Selecting first row for each group in cloudwatch

Question

I do a query in which I get multiple messages for each day. I want to get the first message for the day(or any single message for each day).

Getting the day is no problem:

display datefloor(@timestamp,1d) as TT ,msg

But from here, I am not sure how to remove the duplicates, or group by TT and select the first one. There is no function first in stats to help me.

Thanks.

score 0 · Accepted Answer · answered Sep 18 '21 at 17:09

0

This works

....
| display datefloor(@timestamp,1d) as TT ,b
| stats earliest(b) as x  by TT
| display x,TT

answered Sep 18 '21 at 17:09

user2679290

144
9

Selecting first row for each group in cloudwatch

1 Answers1