From 128088a2fae24082646a99357a0217fff5cf3c30 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Fri, 19 Jun 2026 23:24:04 +0530 Subject: [PATCH 01/16] DOCS-1710 - AWSO Apps documentation consistency updates for ElastiCache and Lambda Co-Authored-By: Claude Sonnet 4.6 --- docs/integrations/amazon-aws/elasticache.md | 31 +++++++++++++-------- docs/integrations/amazon-aws/lambda.md | 22 +++++++-------- 2 files changed, 30 insertions(+), 23 deletions(-) diff --git a/docs/integrations/amazon-aws/elasticache.md b/docs/integrations/amazon-aws/elasticache.md index 9017fb255b..1eb6ab0c98 100644 --- a/docs/integrations/amazon-aws/elasticache.md +++ b/docs/integrations/amazon-aws/elasticache.md @@ -105,16 +105,28 @@ account={{account}} region={{region}} namespace={{namespace}} "\"eventSource\":\ | sort by _timeslice ``` -## Collect Logs and Metrics for Amazon ElastiCache +## Collecting logs and metrics for Amazon ElastiCache -* Sumo Logic supports collecting metrics using two source types: - * Configure an [AWS Kinesis Firehose for Metrics Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-metrics-source) (recommended); or - * Configure an [Amazon CloudWatch Source for Metrics](/docs/send-data/hosted-collectors/amazon-aws/amazon-cloudwatch-source-metrics) - * Namespace for **Amazon ElastiCache** service is **AWS/ElastiCache** - * **Metadata**: Add an **account** field to the source and assign it a value which is a friendly name / alias to your AWS account from which you are collecting metrics. Metrics can be queried via the “account field”. +This section provides instructions for setting up log and metric collection. +### Collect Amazon CloudWatch metrics -### Collect Amazon ElastiCache CloudTrail Logs +Sumo Logic supports collecting metrics using two source types: + +* Configure an [AWS Kinesis Firehose for Metrics Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-metrics-source) (Recommended) + or +* Configure an [Amazon CloudWatch Source for Metrics](/docs/send-data/hosted-collectors/amazon-aws/amazon-cloudwatch-source-metrics) + +:::note +Namespace for **Amazon Lambda** Service is **AWS/Lambda**. +::: + +**Metadata**. Add an **account** field to the source and assign it a value that is a friendly name/alias to your AWS account from which you are collecting metrics. The **account** field allows you to query metrics. + +Metadata + + +### Collect Amazon ElastiCache CloudTrail logs 1. To your Hosted Collector, add an [AWS CloudTrail Source](/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source.md). * **Name**. Enter a name to display for the new Source. @@ -132,8 +144,7 @@ account={{account}} region={{region}} namespace={{namespace}} "\"eventSource\":\ * **Enable Multiline Processing**. Select the **Detect messages spanning multiple lines** check box, and select **Infer Boundaries**. 2. Click **Save**. - -### Centralized AWS CloudTrail Log Collection +### Centralized AWS CloudTrail Log collection In case you have a centralized collection of CloudTrail logs and are ingesting them from all accounts into a single Sumo Logic CloudTrail log source, create the following Field Extraction Rule to map a proper AWS account(s) friendly name / alias. Create it if not already present / update it as required. @@ -155,7 +166,6 @@ Scope (Specific Data): _sourceCategory=aws/observability/cloudtrail/logs | fields account ``` - ## Installing the Amazon ElastiCache app This section has instructions for installing the Sumo Logic app for **Amazon ElastiCache** and descriptions of each of the app dashboards along with associated use cases. @@ -180,7 +190,6 @@ The FER **AwsObservabilityElastiCacheCloudTrailLogsFER** to extract fields `acco ## Viewing Amazon ElastiCache dashboards - ### Host Performance Overview **The Amazon ElastiCache - Host Performance Overview** dashboard provides detailed insights into CPU, memory and network performance metrics of hosts running your ElastiCache clusters. diff --git a/docs/integrations/amazon-aws/lambda.md b/docs/integrations/amazon-aws/lambda.md index 17d27cbc1a..335417e1b3 100644 --- a/docs/integrations/amazon-aws/lambda.md +++ b/docs/integrations/amazon-aws/lambda.md @@ -12,7 +12,7 @@ AWS Lambda allows you to run code without the burden of provisioning or managing The Sumo Logic AWS Lambda App uses the Lambda logs via CloudWatch, CloudWatch Metrics, and the CloudTrail Lambda Data Events to visualize the operational and performance trends in all the Lambda functions in your account. The preconfigured dashboards provide insights into executions, memory, and duration (including cold start) usage by function versions or aliases, errors, billed duration, function callers, IAM users, and threat details. -## Log and Metric Types +## Log and metric types This section describes the data sources for the AWS Lambda app and how the app leverages these data sources to provide insight into AWS Lambda. @@ -21,7 +21,7 @@ The AWS Lambda app uses the following logs and metrics: * [CloudTrail Lambda Data Events](https://docs.aws.amazon.com/lambda/latest/dg/logging-using-cloudtrail.html#cloudtrail-data-events) * [AWS Lambda metrics](https://docs.aws.amazon.com/lambda/latest/dg/monitoring-functions-metrics.html) -### AWS CloudWatch Logs +### AWS CloudWatch logs AWS Lambda monitors Lambda functions and reports metrics through Amazon CloudWatch. Lambda then logs all requests handled by your function and stores logs through [AWS CloudWatch Logs](https://docs.aws.amazon.com/lambda/latest/dg/monitoring-functions-logs.html). @@ -29,7 +29,7 @@ The Sumo Logic AWS Lambda App uses the Lambda logs via CloudWatch, CloudWatch Me AWS Lambda -### CloudTrail Lambda Data Events +### CloudTrail Lambda data events [CloudTrail Lambda Data Events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html#logging-data-events) allow you to continuously monitor the execution activity of your Lambda functions and to record details on when and by whom an Invoke API call was made. @@ -37,7 +37,7 @@ The Sumo Logic App for AWS Lambda provide insights into the Lambda Functions inv AWS Lambda -### AWS Lambda CloudWatch Metrics +### AWS Lambda CloudWatch metrics AWS Lambda automatically monitors functions on your behalf, reporting [AWS Lambda metrics](https://docs.aws.amazon.com/lambda/latest/dg/monitoring-functions-metrics.html) through Amazon CloudWatch. These metrics are collected by our Hosted Collector by configuring the Amazon CloudWatch source. @@ -99,7 +99,6 @@ This section provides sample Amazon CloudWatch Logs and CloudTrail Lambda Data E } ``` - ### Sample queries ```sumo title="Requests by Function Versions (Based on CloudWatch logs)" @@ -137,11 +136,11 @@ account={{account}} region={{region}} Namespace={{namespace}} namespace=aws/lambda metric=Errors statistic=Sum account=* region=* functionname=* Resource=* | sum ``` -## Collecting logs for the AWS Lambda App +## Collecting logs for the AWS Lambda app This section provides instructions for setting up log and metric collection. -### Collect Amazon CloudWatch Logs +### Collect Amazon CloudWatch logs Sumo supports several methods for collecting Lambda logs from Amazon CloudWatch. You can choose any of them to collect logs. - **AWS Kinesis Firehose for Logs**. Configure an [AWS Kinesis Firehose for Logs](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-logs-source/#create-an-aws-kinesis-firehose-for-logssource) (Recommended). @@ -154,7 +153,7 @@ Sumo supports several methods for collecting Lambda logs from Amazon CloudWatch. Fields -### Collect CloudTrail Lambda Data Events +### Collect CloudTrail Lambda data events To configure a CloudTrail Source, perform these steps: @@ -167,8 +166,7 @@ To configure a CloudTrail Source, perform these steps: Fields - -### Collect Amazon CloudWatch Metrics +### Collect Amazon CloudWatch metrics Sumo Logic supports collecting metrics using two source types: @@ -211,7 +209,7 @@ These metrics can then be queried using Sumo Logic [Metrics queries](/docs/metri Search Provisioned Concurrency Metrics -### Centralized AWS CloudTrail Log Collection +### Centralized AWS CloudTrail Log collection In case you have a centralized collection of CloudTrail logs and are ingesting them from all accounts into a single Sumo Logic CloudTrail log source, create the following Field Extraction Rule to map the proper AWS account(s) friendly name/alias. Create it if not already present / update it as required. @@ -234,7 +232,7 @@ Enter a parse expression to create an “account” field that maps to the alias | fields account ``` -## Installing the AWS Lambda App +## Installing the AWS Lambda app Now that you have set up collection for AWS Lambda, install the Sumo Logic App to use the pre-configured searches and dashboards that provide visibility into your environment for real-time analysis of overall usage. From 22d2bcf9fd6d30beab7849f247aae38b56a45e5f Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Tue, 23 Jun 2026 14:23:32 +0530 Subject: [PATCH 02/16] Update elasticache.md --- docs/integrations/amazon-aws/elasticache.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/integrations/amazon-aws/elasticache.md b/docs/integrations/amazon-aws/elasticache.md index 1eb6ab0c98..c3798cbba2 100644 --- a/docs/integrations/amazon-aws/elasticache.md +++ b/docs/integrations/amazon-aws/elasticache.md @@ -118,7 +118,7 @@ Sumo Logic supports collecting metrics using two source types: * Configure an [Amazon CloudWatch Source for Metrics](/docs/send-data/hosted-collectors/amazon-aws/amazon-cloudwatch-source-metrics) :::note -Namespace for **Amazon Lambda** Service is **AWS/Lambda**. +Namespace for **Amazon ElastiCache** Service is **AWS/ElastiCache**. ::: **Metadata**. Add an **account** field to the source and assign it a value that is a friendly name/alias to your AWS account from which you are collecting metrics. The **account** field allows you to query metrics. @@ -301,4 +301,4 @@ import AppUpdate from '../../reuse/apps/app-update.md'; import AppUninstall from '../../reuse/apps/app-uninstall.md'; - \ No newline at end of file + From 59855aa69e23955b022faf0018e05ece962764b1 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Wed, 24 Jun 2026 19:14:16 +0530 Subject: [PATCH 03/16] DOCS-1710 - AWSO Apps doc consistency updates for API Gateway and Network Load Balancer Co-Authored-By: Claude Sonnet 4.6 --- cid-redirects.json | 6 ++- docs/integrations/amazon-aws/api-gateway.md | 17 +++++-- .../amazon-aws/network-load-balancer.md | 51 ++++++++++++------- 3 files changed, 50 insertions(+), 24 deletions(-) diff --git a/cid-redirects.json b/cid-redirects.json index 5f3602f9e0..961e8db78b 100644 --- a/cid-redirects.json +++ b/cid-redirects.json @@ -5165,5 +5165,9 @@ "/release-notes-service/2025/09/08/search": "/release-notes-service/2025/12/31/#october-09-2025-search", "/release-notes-service/2025/12/02/search": "/release-notes-service/2025/12/31/#december-02-2025-search", "/release-notes-service/2025/12/03/manage": "/release-notes-service/2025/12/31/#december-03-2025-manage", - "/release-notes-service/2026/03/16/search": "/release-notes-service/2026/03/16/manage/" + "/release-notes-service/2026/03/16/search": "/release-notes-service/2026/03/16/manage/", + "/docs/integrations/amazon-aws/api-gateway/#collect-metrics-for-aws-api-gateway": "/docs/integrations/amazon-aws/api-gateway/#collect-aws-api-gateway-metrics", + "/docs/integrations/amazon-aws/network-load-balancer/#collecting-logs-and-metrics-for-the-aws-network-load-balancer":"/docs/integrations/amazon-aws/network-load-balancer/#collecting-logs-and-metrics-for-aws-network-load-balancer", + "/docs/integrations/amazon-aws/network-load-balancer/#collect-metrics": "/docs/integrations/amazon-aws/network-load-balancer#collect-aws-network-load-balancer-metrics", + "/docs/integrations/amazon-aws/network-load-balancer/#collect-cloudtrail-logs": "/docs/integrations/amazon-aws/network-load-balancer/#collect-aws-network-load-balancer-cloudtrail-logs" } diff --git a/docs/integrations/amazon-aws/api-gateway.md b/docs/integrations/amazon-aws/api-gateway.md index 44ec92c5fe..115e17f97e 100644 --- a/docs/integrations/amazon-aws/api-gateway.md +++ b/docs/integrations/amazon-aws/api-gateway.md @@ -164,9 +164,9 @@ account=dev region=us-east-1 namespace=aws/apigateway