CloudWatch Logs Insights : aggregate by time range

1
votes

I'm new with CloudWatch Logs Insights, and I cant figure out how to aggregate data by time range with 3 columns.

The log file I want to parse is json formatted :

{'ts': '12:01:00', 'method':'GET',  'url':'aaaa'}
{'ts': '12:02:00', 'method':'GET',  'url':'aaab'}
{'ts': '12:03:00', 'method':'POST', 'url':'aaac'}
{'ts': '12:04:00', 'method':'GET',  'url':'aaad'}
{'ts': '12:05:00', 'method':'POST', 'url':'aaae'}
{'ts': '12:06:00', 'method':'GET',  'url':'aaaf'}
{'ts': '12:07:00', 'method':'POST', 'url':'aaag'}

As you can see, each event line is a POST or a GET. Each event is also time stamped.

I want to use Insights to Visualize GET and POST distribution over time in a 5mn window.

I cant find the correct syntax to have such result in the Query monitor :

# : ts       : NbGET  : NbPOST
1 : 12:00:00 : 3      : 1
3 : 12:05:00 : 1      : 2

With such results, I would be able to draw a graph with the two extracted metrics 'GET' and 'POST' .

Any idea how to achieve this ?

1
amazon-web-servicesamazon-cloudwatchlogs

1 Answers

4
votes

This can be achieved by using the 'stats' function binning by the desired time period. For your example this roughly is:

STATS count(method = "GET") as NbGET, count(method = "POST") as NbPOST BY BIN(5m)