I have an AWS CW log of multiple camera devices. These device can go offline and comeback online and report this to the log. I want to alert when a camera goes offline but does not come back online with 60 seconds.
I have the following query but it does not work if camera does not comeback online as the lastOnlineTime timestamp is empty. Can I test for this in CWL insights query ? There is no IF or NULL operators in CWL query language. How can account for no/empty online messages ?
fields @timestamp, @message, @logStream as log_id
| filter @message like /Device communication error/ or @message like /Device communication established/
| parse @message "Device communication error" as deviceId_offline
| parse @message "*Device communication established" as deviceId_online
| parse @message /.*CameraDecoder \((?<camera_name>[^\)]+)\).*/
| stats min(@timestamp) as firstOfflineTime, max(@timestamp) as lastOnlineTime by camera_name
| filter (lastOnlineTime - firstOfflineTime) > 60
| sort firstOfflineTime desc
A typical stream in the log would be something like the snip below
but sometimes we dont get a re-established message at all, and this is giving the query the issue.
2024-11-15 13:10:11.234+00:00 [ 167] WARNING - bdab-b307-4df3-8596 CameraDecoder (testc00013.test0001ev) - Camera 1 Device communication error (NoDataException). Error: GetMediaDataBlock returned no data.
2024-11-15 13:10:18.602+00:00 [ 167] INFO - bdab-b307-4df3-8596 CameraDecoder (testc00013.test0001ev) - Camera 1 Device communication established
发布者:admin,转转请注明出处:http://www.yc00.com/questions/1742359073a4429023.html
评论列表(0条)