6

I'm trying to create a multi-faceted time series graph in CloudWatch Log Insights.

I can create a multi-faceted query which is not a time series, and I can create an unfaceted time series query, but I can't seem to do both.

For example: I can do a query that looks like this:

fields @timestamp, someField1, @message
| stats count(*) by someField1, someField2

This will give me a table of results broken down by both someField1 and someField2. I can also do:

fields @timestamp, someField1, @message
| stats count(*) by bin(1h)

This will give me a time series graph.

However, I can't work out how to combine the two, so that I get a time series graph with multiple lines on it.

Is this simply unavailable in AWS CloudWatch logs, or is there a way to do it that I haven't found?

RikSaunderson
  • 3,505
  • 6
  • 32
  • 50
  • 1
    If the possible values in these fields is low, you could do something like this: fields someField1 = "foo" as f, someField2 = "bar" as b | stats sum(f), sum(b) by bin(1h). Otherwise it cannot currently be done. Time series visualisations support grouping by bin only. – gangreen May 19 '20 at 09:42
  • Does this answer your question? [Aggregate logs by field value and plot as multiple series using AWS CloudWatch Insights](https://stackoverflow.com/questions/57289784/aggregate-logs-by-field-value-and-plot-as-multiple-series-using-aws-cloudwatch-i) – DS. Mar 24 '22 at 20:33

0 Answers0