How to get stats from combined aggregated bin data in AWS Cloudwatch Logs Insights

Asked Dec 30 '21 at 20:47

Active Dec 30 '21 at 20:47

Viewed 1,185 times

I have some AWS CloudWatch logs which output values every 5 seconds. I'd like to get the max over a rolling 10 minute interval and then get the average value per day based on that. Using the CloudWatch Logs Insights QuerySyntax I cannot seem to get the result of the first bin aggregation to use in the subsequent bin. I tried:

fields @timestamp, @message
| filter @LogStream like /mylog/
| parse @message '*' as threadCount
| stats max(threadCount) by bin(600s) as maxThreadCount
| stats avg(maxThreadCount) by bin(24h) as avgThreadCount

But the query syntax is invalid for multiple stats functions. Combining the last two lines into one like:

| stats avg(max(threadCount) by bin(600s)) by bin(24h) as threadCountAvg

Also is invalid. I can't seem to find much in the AWS logs. Am I out of luck? Anyone know a trick?

asked Dec 30 '21 at 20:47

Ryan Southcliff

1

Ever found an answer for this? I am looking to do something similar. – Dev Ze Sep 27 '22 at 13:34
1

No I spent an hour or so looking into but moved on. – Ryan Southcliff Sep 29 '22 at 18:48
1

Understandable. Thanks for the reply, though... – Dev Ze Oct 12 '22 at 14:15

How to get stats from combined aggregated bin data in AWS Cloudwatch Logs Insights

0 Answers0