Amazon CloudWatch Logs Insights adds new query commands and functions

Amazon Web Services has expanded its CloudWatch Logs Insights query language with 13 new commands and functions designed to enhance log analysis capabilities for enterprise users. The update introduces string manipulation functions like startswith, endswith, and regex_replace, encoding/decoding utilities for Base64 and URL formats, and mathematical functions including haversine for calculating geographic distances between coordinates. Additionally, AWS added new parsing commands such as logfmt parsing, JSON array expansion, and automated field relevance detection for high-cardinality log groups. The enhancements address common pain points that customers face when analyzing logs in CloudWatch Logs Insights, particularly around parsing non-JSON log formats and performing complex data transformations. Users can now decode Base64 payloads inline, filter logs by string prefixes, and expand nested JSON arrays into individual records directly within their queries. The new relevantfields command automatically surfaces the most significant fields in complex log groups, potentially reducing analysis time for operators working with large-scale logging environments. The updated query language is immediately available across all commercial AWS regions, with documentation updates providing implementation guidance for the new functionality.