I am trying to write a log insights query for a dashboard that can aggregate the number of times a given message id has failed. A slightly simplified query that produces similar behavior is as follows:
fields @timestamp, @message
| filter message.body = 'message failed' or message.body = 'message succeeded'
| stats sum(message.body = 'message failed') as failedRequests by message.id
| filter failedRequests > 0
To see which message ids have failed repeatedly and which only failed a few times before using all retries. However when running this query today I know 14 failures happened within the time being searched, but this query has returned between 0 and 4 them, and rerunning the query causes it to count a different subset of the failed messages. Is this expected behavior?
AWS OFFICIALAktualisiert vor 2 Jahren