I am working on cloud watch logs, I am having a scenario where I need to list down for all the words from cloud watch logs ordered by its frequency, and I have tried with the below queries but it is not working, I would appreciate any assistance you can provide.
Query1:
fields @message
| parse @message /(?\<word\>\[^\\s\]+)/
| stats count() by word
| sort count() desc
Query2:
fields @message
| split " "
| stats count(*) by \*
| sort count\_* desc
list down for all the words from cloud watch logs ordered by its frequency
