeback online as the lastOnlineTime timestamp is empty. Can I test for this in CWL insights query ? There is no IF or NULL operators in CWL query language. How can account for no/empty online messages ?

fields @timestamp, @message, @logStream as log_id
| filter @message like /Device communication error/ or @message like /Device communication established/
| parse @message "Device communication error" as deviceId_offline
| parse @message "*Device communication established" as deviceId_online
| parse @message /.*CameraDecoder \((?<camera_name>[^\)]+)\).*/
| stats min(@timestamp) as firstOfflineTime, max(@timestamp) as lastOnlineTime by camera_name
| filter (lastOnlineTime - firstOfflineTime)  > 60
| sort firstOfflineTime desc

A typical stream in the log would be something like the snip below

but sometimes we dont get a re-established message at all, and this is giving the query the issue.

2024-11-15 13:10:11.234+00:00 [   167] WARNING    - bdab-b307-4df3-8596  CameraDecoder (testc00013.test0001ev) - Camera 1  Device communication error (NoDataException). Error: GetMediaDataBlock returned no data.

2024-11-15 13:10:18.602+00:00 [   167] INFO       - bdab-b307-4df3-8596  CameraDecoder (testc00013.test0001ev) - Camera 1  Device communication established

本文标签:

版权声明:本文标题:amazon cloudwatchlogs - AWS CloudWatch log insights query : Tracking time between events including empty event timestamp - Stack 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1742359072a2459999.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。