Fixed panel query for postgresSQL panel

akhil-sumologic · akhil-sumologic · commit 780db8f2ffcd · 2025-03-27T18:09:27.000+05:30
diff --git a/aws-observability/json/Rds-App.json b/aws-observability/json/Rds-App.json
@@ -10277,7 +10277,7 @@
                     "queries": [
                         {
                             "transient": false,
-                            "queryString": "account={{account}} region={{region}} namespace=aws/rds _sourceHost=/aws/rds/*postgresql dbidentifier={{dbidentifier}} duration\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| parse field=message \"* * *:*(*):*@*:[*]:*:*\" as date,time,time_zone,host,thread_id,user,database,processid,severity,msg \n| parse regex field=msg \"duration: (?<execution_time_ms>[\\S]+) ms  statement:(?<query>.+)\" \n| where database matches \"{{database}}\" and user matches \"{{user}}\" and host matches \"{{host}}\"\n| number (execution_time_ms)\n| where execution_time_ms > {{slow_query_latency_ms}}\n| parse regex field=query \"(?<command>\\S+)\\s*\"\n| toUppercase(command) as command\n| where (command matches \"*COMM*\" or command matches \"*ROLLB*\" or command matches \"*SAVE*\" or sqlStatement matches \"*COMM*\" or sqlStatement matches \"*ROLLB*\" or sqlStatement matches \"*SAVE*\" or sqlStatement matches \"*SET*TRAN*\")\n| timeslice 15m\n| count as count by _timeslice, user, host, database, command, query\n| sort by _timeslice, command asc\n| limit 20",
+                            "queryString": "account={{account}} region={{region}} namespace=aws/rds _sourceHost=/aws/rds/*postgresql dbidentifier={{dbidentifier}} duration\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| parse field=message \"* * *:*(*):*@*:[*]:*:*\" as date,time,time_zone,host,thread_id,user,database,processid,severity,msg \n| parse regex field=msg \"duration: (?<execution_time_ms>[\\S]+) ms  statement:(?<query>.+)\" \n| where database matches \"{{database}}\" and user matches \"{{user}}\" and host matches \"{{host}}\"\n| number (execution_time_ms)\n| where execution_time_ms > {{slow_query_latency_ms}}\n| parse regex field=query \"(?<command>\\S+)\\s*\"\n| toUppercase(command) as command\n| where (command matches \"*COMM*\" or command matches \"*ROLLB*\" or command matches \"*SAVE*\")\n| timeslice 15m\n| count as count by _timeslice, user, host, database, command, query\n| sort by _timeslice, command asc\n| limit 20",
                             "queryType": "Logs",
                             "queryKey": "A",
                             "metricsQueryMode": null,

Original file line number	Diff line number	Diff line change
`@@ -10277,7 +10277,7 @@`
`10277`	`10277`	`"queries": [`
`10278`	`10278`	`{`
`10279`	`10279`	`"transient": false,`
`10280`		- "queryString": "account={{account}} region={{region}} namespace=aws/rds _sourceHost=/aws/rds/postgresql dbidentifier={{dbidentifier}} duration\n\| json \"message\" nodrop \| if (_raw matches \"{\", message, _raw) as message\n\| parse field=message \"* * :():@:[]::\" as date,time,time_zone,host,thread_id,user,database,processid,severity,msg \n\| parse regex field=msg \"duration: (?<execution_time_ms>[\\S]+) ms statement:(?<query>.+)\" \n\| where database matches \"{{database}}\" and user matches \"{{user}}\" and host matches \"{{host}}\"\n\| number (execution_time_ms)\n\| where execution_time_ms > {{slow_query_latency_ms}}\n\| parse regex field=query \"(?<command>\\S+)\\s\"\n\| toUppercase(command) as command\n\| where (command matches \"COMM\" or command matches \"ROLLB\" or command matches \"SAVE\" or sqlStatement matches \"COMM\" or sqlStatement matches \"ROLLB\" or sqlStatement matches \"SAVE\" or sqlStatement matches \"SETTRAN\")\n\| timeslice 15m\n\| count as count by _timeslice, user, host, database, command, query\n\| sort by _timeslice, command asc\n\| limit 20",
	`10280`	+ "queryString": "account={{account}} region={{region}} namespace=aws/rds _sourceHost=/aws/rds/postgresql dbidentifier={{dbidentifier}} duration\n\| json \"message\" nodrop \| if (_raw matches \"{\", message, _raw) as message\n\| parse field=message \"* * :():@:[]::\" as date,time,time_zone,host,thread_id,user,database,processid,severity,msg \n\| parse regex field=msg \"duration: (?<execution_time_ms>[\\S]+) ms statement:(?<query>.+)\" \n\| where database matches \"{{database}}\" and user matches \"{{user}}\" and host matches \"{{host}}\"\n\| number (execution_time_ms)\n\| where execution_time_ms > {{slow_query_latency_ms}}\n\| parse regex field=query \"(?<command>\\S+)\\s\"\n\| toUppercase(command) as command\n\| where (command matches \"COMM\" or command matches \"ROLLB\" or command matches \"SAVE*\")\n\| timeslice 15m\n\| count as count by _timeslice, user, host, database, command, query\n\| sort by _timeslice, command asc\n\| limit 20",
`10281`	`10281`	`"queryType": "Logs",`
`10282`	`10282`	`"queryKey": "A",`
`10283`	`10283`	`"metricsQueryMode": null,`