I have my Android app's logs in CloudWatch. One event am tracking is giving data like this.
Using 'count_distinct' it's giving count as 242 and while using 'count', it gives 243. So one duplicate entry is there.
I have id field as well. And i guess it might be repeating. How can i filter it out?
Assuming you have 242 unique IDs among the 243 log events, you can group on ID and filter out the unique results like this:
stats count() as cnt by ID | filter cnt > 1