apiname=* apiid stage doma ### Configure Hosted Collector -In Sumo Logic, configure a [Hosted Collector](/docs/send-data/hosted-collectors/configure-hosted-collector/). +When you create an AWS Source, you'll need to identify the Hosted Collector you want to use or create a new Hosted Collector. Once you create an AWS Source, associate it with a Hosted Collector. For instructions, see [Configure a Hosted Collector and Source](/docs/send-data/hosted-collectors/configure-hosted-collector). -### Collect metrics for AWS API Gateway +### Collect AWS API Gateway metrics Sumo Logic supports collecting metrics using two source types: @@ -174,10 +174,17 @@ Sumo Logic supports collecting metrics using two source types: * Configure an [Amazon CloudWatch Source for Metrics](/docs/send-data/hosted-collectors/amazon-aws/amazon-cloudwatch-source-metrics) :::note -Namespace for **AWS API Gateway** Service is **AWS/ApiGateway**. +Namespace for **AWS API Gateway** service is **AWS/ApiGateway**. ::: -For **Metadata**, add an **account** field to the source and assign it a value that is a friendly name/alias to your AWS account from which you are collecting metrics. This name will appear in the [AWS Observability view](/docs/dashboards/explore-view/#aws-observability). Metrics can be queried via the “account” field. +Follow the steps below to add custom metadata [fields](/docs/manage/fields) with your metrics: +1. Click **+Add Field** under **Metadata**. Each field consists of a name (key) and a corresponding value. +1. Create a field named `account` and assign it a value that represents a friendly name or alias to your AWS account from which metrics are collected. This value will appear in the [AWS Observability view](/docs/dashboards/explore-view/#aws-observability), and metrics can be queried using the `account` field.Metadata +1. After adding fields, check their status indicators: + * Green check circle A green check mark indicates the field exists and is enabled in the Fields table schema. + * Orange exclamation point An orange exclamation icon indicates the field does not exist or is disabled in the schema. + * You will have the option to automatically add or enable the field. + * If a field is sent but not present or enabled in the schema, it is ignored and marked as **Dropped**. #### Enable cache metrics @@ -446,7 +453,7 @@ Call the [UpdateStage](https://docs.aws.amazon.com/apigatewayv2/latest/api-refer To your Hosted Collector, add an [AWS CloudTrail Source](/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source.md) using the instructions below. -#### Collect CloudTrail Lambda data events +#### Collect CloudTrail API Gateway data events To configure a CloudTrail Source, perform these steps: diff --git a/docs/integrations/amazon-aws/network-load-balancer.md b/docs/integrations/amazon-aws/network-load-balancer.md index 40931ae453..0c3bdb1a43 100644 --- a/docs/integrations/amazon-aws/network-load-balancer.md +++ b/docs/integrations/amazon-aws/network-load-balancer.md @@ -22,34 +22,49 @@ The AWS Network Load Balancer app uses AWS Network Load Balancer metrics. account=* region=* LoadBalancer=* Namespace=aws/NetworkELB metric=ActiveFlowCount Statistic=Sum | sum by account, region, namespace, LoadBalancer ``` -## Collecting logs and metrics for the AWS Network Load Balancer +## Collecting logs and metrics for AWS Network Load Balancer + +### Configure Hosted Collector When you create an AWS Source, you'll need to identify the Hosted Collector you want to use or create a new Hosted Collector. Once you create an AWS Source, associate it with a Hosted Collector. For instructions, see [Configure a Hosted Collector and Source](/docs/send-data/hosted-collectors/configure-hosted-collector). -### Collect metrics +### Collect AWS Network Load Balancer metrics + +Sumo Logic supports collecting metrics using two source types: + +* Configure an [AWS Kinesis Firehose for Metrics Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-metrics-source) (**recommended**); or +* Configure an [Amazon CloudWatch Source for Metrics](/docs/send-data/hosted-collectors/amazon-aws/amazon-cloudwatch-source-metrics) -1. Sumo Logic supports collecting metrics using two source types: - * Configure an [AWS Kinesis Firehose for Metrics Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-metrics-source) (recommended); or - * Configure an [Amazon CloudWatch Source for Metrics](/docs/send-data/hosted-collectors/amazon-aws/amazon-cloudwatch-source-metrics) -1. **Metadata**. Click the **+Add Field** link to add custom log metadata [fields](/docs/manage/fields). Define the fields you want to associate, each field needs a name (key) and value. - 1. Add an **account** field and assign it a value which is a friendly name / alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”.Metadata - 1. Keep in mind: - * Green check circle A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * Orange exclamation point An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. +:::note +Namespace for **AWS Network Load Balancer** service is **AWS/NetworkELB**. +::: -### Collect Cloudtrail logs +Follow the steps below to add custom metadata [fields](/docs/manage/fields) with your metrics: +1. Click **+Add Field** under **Metadata**. Each field consists of a name (key) and a corresponding value. +1. Create a field named `account` and assign it a value that represents a friendly name or alias to your AWS account from which metrics are collected. This value will appear in the [AWS Observability view](/docs/dashboards/explore-view/#aws-observability), and metrics can be queried using the `account` field.Metadata +1. After adding fields, check their status indicators: + * Green check circle A green check mark indicates the field exists and is enabled in the Fields table schema. + * Orange exclamation point An orange exclamation icon indicates the field does not exist or is disabled in the schema. + * You will have the option to automatically add or enable the field. + * If a field is sent but not present or enabled in the schema, it is ignored and marked as **Dropped**. -1. Configure a Network Load Balancing (NLB) [Cloudtrail Logs Source](/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source/). -1. **Metadata**. Click the **+Add Field** link to add custom log metadata [fields](/docs/manage/fields). Define the fields you want to associate, each field needs a name (key) and value. - 1. Add an **account** field and assign it a value which is a friendly name / alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”. - 1. Keep in mind: - * Green check circle A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * Orange exclamation point An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. +### Collect AWS Network Load Balancer CloudTrail logs :::note -Namespace for AWS Network Load Balancer Service is AWS/NetworkELB. +Namespace for **AWS Network Load Balancer** service is **AWS/NetworkELB**. ::: +Follow the steps below to collect logs for your AWS Network Load Balancer (NLB): +1. Configure a [Cloudtrail Logs Source](/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source/). +1. Add custom metadata [fields](/docs/manage/fields) with your logs: + 1. Click **+Add Field** under **Metadata**. Each field consists of a name (key) and a corresponding value. + 1. Create a field named `account` and assign it a value that represents a friendly name or alias to your AWS account from which logs are collected. This value will appear in the [AWS Observability view](/docs/dashboards/explore-view/#aws-observability), and logs can be queried using the `account` field.Metadata + 1. After adding fields, check their status indicators: + * Green check circle A green check mark indicates the field exists and is enabled in the Fields table schema. + * Orange exclamation point An orange exclamation icon indicates the field does not exist or is disabled in the schema. + * You will have the option to automatically add or enable the field. + * If a field is sent but not present or enabled in the schema, it is ignored and marked as **Dropped**. + ## Installing the AWS Network Load Balancer app Now that you have set up a collection for **AWS Network Load Balancer**, install the Sumo Logic app to use the pre-configured dashboards that provide visibility into your environment for real-time analysis of overall usage. From 1c6950798c2ebffba1bfd9787c73123b2557f268 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Thu, 25 Jun 2026 15:09:28 +0530 Subject: [PATCH 04/16] DOCS-1710 - AWSO Apps doc consistency updates and fix invalid cid-redirects Co-Authored-By: Claude Sonnet 4.6 --- cid-redirects.json | 5 +- docs/integrations/amazon-aws/api-gateway.md | 396 +++++++++--------- docs/integrations/amazon-aws/elasticache.md | 67 +-- docs/integrations/amazon-aws/lambda.md | 77 ++-- .../amazon-aws/network-load-balancer.md | 26 +- 5 files changed, 305 insertions(+), 266 deletions(-) diff --git a/cid-redirects.json b/cid-redirects.json index 9882887ad7..114ab078c0 100644 --- a/cid-redirects.json +++ b/cid-redirects.json @@ -5166,8 +5166,5 @@ "/release-notes-service/2025/12/02/search": "/release-notes-service/2025/12/31/#december-02-2025-search", "/release-notes-service/2025/12/03/manage": "/release-notes-service/2025/12/31/#december-03-2025-manage", "/release-notes-service/2026/03/16/search": "/release-notes-service/2026/03/16/manage/", - "/docs/integrations/amazon-aws/api-gateway/#collect-metrics-for-aws-api-gateway": "/docs/integrations/amazon-aws/api-gateway/#collect-aws-api-gateway-metrics", - "/docs/integrations/amazon-aws/network-load-balancer/#collecting-logs-and-metrics-for-the-aws-network-load-balancer":"/docs/integrations/amazon-aws/network-load-balancer/#collecting-logs-and-metrics-for-aws-network-load-balancer", - "/docs/integrations/amazon-aws/network-load-balancer/#collect-metrics": "/docs/integrations/amazon-aws/network-load-balancer#collect-aws-network-load-balancer-metrics", - "/docs/integrations/amazon-aws/network-load-balancer/#collect-cloudtrail-logs": "/docs/integrations/amazon-aws/network-load-balancer/#collect-aws-network-load-balancer-cloudtrail-logs" + "/docs/integrations/amazon-aws/lambda/#collecting-logs-for-the-aws-lambda-app": "/docs/integrations/amazon-aws/lambda/#collecting-logs-and-metrics-for-aws-lambda-app" } diff --git a/docs/integrations/amazon-aws/api-gateway.md b/docs/integrations/amazon-aws/api-gateway.md index 115e17f97e..519a395dcc 100644 --- a/docs/integrations/amazon-aws/api-gateway.md +++ b/docs/integrations/amazon-aws/api-gateway.md @@ -168,18 +168,18 @@ When you create an AWS Source, you'll need to identify the Hosted Collector you ### Collect AWS API Gateway metrics -Sumo Logic supports collecting metrics using two source types: +Sumo Logic supports collecting metrics using one of the following source types: -* Configure an [AWS Kinesis Firehose for Metrics Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-metrics-source) (**recommended**); or +* Configure an [AWS Kinesis Firehose for Metrics Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-metrics-source) (**recommended**) * Configure an [Amazon CloudWatch Source for Metrics](/docs/send-data/hosted-collectors/amazon-aws/amazon-cloudwatch-source-metrics) -:::note -Namespace for **AWS API Gateway** service is **AWS/ApiGateway**. -::: + :::note + Namespace for **AWS API Gateway** service is **AWS/ApiGateway**. + ::: Follow the steps below to add custom metadata [fields](/docs/manage/fields) with your metrics: 1. Click **+Add Field** under **Metadata**. Each field consists of a name (key) and a corresponding value. -1. Create a field named `account` and assign it a value that represents a friendly name or alias to your AWS account from which metrics are collected. This value will appear in the [AWS Observability view](/docs/dashboards/explore-view/#aws-observability), and metrics can be queried using the `account` field.Metadata +1. Create a field named `account` and assign it a value that represents a friendly name or alias to your AWS account from which metrics are collected. This value will appear in the [AWS Observability view](/docs/dashboards/explore-view/#aws-observability), and metrics can be queried using the `account` field.
