How can I sort results by aggregate in Cloudwatch Log Insights?

Question

I have a pretty straightforward query:

fields @timestamp, req.url, msg
| sort @timestamp desc
| filter msg = "request completed"
| stats count() by req.url

It presents all requests served by my app aggregated by url. However, I would also like to sort the results by the value of aggregate count() - but both | sort count desc and | sort "count()" desc don't work. How can I achieve that?

score 62 · Accepted Answer · answered Mar 03 '20 at 10:10

62

Turns out, all I had to do was to use an alias and then sort by it:

fields @timestamp, msg, req.url
| filter msg="request completed"
| stats count() as count by req.url
| sort count desc

answered Mar 03 '20 at 10:10

Max Yankov

12,551
12
67
135

How can I sort results by aggregate in Cloudwatch Log Insights?

1 Answers1