By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Use Cloudwatch log insight make a timeseries line

0

In my log group struct is

log stream1:
{
    "timestamp": "2023-04-14 01:19:15,918+0000"
    "F1": "v1",
    "F2": "v1.1",
    "F3": "v1.2",
    "data": "12"
}
log stream1.1:
{
    "timestamp": "2023-04-14 02:00:00,000+0000"
    "F1": "v1",
    "F2": "v1.1",
    "F3": "v1.2",
    "data": "15"
}
log stream2:
{
    "timestamp": "2023-04-14 01:19:15,918+0000",
    "F1": "v2",
    "F2": "v2.1",
    "F3": "v2.2",
    "data": "334"
}
log stream3:
{
    "timestamp": "2023-04-14 01:19:15,918+0000",
    "F1": "v3",
    "F2": "v3.1",
    "F3": "v3.2",
    "data": "2"
}
......

I want to convert this data into a linear time-series list, according to the above example, there are three lines in the table(Suppose the aggregation time is 1h):

  1. Line 1: named "v1-v1.1-v1.2", and there will be a data point at 2023-04-14 01:00:00 with value 12, a data point at 2023-04-14 02:00:00 with value 15
  2. Line 1: named "v2-v2.1-v2.2", and there will just one data point at 2023-04-14 01:00:00 with value 334
  3. Line 1: named "v3-v3.1-v3.2", and there will just one data point at 2023-04-14 01:00:00 with value 2

This problem has confused me for a long time, thank you very much for your help!!

Topics
Management & Governance
Tags
Amazon CloudWatchCloudWatch Logs Insights
Language
English
rePost-User-8833198
asked a year ago518 views
1 Answer
0

I understand you have multiple streams which reports a single datapoint aggregated over a period of one hour, and you would like to use Cloudwatch log insight to convert this data into a linear time-series list.

Inorder to achieve your objective I used the below insight query:

fields @timestamp, @message, @logStream, @log | stats sum(data) by @logStream, F1, F2, F3, bin(1h) | sort @timestamp desc

This will produce an output as shown here:

output

NOTE:

  1. It is not possible to concat the F1, F2, F3 labels as you wanted “v1-v1.1-v1.2”. However, you can list them in the output next to the data.
  2. Secondly, I gather you want Line 1 to be named "v1-v1.1-v1.2”, "v2-v2.1-v2.2", and "v3-v3.1-v3.2”. However, it would not be possible to list them horizontally, it can be shown in a column in vertical formal.

Let me know if the above helps in addressing your concerns. If not, feel free to elaborate the kind of output you are expecting out of insight query?

AWS
SUPPORT ENGINEER
Natasha_S
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content