Metadata 1. After adding fields, check their status indicators: * Green check circle A green check mark indicates the field exists and is enabled in the Fields table schema. * Orange exclamation point An orange exclamation icon indicates the field does not exist or is disabled in the schema. @@ -233,9 +233,9 @@ Call the [UpdateStage](https://docs.aws.amazon.com/apigatewayv2/latest/api-refer aws apigatewayv2 update-stage --api-id 9pk1qlmpci --stage-name $default --default-route-settings "{\"DetailedMetricsEnabled\":true}" --output json --region eu-north-1 ``` -### Collect access logs for AWS API Gateway +### Collect AWS API Gateway access logs -1. To your Hosted Collector, add an [AWS Kinesis Firehose for Logs Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-logs-source/). +1. Configure the [AWS Kinesis Firehose for Logs Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-logs-source/#create-an-aws-kinesis-firehose-for-logssource). 1. **Name**. Enter a name to display the new Source. 2. **Description**. Enter an optional description. 3. **Enable S3 Replay**. Do not check this option. @@ -251,218 +251,226 @@ Call the [UpdateStage](https://docs.aws.amazon.com/apigatewayv2/latest/api-refer 11. Save the given URL of the source for next step. 2. [Create Stack](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-logs-source/#cloudformation-template) in AWS console with given CloudFormation Template. 3. Create a log group in CloudWatch Logs by referring to the [AWS documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Working-with-log-groups-and-streams.html). Make sure to set your log group name convention as `/aws/apigateway//`. -4. Follow the below steps to enable access logs for each respective API type: +4. Follow the steps below to enable access logs for each respective API type: :::note - Make sure to remove `:*` from the end while adding Access log destination ARN. + Ensure to remove `:*` from the end while adding Access log destination ARN. ::: * Enable Access logs for REST APIs by referring to the [AWS documentation](https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html#set-up-access-logging-using-console). When you specify the `Log format` field, use the below JSON. AWS API Gateway - ```json title="JSON Log Format for REST API" - { - "accountId": "$context.accountId", - "requestId": "$context.requestId", - "authorizerClaimsProperty": "$context.authorizer.claims.property", - "extendedRequestId": "$context.extendedRequestId", - "identitySourceIp": "$context.identity.sourceIp", - "identityCaller": "$context.identity.caller", - "identityUser": "$context.identity.user", - "requestTime": "$context.requestTime", - "status": "$context.status", - "routeKey": "$context.routeKey", - "apiId": "$context.apiId", - "domainPrefix": "$context.domainPrefix", - "httpMethod": "$context.httpMethod", - "identityClientCertSerialNumber": "$context.identity.clientCert.serialNumber", - "identityUserAgent": "$context.identity.userAgent", - "path": "$context.path", - "protocol": "$context.protocol", - "resourceId": "$context.resourceId", - "responseOverrideStatus": "$context.responseOverride.status", - "authorizeError": "$context.authorize.error", - "resourcePath": "$context.resourcePath", - "authorizeLatency": "$context.authorize.latency", - "authorizeStatus": "$context.authorize.status", - "authorizerError": "$context.authorizer.error", - "authorizerIntegrationStatus": "$context.authorizer.integrationStatus", - "authorizerIntegrationLatency": "$context.authorizer.integrationLatency", - "authorizerLatency": "$context.authorizer.latency", - "authorizerPrincipalId": "$context.authorizer.principalId", - "authorizerRequestId": "$context.authorizer.requestId", - "authorizerStatus": "$context.authorizer.status", - "authenticateError": "$context.authenticate.error", - "authenticateLatency": "$context.authenticate.latency", - "authenticateStatus": "$context.authenticate.status", - "connectedAt": "$context.connectedAt", - "connectionId": "$context.connectionId", - "domainName": "$context.domainName", - "errorMessage": "$context.error.message", - "errorResponseType": "$context.error.responseType", - "errorValidationErrorString": "$context.error.validationErrorString", - "eventType": "$context.eventType", - "identityAccountId": "$context.identity.accountId", - "identityPrincipalOrgId": "$context.identity.principalOrgId", - "identityUserArn": "$context.identity.userArn", - "identityApiKey": "$context.identity.apiKey", - "identityApiKeyId": "$context.identity.apiKeyId", - "integrationError": "$context.integration.error", - "integrationIntegrationStatus": "$context.integration.integrationStatus", - "integrationLatency": "$context.integration.latency", - "integrationRequestId": "$context.integration.requestId", - "integrationStatus": "$context.integration.status", - "contextIntegrationLatency": "$context.integrationLatency", - "responseLatency": "$context.responseLatency", - "responseLength": "$context.responseLength", - "xrayTraceId": "$context.xrayTraceId", - "requestTimeEpoch": "$context.requestTimeEpoch", - "stage": "$context.stage", - "messageId": "$context.messageId", - "wafResponseCode": "$context.wafResponseCode", - "wafError": "$context.waf.error", - "wafLatency": "$context.waf.latency", - "wafStatus": "$context.waf.status", - "webaclArn": "$context.webaclArn" - } - ``` + ```json title="JSON Log Format for REST API" + { + "accountId": "$context.accountId", + "requestId": "$context.requestId", + "authorizerClaimsProperty": "$context.authorizer.claims.property", + "extendedRequestId": "$context.extendedRequestId", + "identitySourceIp": "$context.identity.sourceIp", + "identityCaller": "$context.identity.caller", + "identityUser": "$context.identity.user", + "requestTime": "$context.requestTime", + "status": "$context.status", + "routeKey": "$context.routeKey", + "apiId": "$context.apiId", + "domainPrefix": "$context.domainPrefix", + "httpMethod": "$context.httpMethod", + "identityClientCertSerialNumber": "$context.identity.clientCert.serialNumber", + "identityUserAgent": "$context.identity.userAgent", + "path": "$context.path", + "protocol": "$context.protocol", + "resourceId": "$context.resourceId", + "responseOverrideStatus": "$context.responseOverride.status", + "authorizeError": "$context.authorize.error", + "resourcePath": "$context.resourcePath", + "authorizeLatency": "$context.authorize.latency", + "authorizeStatus": "$context.authorize.status", + "authorizerError": "$context.authorizer.error", + "authorizerIntegrationStatus": "$context.authorizer.integrationStatus", + "authorizerIntegrationLatency": "$context.authorizer.integrationLatency", + "authorizerLatency": "$context.authorizer.latency", + "authorizerPrincipalId": "$context.authorizer.principalId", + "authorizerRequestId": "$context.authorizer.requestId", + "authorizerStatus": "$context.authorizer.status", + "authenticateError": "$context.authenticate.error", + "authenticateLatency": "$context.authenticate.latency", + "authenticateStatus": "$context.authenticate.status", + "connectedAt": "$context.connectedAt", + "connectionId": "$context.connectionId", + "domainName": "$context.domainName", + "errorMessage": "$context.error.message", + "errorResponseType": "$context.error.responseType", + "errorValidationErrorString": "$context.error.validationErrorString", + "eventType": "$context.eventType", + "identityAccountId": "$context.identity.accountId", + "identityPrincipalOrgId": "$context.identity.principalOrgId", + "identityUserArn": "$context.identity.userArn", + "identityApiKey": "$context.identity.apiKey", + "identityApiKeyId": "$context.identity.apiKeyId", + "integrationError": "$context.integration.error", + "integrationIntegrationStatus": "$context.integration.integrationStatus", + "integrationLatency": "$context.integration.latency", + "integrationRequestId": "$context.integration.requestId", + "integrationStatus": "$context.integration.status", + "contextIntegrationLatency": "$context.integrationLatency", + "responseLatency": "$context.responseLatency", + "responseLength": "$context.responseLength", + "xrayTraceId": "$context.xrayTraceId", + "requestTimeEpoch": "$context.requestTimeEpoch", + "stage": "$context.stage", + "messageId": "$context.messageId", + "wafResponseCode": "$context.wafResponseCode", + "wafError": "$context.waf.error", + "wafLatency": "$context.waf.latency", + "wafStatus": "$context.waf.status", + "webaclArn": "$context.webaclArn" + } + ``` * Enable Access logs for HTTP APIs by referring to [AWS documentation](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-logging.html#http-api-enable-logging) and when you specify the `Log format` field use the below JSON. AWS API Gateway - ```json title="JSON Log Format for HTTP API" - { - "requestId": "$context.requestId", - "extendedRequestId": "$context.extendedRequestId", - "identitySourceIp": "$context.identity.sourceIp", - "identityCaller": "$context.identity.caller", - "identityUser": "$context.identity.user", - "requestTime": "$context.requestTime", - "httpMethod": "$context.httpMethod", - "resourcePath": "$context.resourcePath", - "status": "$context.status", - "protocol": "$context.protocol", - "responseLength": "$context.responseLength", - "accountId": "$context.accountId", - "authorizerProperty": "$context.authorizer.property", - "routeKey": "$context.routeKey", - "responseLatency": "$context.responseLatency", - "integrationErrorMessage": "$context.integrationErrorMessage", - "apiId": "$context.apiId", - "authorizerClaimsProperty": "$context.authorizer.claims.property", - "authorizerError": "$context.authorizer.error", - "authorizerPrincipalId": "$context.authorizer.principalId", - "awsEndpointRequestId": "$context.awsEndpointRequestId", - "awsEndpointRequestId2": "$context.awsEndpointRequestId2", - "customDomainBasePathMatched": "$context.customDomain.basePathMatched", - "dataProcessed": "$context.dataProcessed", - "domainName": "$context.domainName", - "domainPrefix": "$context.domainPrefix", - "errorMessage": "$context.error.message", - "errorResponseType": "$context.error.responseType", - "identityAccountId": "$context.identity.accountId", - "identityCognitoAuthenticationProvider": "$context.identity.cognitoAuthenticationProvider", - "identityCognitoAuthenticationType": "$context.identity.cognitoAuthenticationType", - "identityCognitoIdentityId": "$context.identity.cognitoIdentityId", - "identityCognitoIdentityPoolId": "$context.identity.cognitoIdentityPoolId", - "identityPrincipalOrgId": "$context.identity.principalOrgId", - "identityClientCertClientCertPem": "$context.identity.clientCert.clientCertPem", - "identityClientCertSubjectDN": "$context.identity.clientCert.subjectDN", - "identityClientCertIssuerDN": "$context.identity.clientCert.issuerDN", - "identityClientCertSerialNumber": "$context.identity.clientCert.serialNumber", - "identityClientCertValidityNotBefore": "$context.identity.clientCert.validity.notBefore", - "identityClientCertValidityNotAfter": "$context.identity.clientCert.validity.notAfter", - "identityUserAgent": "$context.identity.userAgent", - "identityUserArn": "$context.identity.userArn", - "integrationError": "$context.integration.error", - "integrationIntegrationStatus": "$context.integration.integrationStatus", - "integrationLatency": "$context.integration.latency", - "integrationRequestId": "$context.integration.requestId", - "integrationStatus": "$context.integration.status", - "contextIntegrationLatency": "$context.integrationLatency", - "contextIntegrationStatus": "$context.integrationStatus", - "path": "$context.path", - "requestTimeEpoch": "$context.requestTimeEpoch", - "stage": "$context.stage" - } - ``` + ```json