I have the following logs in my cloudwatch:
2023-12-21T13:19:32.301-08:00
(<unique Id here>) Method request body before transformations:
{
"executionDetails": {
"executionId": "<a different unique Id here>",
"userName": "<username>",
"sourcePackage": "<path>"
},
"requestType": "RAW_REQUEST"
}
and like these as well:
2023-12-21T13:19:32.301-08:00
(<same unique Id>) Endpoint request body after transformations:
{
"executionDetails": {
"executionId": "<same different unique id as in above logs>",
"userName": "<username>",
"sourcePackage": "<path>"
},
"requestType": "RAW_REQUEST"
}
How do I get all logs which have RequestType as RAW_REQUEST and also dedup them based on executionId?
The above 2 should display a count of 1 RAW_REQUEST.
What I have tried till now?
fields @timestamp, @message
| filter @message like /Endpoint request body after transformations:/
| parse @message '"requestType":"RAW_REQUEST"' as requestType
| stats count(executionId) as executionId
| display executionId, requestType
This does not give me the right data.
I also want to do the same for other requestTypes. And then do a math on the unique count of each of them.