ShareNCare
Reputation: 51
Cloudwatch insights query to group by field
Trying to write a cloud watch insights query to concatenate error messages for the same timestamp to be displayed as one row rather than multiple rows in the result.
So far I have tried the below query.
fields @timestamp,concat(@message)
| filter @message like /(?i)(Exception|error|fail|)/
| limit 20
This displays the results are below.
2019-09-12T12:17:09.803+10:00 12:17:09,720 |-ERROR in A
2019-09-12T12:17:09.803+10:00 12:17:09,720 |-ERROR in B
2019-09-12T12:17:09.803+10:00 12:17:09,720 |-ERROR in C
I am expecting the below result.
2019-09-12T12:17:09.803+10:00 12:17:09,720 |- ERROR in A -ERROR in B -ERROR in C
Upvotes: 4
Views: 5463
Answers (1)
nik
Reputation: 746
The concat operator is not an aggregating function, so will not do what you are looking for.
Rather, it is used for concatinating multiple values in a single row, e.g.
fields @timestamp, concat("Got message ", @message, " from stream ", @logStream)
would give you
| 2019-09-12T12:17:09.803+10:00 12:17:09,720 | Got message bla from stream some_log_stream |
As far as I know there is no way to aggregate strings from multiple rows into a single row.
Upvotes: 9
Related Questions
- CloudWatch Insights Query - How to get a single count from counts
- CloudWatch Insights query: Format a DateTime string for grouping
- How to aggregate logs by field and then by bin in AWS CloudWatch Insights?
- Combine two Cloudwatch insights queries
- AWS Cloudwatch Insights: how to aggregate by count(*)
- How to aggregate a CloudWatch SEARCH metric across only some dimensions
- How to split Cloudwatch field by its value in insights query
- Group By after parsing a message in AWS cloudwatch insights
- How can I sort results by aggregate in Cloudwatch Log Insights?
- How to run a group by in AWS Cloud Watch Logs Insights