title="JSON Log Format for HTTP API" + { + "requestId": "$context.requestId", + "extendedRequestId": "$context.extendedRequestId", + "identitySourceIp": "$context.identity.sourceIp", + "identityCaller": "$context.identity.caller", + "identityUser": "$context.identity.user", + "requestTime": "$context.requestTime", + "httpMethod": "$context.httpMethod", + "resourcePath": "$context.resourcePath", + "status": "$context.status", + "protocol": "$context.protocol", + "responseLength": "$context.responseLength", + "accountId": "$context.accountId", + "authorizerProperty": "$context.authorizer.property", + "routeKey": "$context.routeKey", + "responseLatency": "$context.responseLatency", + "integrationErrorMessage": "$context.integrationErrorMessage", + "apiId": "$context.apiId", + "authorizerClaimsProperty": "$context.authorizer.claims.property", + "authorizerError": "$context.authorizer.error", + "authorizerPrincipalId": "$context.authorizer.principalId", + "awsEndpointRequestId": "$context.awsEndpointRequestId", + "awsEndpointRequestId2": "$context.awsEndpointRequestId2", + "customDomainBasePathMatched": "$context.customDomain.basePathMatched", + "dataProcessed": "$context.dataProcessed", + "domainName": "$context.domainName", + "domainPrefix": "$context.domainPrefix", + "errorMessage": "$context.error.message", + "errorResponseType": "$context.error.responseType", + "identityAccountId": "$context.identity.accountId", + "identityCognitoAuthenticationProvider": "$context.identity.cognitoAuthenticationProvider", + "identityCognitoAuthenticationType": "$context.identity.cognitoAuthenticationType", + "identityCognitoIdentityId": "$context.identity.cognitoIdentityId", + "identityCognitoIdentityPoolId": "$context.identity.cognitoIdentityPoolId", + "identityPrincipalOrgId": "$context.identity.principalOrgId", + "identityClientCertClientCertPem": "$context.identity.clientCert.clientCertPem", + "identityClientCertSubjectDN": "$context.identity.clientCert.subjectDN", + "identityClientCertIssuerDN": "$context.identity.clientCert.issuerDN", + "identityClientCertSerialNumber": "$context.identity.clientCert.serialNumber", + "identityClientCertValidityNotBefore": "$context.identity.clientCert.validity.notBefore", + "identityClientCertValidityNotAfter": "$context.identity.clientCert.validity.notAfter", + "identityUserAgent": "$context.identity.userAgent", + "identityUserArn": "$context.identity.userArn", + "integrationError": "$context.integration.error", + "integrationIntegrationStatus": "$context.integration.integrationStatus", + "integrationLatency": "$context.integration.latency", + "integrationRequestId": "$context.integration.requestId", + "integrationStatus": "$context.integration.status", + "contextIntegrationLatency": "$context.integrationLatency", + "contextIntegrationStatus": "$context.integrationStatus", + "path": "$context.path", + "requestTimeEpoch": "$context.requestTimeEpoch", + "stage": "$context.stage" + } + ``` * Enable Access logs for WebSocket APIs by referring to [AWS documentation](https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html#set-up-access-logging-using-console) and when you specify the `Log format` field use the below JSON. AWS API Gateway - ```json title="JSON Log Format for WebSocket API" - { - "apiId": "$context.apiId", - "authorizeError": "$context.authorize.error", - "authorizeLatency": "$context.authorize.latency", - "authorizeStatus": "$context.authorize.status", - "authorizerError": "$context.authorizer.error", - "authorizerIntegrationLatency": "$context.authorizer.integrationLatency", - "authorizerIntegrationStatus": "$context.authorizer.integrationStatus", - "authorizerLatency": "$context.authorizer.latency", - "authorizerRequestId": "$context.authorizer.requestId", - "authorizerStatus": "$context.authorizer.status", - "authorizerPrincipalId": "$context.authorizer.principalId", - "authorizerProperty": "$context.authorizer.property", - "authenticateError": "$context.authenticate.error", - "authenticateLatency": "$context.authenticate.latency", - "authenticateStatus": "$context.authenticate.status", - "connectedAt": "$context.connectedAt", - "connectionId": "$context.connectionId", - "domainName": "$context.domainName", - "errorMessage": "$context.error.message", - "errorResponseType": "$context.error.responseType", - "errorValidationErrorString": "$context.error.validationErrorString", - "eventType": "$context.eventType", - "extendedRequestId": "$context.extendedRequestId", - "identityAccountId": "$context.identity.accountId", - "identityApiKey": "$context.identity.apiKey", - "identityApiKeyId": "$context.identity.apiKeyId", - "identityCaller": "$context.identity.caller", - "identityCognitoAuthenticationProvider": "$context.identity.cognitoAuthenticationProvider", - "identityCognitoAuthenticationType": "$context.identity.cognitoAuthenticationType", - "identityCognitoIdentityId": "$context.identity.cognitoIdentityId", - "identityCognitoIdentityPoolId": "$context.identity.cognitoIdentityPoolId", - "identityPrincipalOrgId": "$context.identity.principalOrgId", - "identitySourceIp": "$context.identity.sourceIp", - "identityUser": "$context.identity.user", - "identityUserAgent": "$context.identity.userAgent", - "identityUserArn": "$context.identity.userArn", - "integrationError": "$context.integration.error", - "integrationIntegrationStatus": "$context.integration.integrationStatus", - "integrationLatency": "$context.integrationLatency", - "integrationRequestId": "$context.integration.requestId", - "integrationStatus": "$context.integration.status", - "messageId": "$context.messageId", - "requestId": "$context.requestId", - "requestTime": "$context.requestTime", - "requestTimeEpoch": "$context.requestTimeEpoch", - "routeKey": "$context.routeKey", - "stage": "$context.stage", - "status": "$context.status", - "wafError": "$context.waf.error", - "wafLatency": "$context.waf.latency", - "wafStatus": "$context.waf.status" - } - ``` + ```json title="JSON Log Format for WebSocket API" + { + "apiId": "$context.apiId", + "authorizeError": "$context.authorize.error", + "authorizeLatency": "$context.authorize.latency", + "authorizeStatus": "$context.authorize.status", + "authorizerError": "$context.authorizer.error", + "authorizerIntegrationLatency": "$context.authorizer.integrationLatency", + "authorizerIntegrationStatus": "$context.authorizer.integrationStatus", + "authorizerLatency": "$context.authorizer.latency", + "authorizerRequestId": "$context.authorizer.requestId", + "authorizerStatus": "$context.authorizer.status", + "authorizerPrincipalId": "$context.authorizer.principalId", + "authorizerProperty": "$context.authorizer.property", + "authenticateError": "$context.authenticate.error", + "authenticateLatency": "$context.authenticate.latency", + "authenticateStatus": "$context.authenticate.status", + "connectedAt": "$context.connectedAt", + "connectionId": "$context.connectionId", + "domainName": "$context.domainName", + "errorMessage": "$context.error.message", + "errorResponseType": "$context.error.responseType", + "errorValidationErrorString": "$context.error.validationErrorString", + "eventType": "$context.eventType", + "extendedRequestId": "$context.extendedRequestId", + "identityAccountId": "$context.identity.accountId", + "identityApiKey": "$context.identity.apiKey", + "identityApiKeyId": "$context.identity.apiKeyId", + "identityCaller": "$context.identity.caller", + "identityCognitoAuthenticationProvider": "$context.identity.cognitoAuthenticationProvider", + "identityCognitoAuthenticationType": "$context.identity.cognitoAuthenticationType", + "identityCognitoIdentityId": "$context.identity.cognitoIdentityId", + "identityCognitoIdentityPoolId": "$context.identity.cognitoIdentityPoolId", + "identityPrincipalOrgId": "$context.identity.principalOrgId", + "identitySourceIp": "$context.identity.sourceIp", + "identityUser": "$context.identity.user", + "identityUserAgent": "$context.identity.userAgent", + "identityUserArn": "$context.identity.userArn", + "integrationError": "$context.integration.error", + "integrationIntegrationStatus": "$context.integration.integrationStatus", + "integrationLatency": "$context.integrationLatency", + "integrationRequestId": "$context.integration.requestId", + "integrationStatus": "$context.integration.status", + "messageId": "$context.messageId", + "requestId": "$context.requestId", + "requestTime": "$context.requestTime", + "requestTimeEpoch": "$context.requestTimeEpoch", + "routeKey": "$context.routeKey", + "stage": "$context.stage", + "status": "$context.status", + "wafError": "$context.waf.error", + "wafLatency": "$context.waf.latency", + "wafStatus": "$context.waf.status" + } + ``` 5. To Export logs, refer to [Manually subscribe AWS Kinesis Firehose stream to an existing CloudWatch Log Group](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-logs-source/#manually-subscribeaws-kinesis-firehose-stream-to-an-existing-cloudwatch-log-group). ### Collect AWS API Gateway CloudTrail logs -To your Hosted Collector, add an [AWS CloudTrail Source](/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source.md) using the instructions below. - -#### Collect CloudTrail API Gateway data events - -To configure a CloudTrail Source, perform these steps: +#### Prerequisites 1. [Grant Sumo Logic access](/docs/send-data/hosted-collectors/amazon-aws/grant-access-aws-product) to an Amazon S3 bucket. 2. [Create a trail for your AWS account](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html). For more information on what events are logged, refer to the [API Gateway API calls documentation](https://docs.aws.amazon.com/apigateway/latest/developerguide/cloudtrail.html). 3. Confirm that logs are being delivered to the Amazon S3 bucket. -4. Add an [AWS CloudTrail Source](/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source.md) to Sumo Logic. While configuring the source, add an **account** field and assign it a value that is a friendly name/alias to your AWS account from which you are collecting logs. This name will appear in the [AWS Observability view](/docs/dashboards/explore-view/#aws-observability). Logs can be queried via the `account` field. - Fields +:::note +Namespace for **AWS API Gateway** service is **AWS/ApiGateway**. +::: + +Follow the steps below to collect logs for AWS API Gateway: +1. Configure a [CloudTrail Logs Source](/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source/). +1. Add custom metadata [fields](/docs/manage/fields) with your logs: + 1. Click **+Add Field** under **Metadata**. Each field consists of a name (key) and a corresponding value. + 1. Create a field named `account` and assign it a value that represents a friendly name or alias to your AWS account from which logs are collected. This value will appear in the [AWS Observability view](/docs/dashboards/explore-view/#aws-observability), and logs can be queried using the `account` field.
