How to aggregate logs by field and then by bin in AWS CloudWatch Insights?

Question

I'm trying to do a query that will first aggregate by field count and after by bin(1h) for example I would like to get the result like:

# Date                     Field Count
1 2019-01-01T10:00:00.000Z A     123
2 2019-01-01T11:00:00.000Z A     456
3 2019-01-01T10:00:00.000Z B     567
4 2019-01-01T11:00:00.000Z B     789

Not sure if it's possible though, the query should be something like:

fields Field
| stats count() by Field by bin(1h)

Any ideas how to achieve this?

Answer 1

If you want to create a line chart, you can do it by separately counting each value that your field could take.

fields
    Field = 'A' as is_A,
    Field = 'B' as is_B
| stats sum(is_A) as A, sum(is_B) as B by bin(1hour)

This solution requires your query to include a string literal of each value ('A' and 'B' in OP's example). It works as long as you know what those possible values are.

This might be what Hugo Mallet was looking for, except the avg() function won't work here so he'd have to calculate the average by dividing by a total

Answer 2

Not able to group by a certain field and create visualizations.

fields Field
| stats count() by Field, bin(1h)

Keep getting this message

No visualization available. Try this to get started:
stats count() by bin(30s)

Answer 3

Is this what you need?

fields Field | stats count() by Field, bin(1h)