Cloudwatch insights, query to graph by value of JSON values?

Question

I've got a JSON object in my logs that shows up as the following:

"result":{
   "totalRecords":8,
   "bot":3,
   "member":5,
   "message":0,
   "reaction":0,
   "success":0,
   "error":0,
   "unknown":8
}

I'm trying to write a logs insights query to graph the values of each of those keys. Essentially I want a line chart with a different line for the value of each of the keys. Currently I have my query as the following:

fields result.bot, result.error, result.member, result.message, result.reaction, 
result.success, result.totalRecords, result.unknown
| stats count(result.bot), count(result.error), 
 count(result.member),count(result.message),
 count(result.reaction),count(result.success),
 count(result.totalRecords), count(result.unknown) by bin(30s)

This returns the count of how many times the keys show up in the logs, but not the values.

What I need to know is what you use to get the value of a given key. I tried appending a .0 for example count(result.totalRecords.0) as was suggested in the AWS docs but it doesn't return any value. What is the query for the value of a key?

Answer 1

Based on documentation

Counts the log events. count() (or count(*)) counts all events returned by the query, while count(fieldName) counts all records that include the specified field name.

You can write instead

stats sum(result.bot), sum(result.error) by bin (30s)

etc. This will give you sum of those values over 30s periods. You can shorten the period if you want greater granularity.