Cloudwatch case insensitive like filter
For some reason I can't find proper documentation on the AWS cloudwatch log filtering syntax.
They support regex filtering using
like /your regex/ but I can't find any documentation on the regex pattern syntax, so let's assume PCRE.
Because of the syntax of cloudwatch query language, we can't apply modifiers outside of the forward-slashes. This leaves us with only being able to use inline modifier.
Filter all messages with
exception in them, ignoring case:
fields @timestamp, @message | filter @message like /(?i)(error|exception)/ | sort @timestamp desc | limit 20
Filter messages which contain
ERROR in all caps, followed
http in any case later in the message:
fields @timestamp, @message | filter @message like /ERROR.*(?i)http/ | sort @timestamp desc | limit 20