Metadata + 1. After adding fields, check their status indicators: + * Green check circle A green check mark indicates the field exists and is enabled in the Fields table schema. + * Orange exclamation point An orange exclamation icon indicates the field does not exist or is disabled in the schema. + * You will have the option to automatically add or enable the field. + * If a field is sent but not present or enabled in the schema, it is ignored and marked as **Dropped**. ### Centralized AWS CloudTrail log collection diff --git a/docs/integrations/amazon-aws/elasticache.md b/docs/integrations/amazon-aws/elasticache.md index c3798cbba2..67f0d986cf 100644 --- a/docs/integrations/amazon-aws/elasticache.md +++ b/docs/integrations/amazon-aws/elasticache.md @@ -107,44 +107,54 @@ account={{account}} region={{region}} namespace={{namespace}} "\"eventSource\":\ ## Collecting logs and metrics for Amazon ElastiCache -This section provides instructions for setting up log and metric collection. +### Configure Hosted Collector + +When you create an AWS Source, you'll need to identify the Hosted Collector you want to use or create a new Hosted Collector. Once you create an AWS Source, associate it with a Hosted Collector. For instructions, see [Configure a Hosted Collector and Source](/docs/send-data/hosted-collectors/configure-hosted-collector). ### Collect Amazon CloudWatch metrics -Sumo Logic supports collecting metrics using two source types: +Sumo Logic supports collecting metrics using one of the following source types: -* Configure an [AWS Kinesis Firehose for Metrics Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-metrics-source) (Recommended) - or +* Configure an [AWS Kinesis Firehose for Metrics Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-metrics-source) (**recommended**) * Configure an [Amazon CloudWatch Source for Metrics](/docs/send-data/hosted-collectors/amazon-aws/amazon-cloudwatch-source-metrics) -:::note -Namespace for **Amazon ElastiCache** Service is **AWS/ElastiCache**. -::: + :::note + Namespace for **Amazon ElastiCache** service is **AWS/ElastiCache**. + ::: -**Metadata**. Add an **account** field to the source and assign it a value that is a friendly name/alias to your AWS account from which you are collecting metrics. The **account** field allows you to query metrics. +Follow the steps below to add custom metadata [fields](/docs/manage/fields) with your metrics: +1. Click **+Add Field** under **Metadata**. Each field consists of a name (key) and a corresponding value. +1. Create a field named `account` and assign it a value that represents a friendly name or alias to your AWS account from which metrics are collected. This value will appear in the [AWS Observability view](/docs/dashboards/explore-view/#aws-observability), and metrics can be queried using the `account` field.
Metadata +1. After adding fields, check their status indicators: + * Green check circle A green check mark indicates the field exists and is enabled in the Fields table schema. + * Orange exclamation point An orange exclamation icon indicates the field does not exist or is disabled in the schema. + * You will have the option to automatically add or enable the field. + * If a field is sent but not present or enabled in the schema, it is ignored and marked as **Dropped**. -Metadata +### Collect Amazon ElastiCache CloudTrail logs +#### Prerequisites -### Collect Amazon ElastiCache CloudTrail logs +1. [Grant Sumo Logic access](/docs/send-data/hosted-collectors/amazon-aws/grant-access-aws-product) to an Amazon S3 bucket. +2. [Create a trail for your AWS account](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html). For more information on what events are logged, refer to the [ElastiCache API calls documentation](https://docs.aws.amazon.com/AmazonElastiCache/latest/dg/logging-using-cloudtrail.html). +3. Confirm that logs are being delivered to the Amazon S3 bucket. + +:::note +Namespace for **Amazon ElastiCache** service is **AWS/ElastiCache**. +::: + +Follow the steps below to collect logs for Amazon ElastiCache: +1. Configure a [CloudTrail Logs Source](/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source/). +1. Add custom metadata [fields](/docs/manage/fields) with your logs: + 1. Click **+Add Field** under **Metadata**. Each field consists of a name (key) and a corresponding value. + 1. Create a field named `account` and assign it a value that represents a friendly name or alias to your AWS account from which logs are collected. This value will appear in the [AWS Observability view](/docs/dashboards/explore-view/#aws-observability), and logs can be queried using the `account` field.
Metadata + 1. After adding fields, check their status indicators: + * Green check circle A green check mark indicates the field exists and is enabled in the Fields table schema. + * Orange exclamation point An orange exclamation icon indicates the field does not exist or is disabled in the schema. + * You will have the option to automatically add or enable the field. + * If a field is sent but not present or enabled in the schema, it is ignored and marked as **Dropped**. -1. To your Hosted Collector, add an [AWS CloudTrail Source](/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source.md). - * **Name**. Enter a name to display for the new Source. - * **Description**. Enter an optional description. - * **S3 Region**. Select the Amazon Region for your **ElastiCache** S3 bucket. - * **Bucket Name**. Enter the exact name of your **ElastiCache** S3 bucket. - * **Path Expression**. Enter the string that matches the S3 objects you'd like to collect. You can use a wildcard (*) in this string. (DO NOT use a leading forward slash. See [Amazon Path Expressions](/docs/send-data/hosted-collectors/amazon-aws/amazon-path-expressions).) The S3 bucket name is not part of the path. Don’t include the bucket name when you are setting the Path Expression. - * **Source Category**. Enter aws/observability/cloudtrail/logs - * **Fields**. Add an **account** field and assign it a value which is a friendly name / alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”. - * **Access Key ID and Secret Access Key**. Enter your Amazon [Access Key ID and Secret Access Key](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSGettingStartedGuide/AWSCredentials.html). Learn how to use Role-based access to AWS [here](/docs/send-data/hosted-collectors/amazon-aws/aws-sources) - * **Log File Discovery -> Scan Interval**. Use the default of 5 minutes. Alternately, enter the frequency. Sumo Logic will scan your S3 bucket for new data. Learn how to configure **Log File Discovery** [here](/docs/send-data/hosted-collectors/amazon-aws/aws-sources). - * **Enable Timestamp Parsing**. Select the **Extract timestamp information from log file entries** check box. - * **Time Zone**. Select **Ignore time zone from the log file and instead use**, and select **UTC** from the dropdown. - * **Timestamp Format.** Select **Automatically detect the format**. - * **Enable Multiline Processing**. Select the **Detect messages spanning multiple lines** check box, and select **Infer Boundaries**. -2. Click **Save**. - -### Centralized AWS CloudTrail Log collection +### Centralized AWS CloudTrail log collection In case you have a centralized collection of CloudTrail logs and are ingesting them from all accounts into a single Sumo Logic CloudTrail log source, create the following Field Extraction Rule to map a proper AWS account(s) friendly name / alias. Create it if not already present / update it as required. @@ -154,8 +164,9 @@ Applied at: Ingest Time Scope (Specific Data): _sourceCategory=aws/observability/cloudtrail/logs ``` -**Parse Expression**. Enter a parse expression to create an “account” field that maps to the alias you set for each sub account. For example, if you used the `“dev”` alias for an AWS account with ID `"528560886094"` and the `“prod”` alias for an AWS account with ID `"567680881046"`, your parse expression would look like: +#### Parse Expression +Enter a parse expression to create an “account” field that maps to the alias you set for each sub account. For example, if you used the `“dev”` alias for an AWS account with ID `"528560886094"` and the `“prod”` alias for an AWS account with ID `"567680881046"`, your parse expression would look like: ```sumo | json "recipientAccountId" diff --git a/docs/integrations/amazon-aws/lambda.md b/docs/integrations/amazon-aws/lambda.md index 335417e1b3..4ebe7f078b 100644 --- a/docs/integrations/amazon-aws/lambda.md +++ b/docs/integrations/amazon-aws/lambda.md @@ -136,55 +136,72 @@ account={{account}} region={{region}} Namespace={{namespace}} namespace=aws/lambda metric=Errors statistic=Sum account=* region=* functionname=* Resource=* | sum ``` -## Collecting logs for the AWS Lambda app +## Collecting logs and metrics for AWS Lambda app -This section provides instructions for setting up log and metric collection. +### Configure Hosted Collector -### Collect Amazon CloudWatch logs - -Sumo supports several methods for collecting Lambda logs from Amazon CloudWatch. You can choose any of them to collect logs. -- **AWS Kinesis Firehose for Logs**. Configure an [AWS Kinesis Firehose for Logs](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-logs-source/#create-an-aws-kinesis-firehose-for-logssource) (Recommended). -- **Lambda Log Forwarder**. Configure a collection of Amazon CloudWatch Logs using our AWS Lambda function using a Sumo Logic provided CloudFormation template, as described in [Amazon CloudWatch Logs](/docs/send-data/collect-from-other-data-sources/amazon-cloudwatch-logs/) or configure collection without using CloudFormation, see [Collect Amazon CloudWatch Logs using a Lambda Function](/docs/send-data/collect-from-other-data-sources/amazon-cloudwatch-logs/collect-with-lambda-function/).
+When you create an AWS Source, you'll need to identify the Hosted Collector you want to use or create a new Hosted Collector. Once you create an AWS Source, associate it with a Hosted Collector. For instructions, see [Configure a Hosted Collector and Source](/docs/send-data/hosted-collectors/configure-hosted-collector). -* While configuring the CloudWatch log source, the following Fields can be added in the source: - * Add an **account** field and assign it a value that is a friendly name/alias to your AWS account from which you are collecting logs. Logs can be queried via the **account** field. - * Add a **region** field and assign it the value of the respective AWS region where the Lambda function exists. - * Add an **accountId** field and assign it the value of the respective AWS account ID being used. +### Collect Amazon CloudWatch logs -Fields +Sumo Logic supports collecting Lambda logs from Amazon CloudWatch using one of the following methods: +- **AWS Kinesis Firehose for Logs**. Configure an [AWS Kinesis Firehose for Logs Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-logs-source/#create-an-aws-kinesis-firehose-for-logssource) (**Recommended**) +- **Lambda Log Forwarder**. There are two ways to set up the Lambda Log Forwarder: + - **With CloudFormation**. Configure the collection of Amazon CloudWatch logs using Sumo Logic-provided CloudFormation template, as described in [Amazon CloudWatch Logs](/docs/send-data/collect-from-other-data-sources/amazon-cloudwatch-logs/). + - **Without CloudFormation**. Configure the collection of Amazon CloudWatch Logs using a Lambda function, as described in [Collect Amazon CloudWatch Logs using a Lambda Function](/docs/send-data/collect-from-other-data-sources/amazon-cloudwatch-logs/collect-with-lambda-function/). + +Follow the steps below to add custom fields when configuring the CloudWatch log source: +1. Click **+Add Field** under **Metadata**. Each field consists of a name (key) and a corresponding value. +1. Create a field named `account` and assign it a value that represents a friendly name or alias to your AWS account from which metrics are collected. This value will appear in the [AWS Observability view](/docs/dashboards/explore-view/#aws-observability), and logs can be queried using the `account` field.
