Menu
I am using AWS Cloudwatch Insights and running a query like this:
fields @message, @timestamp
| filter strcontains(@message, "Something of interest happened")
| stats count() as interestCount by bin(10m) as tenMinuteTime
| stats max(interestCount) by datefloor(tenMinuteTime, 1d)
However, on the last line, I get the following error:
mismatched input 'stats' expecting {K_PARSE, K_SEARCH, K_FIELDS, K_DISPLAY, K_FILTER, K_SORT, K_ORDER, K_HEAD, K_LIMIT, K_TAIL}
It would seem to mean from this that I cannot take multiple layers of stat queries in Insights, and thus cannot take a statistic of a statistic. Is there a way around this?
305
Statistics are metric data aggregations over specified periods of time. When you graph or retrieve the statistics for a metric, you specify the Period of time, such as five minutes, to use to calculate each statistical value.
You cannot currently use multiple stat commands and from what I know there is no direct way around that at this time. You can however thicken up your single stat command and separate by comma, like so:
fields @message, @timestamp
| filter strcontains(@message, "Something of interest happened")
| stats count() as @interestCount,
max(interestCount) as @maxInterest,
interestCount by bin(10m) as @tenMinuteTime
You define fields and use functions after stats and then process those result fields.
154
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
