Filtering AWS CloudWatch raw log events by multiple values / AWS CLI


Given the following query on CloudWatch that extracts logs with messages including “entry 1456” (where 1456 is an ID) how should I extend this to take multiple IDs and what is the corresponding CLI command?

To clarify I’d like to filter with multiple IDs, for instance “like 1456|1257|879”. But not sure of the format of regex in such case.

And I assume the corresponding CLI command will be sth like:

Just want to make sure of the best way to formulate this.


The syntax would be:

You could also parse the logline first and extract the value, like this:

Now for the CLI, you would not use the filter-log-events, but the start-query and get-query-results.

Leave a Reply