Fields +1. Add a `region` field and assign it the value of the respective AWS region where the Lambda function exists. +1. Add an `accountId` field and assign it the value of the respective AWS account ID being used. +1. After adding fields, check their status indicators: + * Green check circle A green check mark indicates the field exists and is enabled in the Fields table schema. + * Orange exclamation point An orange exclamation icon indicates the field does not exist or is disabled in the schema. + * You will have the option to automatically add or enable the field. + * If a field is sent but not present or enabled in the schema, it is ignored and marked as **Dropped**. ### Collect CloudTrail Lambda data events -To configure a CloudTrail Source, perform these steps: +#### Prerequisites 1. [Grant Sumo Logic access](/docs/send-data/hosted-collectors/amazon-aws/grant-access-aws-product) to an Amazon S3 bucket. 2. [Configure DataEvents with CloudTrail](https://docs.aws.amazon.com/lambda/latest/dg/logging-using-cloudtrail.html) in your AWS account. 3. Confirm that logs are being delivered to the Amazon S3 bucket. -4. Add an [AWS CloudTrail Source](/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source.md) to Sumo Logic. -5. While configuring the cloud trail log source, the following field can be added to the source: - * Add an **account** field and assign it a value that is a friendly name/alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”. -Fields +Follow the steps below to collect logs for AWS Lambda: +1. Configure a [CloudTrail Logs Source](/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source.md). +1. Add custom metadata [fields](/docs/manage/fields) with your logs: + 1. Click **+Add Field** under **Metadata**. Each field consists of a name (key) and a corresponding value. + 1. Create a field named `account` and assign it a value that represents a friendly name or alias to your AWS account from which logs are collected. This value will appear in the [AWS Observability view](/docs/dashboards/explore-view/#aws-observability), and logs can be queried using the `account` field.
Metadata + 1. After adding fields, check their status indicators: + * Green check circle A green check mark indicates the field exists and is enabled in the Fields table schema. + * Orange exclamation point An orange exclamation icon indicates the field does not exist or is disabled in the schema. + * You will have the option to automatically add or enable the field. + * If a field is sent but not present or enabled in the schema, it is ignored and marked as **Dropped**. ### Collect Amazon CloudWatch metrics -Sumo Logic supports collecting metrics using two source types: +Sumo Logic supports collecting metrics using one of the following source types: -* Configure an [AWS Kinesis Firehose for Metrics Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-metrics-source) (Recommended) - or +* Configure an [AWS Kinesis Firehose for Metrics Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-metrics-source) (**recommended**) * Configure an [Amazon CloudWatch Source for Metrics](/docs/send-data/hosted-collectors/amazon-aws/amazon-cloudwatch-source-metrics) -:::note -Namespace for **Amazon Lambda** Service is **AWS/Lambda**. -::: - -* **Metadata**. Add an **account** field to the source and assign it a value that is a friendly name/alias to your AWS account from which you are collecting metrics. The **account** field allows you to query metrics. + :::note + Namespace for **AWS ElastiCache** service is **AWS/ElastiCache**. + ::: -Metadata +Follow the steps below to add custom metadata [fields](/docs/manage/fields) with your metrics: +1. Click **+Add Field** under **Metadata**. Each field consists of a name (key) and a corresponding value. +1. Create a field named `account` and assign it a value that represents a friendly name or alias to your AWS account from which metrics are collected. This value will appear in the [AWS Observability view](/docs/dashboards/explore-view/#aws-observability), and metrics can be queried using the `account` field.
Metadata +1. After adding fields, check their status indicators: + * Green check circle A green check mark indicates the field exists and is enabled in the Fields table schema. + * Orange exclamation point An orange exclamation icon indicates the field does not exist or is disabled in the schema. + * You will have the option to automatically add or enable the field. + * If a field is sent but not present or enabled in the schema, it is ignored and marked as **Dropped**. Continue with the process of [enabling Provisioned Concurrency configurations](#enable-provisioned-concurrency-configurations-for-lambda-functions) for Lambda functions, as needed. - ### Enable Provisioned Concurrency configurations for Lambda functions AWS Lambda provides Provisioned Concurrency for greater control over the start-up time for Lambda functions. When enabled, [Provisioned Concurrency](https://docs.aws.amazon.com/lambda/latest/dg/provisioned-concurrency.html) keeps functions initialized and hyper-ready to respond in double-digit milliseconds. AWS Lambda provides additional metrics for provisioned concurrency with CloudWatch. @@ -198,8 +215,8 @@ To collect the metrics in Sumo Logic, follow the steps below: Once Provisioned Concurrency is enabled and you start collecting CloudWatch metrics, the following new metrics will be available: -| Metric | Description | -|:-----------|:-------------------------| +| Metric | Description | +|:--|:--| | **ProvisionedConcurrentExecutions** | Concurrent Executions using Provisioned Concurrency | | **ProvisionedConcurrencyUtilization** | Fraction of Provisioned Concurrency in use | | **ProvisionedConcurrencyInvocations** | Number of Invocations using Provisioned Concurrency | @@ -219,7 +236,7 @@ Applied at: Ingest Time Scope (Specific Data): _sourceCategory= ``` -**Parse Expression**: +#### Parse Expression Enter a parse expression to create an “account” field that maps to the alias you set for each sub-account. For example, if you used the `“dev”` alias for an AWS account with ID `"528560886094"` and the `“prod”` alias for an AWS account with ID `"567680881046"`, your parse expression would look like: diff --git a/docs/integrations/amazon-aws/network-load-balancer.md b/docs/integrations/amazon-aws/network-load-balancer.md index 0c3bdb1a43..e80fcbaf66 100644 --- a/docs/integrations/amazon-aws/network-load-balancer.md +++ b/docs/integrations/amazon-aws/network-load-balancer.md @@ -30,14 +30,14 @@ When you create an AWS Source, you'll need to identify the Hosted Collector you ### Collect AWS Network Load Balancer metrics -Sumo Logic supports collecting metrics using two source types: +Sumo Logic supports collecting metrics using one of the following source types: -* Configure an [AWS Kinesis Firehose for Metrics Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-metrics-source) (**recommended**); or +* Configure an [AWS Kinesis Firehose for Metrics Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-metrics-source) (**recommended**) * Configure an [Amazon CloudWatch Source for Metrics](/docs/send-data/hosted-collectors/amazon-aws/amazon-cloudwatch-source-metrics) -:::note -Namespace for **AWS Network Load Balancer** service is **AWS/NetworkELB**. -::: + :::note + Namespace for **AWS Network Load Balancer** service is **AWS/NetworkELB**. + ::: Follow the steps below to add custom metadata [fields](/docs/manage/fields) with your metrics: 1. Click **+Add Field** under **Metadata**. Each field consists of a name (key) and a corresponding value. @@ -50,12 +50,18 @@ Follow the steps below to add custom metadata [fields](/docs/manage/fields) with ### Collect AWS Network Load Balancer CloudTrail logs -:::note -Namespace for **AWS Network Load Balancer** service is **AWS/NetworkELB**. -::: +#### Prerequisites + +1. [Grant Sumo Logic access](/docs/send-data/hosted-collectors/amazon-aws/grant-access-aws-product) to an Amazon S3 bucket. +2. [Create a trail for your AWS account](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html). +3. Confirm that logs are being delivered to the Amazon S3 bucket. + + :::note + Namespace for **AWS Network Load Balancer** service is **AWS/NetworkELB**. + ::: -Follow the steps below to collect logs for your AWS Network Load Balancer (NLB): -1. Configure a [Cloudtrail Logs Source](/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source/). +Follow the steps below to collect logs for AWS Network Load Balancer (NLB): +1. Configure a [CloudTrail Logs Source](/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source/). 1. Add custom metadata [fields](/docs/manage/fields) with your logs: 1. Click **+Add Field** under **Metadata**. Each field consists of a name (key) and a corresponding value. 1. Create a field named `account` and assign it a value that represents a friendly name or alias to your AWS account from which logs are collected. This value will appear in the [AWS Observability view](/docs/dashboards/explore-view/#aws-observability), and logs can be queried using the `account` field.Metadata From 17808c702ba11a8e7d985555d2408c186cfe2bac Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Thu, 25 Jun 2026 15:28:34 +0530 Subject: [PATCH 05/16] DOCS-1710 - Minor fixes to API Gateway, ElastiCache, and Lambda docs Co-Authored-By: Claude Sonnet 4.6 --- docs/integrations/amazon-aws/api-gateway.md | 2 +- docs/integrations/amazon-aws/elasticache.md | 2 +- docs/integrations/amazon-aws/lambda.md | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/integrations/amazon-aws/api-gateway.md b/docs/integrations/amazon-aws/api-gateway.md index 519a395dcc..01083ed89e 100644 --- a/docs/integrations/amazon-aws/api-gateway.md +++ b/docs/integrations/amazon-aws/api-gateway.md @@ -485,7 +485,7 @@ _sourceCategory=aws/observability/cloudtrail/logs #### Parse Expression -Enter a parse expression to create an `account` field that maps to the alias you set for each sub account. For example, if you used the `“dev”` alias for an AWS account with ID `"528560886094"` and the `“prod”` alias for an AWS account with ID `"567680881046"`, your parse expression would look like this: +Enter a parse expression to create an `account` field that maps to the alias you set for each sub account. For example, if you used the `dev` alias for an AWS account with ID `528560886094` and the `prod` alias for an AWS account with ID `567680881046`, your parse expression would look like this: ```sumo | json "recipientAccountId" diff --git a/docs/integrations/amazon-aws/elasticache.md b/docs/integrations/amazon-aws/elasticache.md index 67f0d986cf..0aba63b2ee 100644 --- a/docs/integrations/amazon-aws/elasticache.md +++ b/docs/integrations/amazon-aws/elasticache.md @@ -166,7 +166,7 @@ Scope (Specific Data): _sourceCategory=aws/observability/cloudtrail/logs #### Parse Expression -Enter a parse expression to create an “account” field that maps to the alias you set for each sub account. For example, if you used the `“dev”` alias for an AWS account with ID `"528560886094"` and the `“prod”` alias for an AWS account with ID `"567680881046"`, your parse expression would look like: +Enter a parse expression to create an “account” field that maps to the alias you set for each sub account. For example, if you used the `dev` alias for an AWS account with ID `528560886094` and the `prod` alias for an AWS account with ID `567680881046`, your parse expression would look like: ```sumo | json "recipientAccountId" diff --git a/docs/integrations/amazon-aws/lambda.md b/docs/integrations/amazon-aws/lambda.md index 4ebe7f078b..b3eac28e90 100644 --- a/docs/integrations/amazon-aws/lambda.md +++ b/docs/integrations/amazon-aws/lambda.md @@ -217,9 +217,9 @@ Once Provisioned Concurrency is enabled and you start collecting CloudWatch metr | Metric | Description | |:--|:--| -| **ProvisionedConcurrentExecutions** | Concurrent Executions using Provisioned Concurrency | -| **ProvisionedConcurrencyUtilization** | Fraction of Provisioned Concurrency in use | -| **ProvisionedConcurrencyInvocations** | Number of Invocations using Provisioned Concurrency | +| **ProvisionedConcurrentExecutions** | Concurrent Executions using Provisioned Concurrency | +| **ProvisionedConcurrencyUtilization** | Fraction of Provisioned Concurrency in use | +| **ProvisionedConcurrencyInvocations** | Number of Invocations using Provisioned Concurrency | | **ProvisionedConcurrencySpilloverInvocations** | Number of Invocations that are above Provisioned Concurrency | These metrics can then be queried using Sumo Logic [Metrics queries](/docs/metrics/metrics-queries), as shown in the following example: @@ -238,7 +238,7 @@ Scope (Specific Data): _sourceCategory= Date: Thu, 25 Jun 2026 15:34:01 +0530 Subject: [PATCH 06/16] DOCS-1710 - Fix ElastiCache and Lambda docs Co-Authored-By: Claude Sonnet 4.6 --- docs/integrations/amazon-aws/elasticache.md | 2 +- docs/integrations/amazon-aws/lambda.