Amazon Cloudwatch Logs Insights with JSON fields

Question

I am trying to use Logs Insights with data containing JSON in one of the fields, and to parse the JSON fields

My data looks like the following when I put it in insig

Answer 1

You can use the parse command to extract fields.

If @message is

I, [2018-12-11T13:20:27] INFO -- : {"method":"GET"}

Then you extract the fields like so:

fields @timestamp, @message
| parse "I, [*T*] INFO -- : {"method":"*"}" as @date, @time, @method
| filter method=GET
| sort @timestamp desc
| limit 20

The documentation is rather light for now. I am able to get results by replacing the wildcard * with a regular expression, but then the parsing fails.