CloudWatch Logs Group By and getting last time value

Question

I need to map which endpoints are taking the longest from a log.

I have a query that catches all the most discouraged endpoints, but they may have duplicate endpoints, but with different request times.

My query:

fields request.url as URL, response.content.manager.company.label as Empresa, timestamp as Data, response.status as Status, request.time as TEMPO
| filter @logStream = 'production'
| sort request.time DESC
| limit 30

Result:

# | ENDPOINT | TIMESTAMP | COMPANY | STATUS CODE | TIME REQUEST
1 | /api/v1/login | 2020-02-01T11:14:00 | company-label | 200 | 0.9876
2 | /api/v1/register | 2020-02-01T11:11:00 | company-label | 200 | 0.5687
3 | /api/v1/login | 2020-02-01T00:00:00 | company-label | 200 | 0.2345\

I need to unify by endpoint, for example:
# | ENDPOINT | TIMESTAMP | COMPANY | STATUS CODE | TIME REQUEST
1 | /api/v1/login | 2020-02-01T11:14:00 | company-label | 200 | 0.9876
2 | /api/v1/register | 2020-02-01T11:11:00 | company-label | 200 | 0.5687\

Unify by endpoint and get the last "time" to show

Thank you!

Answer 1

I found the solution to this question.

filter @logStream = 'production'
| filter ispresent(request.time)
| stats avg(request.time) as MEDIA by request.uri as ENDPOINT
| sort MEDIA DESC
| limit 30

Using the stats avg(request.time) as MEDIA to grouping data and capture an media to this ENDPOINT.