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/integrations/amazon-aws/elasticache.md b/docs/integrations/amazon-aws/elasticache.md index 0aba63b2ee..3a788157a2 100644 --- a/docs/integrations/amazon-aws/elasticache.md +++ b/docs/integrations/amazon-aws/elasticache.md @@ -166,7 +166,7 @@ Scope (Specific Data): _sourceCategory=aws/observability/cloudtrail/logs #### Parse Expression -Enter a parse expression to create an “account” field that maps to the alias you set for each sub account. For example, if you used the `dev` alias for an AWS account with ID `528560886094` and the `prod` alias for an AWS account with ID `567680881046`, your parse expression would look like: +Enter a parse expression to create an `account` field that maps to the alias you set for each sub account. For example, if you used the `dev` alias for an AWS account with ID `528560886094` and the `prod` alias for an AWS account with ID `567680881046`, your parse expression would look like: ```sumo | json "recipientAccountId" diff --git a/docs/integrations/amazon-aws/lambda.md b/docs/integrations/amazon-aws/lambda.md index b3eac28e90..6635c8b22f 100644 --- a/docs/integrations/amazon-aws/lambda.md +++ b/docs/integrations/amazon-aws/lambda.md @@ -238,7 +238,7 @@ Scope (Specific Data): _sourceCategory= Date: Thu, 25 Jun 2026 15:43:33 +0530 Subject: [PATCH 07/16] DOCS-1710 - Update cid-redirects and Lambda doc fix Co-Authored-By: Claude Sonnet 4.6 --- cid-redirects.json | 6 +++++- docs/integrations/amazon-aws/lambda.md | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/cid-redirects.json b/cid-redirects.json index 114ab078c0..d7db1cde5a 100644 --- a/cid-redirects.json +++ b/cid-redirects.json @@ -5166,5 +5166,9 @@ "/release-notes-service/2025/12/02/search": "/release-notes-service/2025/12/31/#december-02-2025-search", "/release-notes-service/2025/12/03/manage": "/release-notes-service/2025/12/31/#december-03-2025-manage", "/release-notes-service/2026/03/16/search": "/release-notes-service/2026/03/16/manage/", - "/docs/integrations/amazon-aws/lambda/#collecting-logs-for-the-aws-lambda-app": "/docs/integrations/amazon-aws/lambda/#collecting-logs-and-metrics-for-aws-lambda-app" + "/docs/integrations/amazon-aws/api-gateway/#collect-metrics-for-aws-api-gateway": "/docs/integrations/amazon-aws/api-gateway/#collect-aws-api-gateway-metrics", + "/docs/integrations/amazon-aws/network-load-balancer/#collecting-logs-and-metrics-for-the-aws-network-load-balancer":"/docs/integrations/amazon-aws/network-load-balancer/#collecting-logs-and-metrics-for-aws-network-load-balancer", + "/docs/integrations/amazon-aws/network-load-balancer/#collect-metrics": "/docs/integrations/amazon-aws/network-load-balancer#collect-aws-network-load-balancer-metrics", + "/docs/integrations/amazon-aws/network-load-balancer/#collect-cloudtrail-logs": "/docs/integrations/amazon-aws/network-load-balancer/#collect-aws-network-load-balancer-cloudtrail-logs", + "/docs/integrations/amazon-aws/lambda/#collecting-logs-for-the-aws-lambda-app": "/docs/integrations/amazon-aws/lambda/#collecting-logs-and-metrics-for-aws-lambda" } diff --git a/docs/integrations/amazon-aws/lambda.md b/docs/integrations/amazon-aws/lambda.md index 6635c8b22f..0136673e25 100644 --- a/docs/integrations/amazon-aws/lambda.md +++ b/docs/integrations/amazon-aws/lambda.md @@ -136,7 +136,7 @@ account={{account}} region={{region}} Namespace={{namespace}} namespace=aws/lambda metric=Errors statistic=Sum account=* region=* functionname=* Resource=* | sum ``` -## Collecting logs and metrics for AWS Lambda app +## Collecting logs and metrics for AWS Lambda ### Configure Hosted Collector From 89ae1edcba29d4f4dc4c6f516aa62b5d64919be0 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Thu, 25 Jun 2026 18:44:47 +0530 Subject: [PATCH 08/16] Update cid-redirects.json --- cid-redirects.json | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/cid-redirects.json b/cid-redirects.json index d7db1cde5a..a488c7af38 100644 --- a/cid-redirects.json +++ b/cid-redirects.json @@ -5165,10 +5165,5 @@ "/release-notes-service/2025/09/08/search": "/release-notes-service/2025/12/31/#october-09-2025-search", "/release-notes-service/2025/12/02/search": "/release-notes-service/2025/12/31/#december-02-2025-search", "/release-notes-service/2025/12/03/manage": "/release-notes-service/2025/12/31/#december-03-2025-manage", - "/release-notes-service/2026/03/16/search": "/release-notes-service/2026/03/16/manage/", - "/docs/integrations/amazon-aws/api-gateway/#collect-metrics-for-aws-api-gateway": "/docs/integrations/amazon-aws/api-gateway/#collect-aws-api-gateway-metrics", - "/docs/integrations/amazon-aws/network-load-balancer/#collecting-logs-and-metrics-for-the-aws-network-load-balancer":"/docs/integrations/amazon-aws/network-load-balancer/#collecting-logs-and-metrics-for-aws-network-load-balancer", - "/docs/integrations/amazon-aws/network-load-balancer/#collect-metrics": "/docs/integrations/amazon-aws/network-load-balancer#collect-aws-network-load-balancer-metrics", - "/docs/integrations/amazon-aws/network-load-balancer/#collect-cloudtrail-logs": "/docs/integrations/amazon-aws/network-load-balancer/#collect-aws-network-load-balancer-cloudtrail-logs", - "/docs/integrations/amazon-aws/lambda/#collecting-logs-for-the-aws-lambda-app": "/docs/integrations/amazon-aws/lambda/#collecting-logs-and-metrics-for-aws-lambda" -} + "/release-notes-service/2026/03/16/search": "/release-notes-service/2026/03/16/manage/" + } From 0dcc1b00b187939032a9488f1c6e34c2e33360f4 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Fri, 26 Jun 2026 19:53:22 +0530 Subject: [PATCH 09/16] DOCS-1710 - AWSO Apps doc consistency updates for RDS, SNS, SQS, NLB, and others Co-Authored-By: Claude Sonnet 4.6 --- docs/integrations/amazon-aws/api-gateway.md | 55 +++-- docs/integrations/amazon-aws/elasticache.md | 20 +- docs/integrations/amazon-aws/lambda.md | 38 ++- .../amazon-aws/network-load-balancer.md | 124 +++++++++- docs/integrations/amazon-aws/rds.md | 223 ++++++++++-------- docs/integrations/amazon-aws/sns.md | 148 +++++++----- docs/integrations/amazon-aws/sqs.md | 95 +++++--- docs/reuse/apps/app-install-v2.md | 2 +- 8 files changed, 469 insertions(+), 236 deletions(-) diff --git a/docs/integrations/amazon-aws/api-gateway.md b/docs/integrations/amazon-aws/api-gateway.md index 01083ed89e..42c9bc0783 100644 --- a/docs/integrations/amazon-aws/api-gateway.md +++ b/docs/integrations/amazon-aws/api-gateway.md @@ -13,23 +13,26 @@ AWS API Gateway service allows you to create RESTful APIs, HTTP APIs, and WebSoc The Sumo Logic AWS API Gateway app provides insights into API Gateway tasks while accepting and processing concurrent API calls throughout your infrastructure, including traffic management, CORS support, authorization and access control, throttling, monitoring, and API version management. -## Log and metrics types +## Log and metric types The AWS API Gateway app uses the following logs and metrics: -* Amazon API Gateway metrics: - * [REST APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-metrics-and-dimensions.html) External link icon - * [HTTP APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-metrics.html) External link icon - * [WebSocket APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-logging.html) External link icon -* [CloudTrail API Gateway Data Event](https://docs.aws.amazon.com/apigateway/latest/developerguide/cloudtrail.html) External link icon +* [Amazon API Gateway CloudTrail Logs](https://docs.aws.amazon.com/apigateway/latest/developerguide/cloudtrail.html) External link icon * Amazon API Gateway access logs: * [REST APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-mapping-template-reference.html#context-variable-reference) External link icon * [HTTP APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-logging-variables.html) External link icon * [WebSocket APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/websocket-api-logging.html) External link icon +* Amazon API Gateway Metrics: + * [REST APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-metrics-and-dimensions.html) External link icon + * [HTTP APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-metrics.html) External link icon + * [WebSocket APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-logging.html) External link icon ### Sample log messages -```json title="Sample CloudTrail Log Message" +
+Sample CloudTrail Log Message + +```json { "eventVersion":"1.05", "userIdentity":{ @@ -71,8 +74,12 @@ The AWS API Gateway app uses the following logs and metrics: "recipientAccountId":"123408221234" } ``` +
+ +
+Sample Access Log Message -```json title="Sample Access Log Message" +```json { "requestId": "bf04adbf-eacc-4601-8c14-94605f242e1a", "extendedRequestId": "Sca3bFUQgi0EYeA=", @@ -128,6 +135,7 @@ The AWS API Gateway app uses the following logs and metrics: "wafStatus": "200" } ``` +
### Sample queries @@ -259,7 +267,10 @@ Call the [UpdateStage](https://docs.aws.amazon.com/apigatewayv2/latest/api-refer AWS API Gateway - ```json title="JSON Log Format for REST API" +
+ JSON Log Format for REST API + + ```json { "accountId": "$context.accountId", "requestId": "$context.requestId", @@ -325,12 +336,15 @@ Call the [UpdateStage](https://docs.aws.amazon.com/apigatewayv2/latest/api-refer "webaclArn": "$context.webaclArn" } ``` - +
* Enable Access logs for HTTP APIs by referring to [AWS documentation](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-logging.html#http-api-enable-logging) and when you specify the `Log format` field use the below JSON. AWS API Gateway - ```json title="JSON Log Format for HTTP API" +
+ JSON Log Format for HTTP API + + ```json { "requestId": "$context.requestId", "extendedRequestId": "$context.extendedRequestId", @@ -386,12 +400,16 @@ Call the [UpdateStage](https://docs.aws.amazon.com/apigatewayv2/latest/api-refer "stage": "$context.stage" } ``` +
* Enable Access logs for WebSocket APIs by referring to [AWS documentation](https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html#set-up-access-logging-using-console) and when you specify the `Log format` field use the below JSON. AWS API Gateway - ```json title="JSON Log Format for WebSocket API" +
+ JSON Log Format for WebSocket API + + ```json { "apiId": "$context.apiId", "authorizeError": "$context.authorize.error", @@ -446,11 +464,16 @@ Call the [UpdateStage](https://docs.aws.amazon.com/apigatewayv2/latest/api-refer "wafStatus": "$context.waf.status" } ``` +
5. To Export logs, refer to [Manually subscribe AWS Kinesis Firehose stream to an existing CloudWatch Log Group](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-logs-source/#manually-subscribeaws-kinesis-firehose-stream-to-an-existing-cloudwatch-log-group). ### Collect AWS API Gateway CloudTrail logs +:::note +CloudTrail data events will be collected under this source. +::: + #### Prerequisites 1. [Grant Sumo Logic access](/docs/send-data/hosted-collectors/amazon-aws/grant-access-aws-product) to an Amazon S3 bucket. @@ -504,7 +527,9 @@ import AppInstall from '../../reuse/apps/app-install-v2.md'; -As part of the app installation process, the following fields will be created by default: +As part of the app installation process, the following **content** will be created by default along with dashboards and monitor template: + +#### Fields - `account` Name / alias to the AWS account. - `accountid` AWS account id. @@ -513,7 +538,7 @@ As part of the app installation process, the following fields will be created by - `apiname` API Gateway API name. - `apiid` API Gateway API id. -### Field Extraction Rule(s) +#### Field Extraction Rule(s) The FER **AwsObservabilityAPIGatewayCloudTrailLogsFER** to extract fields `accountid`, `namespace`, `region`, and `apiname` from CloudTrail logs will be created as a part of app installation. @@ -521,7 +546,7 @@ The FER **AwsObservabilityAPIGatewayAccessLogsFER** to extract fields `namespace The FER **AwsObservabilityAPIGatewayCloudWatchLogsFER** to extract fields `namespace`, `apiid`, and `apiname` from CloudWatch logs will be created as a part of app installation. -### Metric Rule(s) +#### Metric Rule(s) The Metric Rule **AwsObservabilityAPIGatewayMetricsRule** for the AWS/ApiGateway namespace will be created as a part of app installation. diff --git a/docs/integrations/amazon-aws/elasticache.md b/docs/integrations/amazon-aws/elasticache.md index 3a788157a2..7e8a99bd00 100644 --- a/docs/integrations/amazon-aws/elasticache.md +++ b/docs/integrations/amazon-aws/elasticache.md @@ -16,14 +16,16 @@ The Amazon ElastiCache dashboards provide visibility into key event and performa ## Log and metric types The Amazon ElastiCache app uses the following logs and metrics: +* [Amazon ElastiCache CloudTrail Logs](https://docs.aws.amazon.com/AmazonElastiCache/latest/mem-ug/logging-using-cloudtrail.html) * [Amazon ElastiCache Host-Level Metrics for individual cache nodes](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheMetrics.HostLevel.html) -* [Amazon ElastiCache Cache Engine metrics](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheMetrics.Redis.html) -* [CloudTrail Amazon ElastiCache Data Event](https://docs.aws.amazon.com/AmazonElastiCache/latest/mem-ug/logging-using-cloudtrail.html) - +* [Amazon ElastiCache Cache Engine Metrics](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheMetrics.Redis.html) ### Sample log messages -```json title="Sample CloudTrail Log Message" +
+Sample CloudTrail Log Message + +```json { "eventVersion":"1.05", "userIdentity":{ @@ -72,7 +74,7 @@ The Amazon ElastiCache app uses the following logs and metrics: "recipientAccountId":"123456789038" } ``` - +
### Sample queries @@ -111,7 +113,7 @@ account={{account}} region={{region}} namespace={{namespace}} "\"eventSource\":\ When you create an AWS Source, you'll need to identify the Hosted Collector you want to use or create a new Hosted Collector. Once you create an AWS Source, associate it with a Hosted Collector. For instructions, see [Configure a Hosted Collector and Source](/docs/send-data/hosted-collectors/configure-hosted-collector). -### Collect Amazon CloudWatch metrics +### Collect Amazon ElastiCache CloudWatch metrics Sumo Logic supports collecting metrics using one of the following source types: @@ -187,7 +189,9 @@ import AppInstall from '../../reuse/apps/app-install-v2.md'; -As part of the app installation process, the following fields will be created by default: +As part of the app installation process, the following **content** will be created by default along with dashboards and monitor template: + +#### Fields - `account` Name / alias to the AWS account. - `accountid` AWS account id. @@ -195,7 +199,7 @@ As part of the app installation process, the following fields will be created by - `namespace` Namespace for Amazon ElastiCache service is AWS/ElastiCache. - `cacheclusterid` A cache cluster ID is a user-supplied, unique name used to identify and manage an Amazon ElastiCache cluster. -### Field Extraction Rule(s) +#### Field Extraction Rule(s) The FER **AwsObservabilityElastiCacheCloudTrailLogsFER** to extract fields `accountid`, `namespace`, `region`, and `cacheclusterid` will be created as a part of app installation. diff --git a/docs/integrations/amazon-aws/lambda.md b/docs/integrations/amazon-aws/lambda.md index 0136673e25..2f81f5f05e 100644 --- a/docs/integrations/amazon-aws/lambda.md +++ b/docs/integrations/amazon-aws/lambda.md @@ -17,11 +17,11 @@ The Sumo Logic AWS Lambda App uses the Lambda logs via CloudWatch, CloudWatch Me This section describes the data sources for the AWS Lambda app and how the app leverages these data sources to provide insight into AWS Lambda. The AWS Lambda app uses the following logs and metrics: -* [AWS CloudWatch Logs](https://docs.aws.amazon.com/lambda/latest/dg/monitoring-functions-logs.html) -* [CloudTrail Lambda Data Events](https://docs.aws.amazon.com/lambda/latest/dg/logging-using-cloudtrail.html#cloudtrail-data-events) -* [AWS Lambda metrics](https://docs.aws.amazon.com/lambda/latest/dg/monitoring-functions-metrics.html) +* [AWS Lambda CloudTrail Logs](https://docs.aws.amazon.com/lambda/latest/dg/logging-using-cloudtrail.html#cloudtrail-data-events) +* [AWS Lambda CloudWatch Logs](https://docs.aws.amazon.com/lambda/latest/dg/monitoring-functions-logs.html) +* [AWS Lambda Metrics](https://docs.aws.amazon.com/lambda/latest/dg/monitoring-functions-metrics.html) -### AWS CloudWatch logs +### AWS Lambda CloudWatch logs AWS Lambda monitors Lambda functions and reports metrics through Amazon CloudWatch. Lambda then logs all requests handled by your function and stores logs through [AWS CloudWatch Logs](https://docs.aws.amazon.com/lambda/latest/dg/monitoring-functions-logs.html). @@ -29,7 +29,7 @@ The Sumo Logic AWS Lambda App uses the Lambda logs via CloudWatch, CloudWatch Me AWS Lambda -### CloudTrail Lambda data events +### AWS Lambda CloudTrail logs [CloudTrail Lambda Data Events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html#logging-data-events) allow you to continuously monitor the execution activity of your Lambda functions and to record details on when and by whom an Invoke API call was made. @@ -46,7 +46,10 @@ The Sumo Logic App for AWS Lambda provide insights into the Lambda Functions inv ### Sample log messages This section provides sample Amazon CloudWatch Logs and CloudTrail Lambda Data Events log messages. -```json title="Amazon CloudWatch Log" +
+Amazon CloudWatch Log + +```json { "id":"32563142671071560797760688825700039436306340248688066573", "timestamp":1511808906799, @@ -56,8 +59,12 @@ This section provides sample Amazon CloudWatch Logs and CloudTrail Lambda Data E "logGroup":"/aws/lambda/AWSlambda1" } ``` +
+ +
+CloudTrail Lambda Data Events -```json title="CloudTrail Lambda Data Events" +```json { "eventVersion":"1.06", "userIdentity":{ @@ -98,6 +105,7 @@ This section provides sample Amazon CloudWatch Logs and CloudTrail Lambda Data E "recipientAccountId":"111111111111" } ``` +
### Sample queries @@ -142,7 +150,7 @@ namespace=aws/lambda metric=Errors statistic=Sum account=* region=* functionname When you create an AWS Source, you'll need to identify the Hosted Collector you want to use or create a new Hosted Collector. Once you create an AWS Source, associate it with a Hosted Collector. For instructions, see [Configure a Hosted Collector and Source](/docs/send-data/hosted-collectors/configure-hosted-collector). -### Collect Amazon CloudWatch logs +### Collect AWS Lambda CloudWatch logs Sumo Logic supports collecting Lambda logs from Amazon CloudWatch using one of the following methods: - **AWS Kinesis Firehose for Logs**. Configure an [AWS Kinesis Firehose for Logs Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-logs-source/#create-an-aws-kinesis-firehose-for-logssource) (**Recommended**) @@ -161,7 +169,11 @@ Follow the steps below to add custom fields when configuring the CloudWatch log * You will have the option to automatically add or enable the field. * If a field is sent but not present or enabled in the schema, it is ignored and marked as **Dropped**. -### Collect CloudTrail Lambda data events +### Collect AWS Lambda CloudTrail logs + +:::note +CloudTrail data events will be collected under this source. +::: #### Prerequisites @@ -180,7 +192,7 @@ Follow the steps below to collect logs for AWS Lambda: * You will have the option to automatically add or enable the field. * If a field is sent but not present or enabled in the schema, it is ignored and marked as **Dropped**. -### Collect Amazon CloudWatch metrics +### Collect AWS Lambda CloudWatch metrics Sumo Logic supports collecting metrics using one of the following source types: @@ -257,7 +269,9 @@ import AppInstall from '../../reuse/apps/app-install-v2.md'; -As part of the app installation process, the following fields will be created by default: +As part of the app installation process, the following **content** will be created by default along with dashboards and monitor template: + +#### Fields - `account` Name / alias to the AWS account. - `accountid` AWS account id. @@ -265,7 +279,7 @@ As part of the app installation process, the following fields will be created by - `namespace` Namespace for Amazon Lambda Service is AWS/Lambda. - `functionname` Lambda resource function name. -### Field Extraction Rule(s) +#### Field Extraction Rule(s) The FER **AwsObservabilityLambdaCloudTrailLogsFER** to extract fields `region`, `namespace`, `accountid`, and `functionname` will be created as a part of app installation. diff --git a/docs/integrations/amazon-aws/network-load-balancer.md b/docs/integrations/amazon-aws/network-load-balancer.md index e80fcbaf66..160762e904 100644 --- a/docs/integrations/amazon-aws/network-load-balancer.md +++ b/docs/integrations/amazon-aws/network-load-balancer.md @@ -12,9 +12,72 @@ AWS Network Load Balancer service is distributed in OSI Layer 4 (the network lay The Sumo Logic app for AWS Network Load Balancer is using metrics to provide insights to ensure that your network load-balancers are operating as expected, backend hosts are healthy, and to quickly identify errors. -## Metric types - -The AWS Network Load Balancer app uses AWS Network Load Balancer metrics. +## Log and metric types + +The AWS Network Load Balancer app uses the following logs and metrics: +* [AWS Network Load Balancer CloudTrail Logs](https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/cloudtrail-logs.html) +* [AWS Network Load Balancer CloudWatch Metrics](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-cloudwatch-metrics.html) + +### Sample logs + +
+Sample CloudTrail Log Message + +```json +{ + "eventVersion": "1.11", + "userIdentity": { + "type": "AssumedRole", + "principalId": "AROATIK2E7SUFL6GB4G44:1782467664281479421", + "arn": "arn:aws:sts::224064240808:assumed-role/pdet-eks-irsa-prod-aws-lb-controller/1782467664281479421", + "accountId": "224064240808", + "accessKeyId": "ASIATIK2E7SUH6GUXFK4", + "sessionContext": { + "sessionIssuer": { + "type": "Role", + "principalId": "AROATIK2E7SUFL6GB4G44", + "arn": "arn:aws:iam::224064240808:role/pdet-eks-irsa-prod-aws-lb-controller", + "accountId": "224064240808", + "userName": "pdet-eks-irsa-prod-aws-lb-controller" + }, + "webIdFederationData": { + "federatedProvider": "arn:aws:iam::224064240808:oidc-provider/oidc.eks.us-west-2.amazonaws.com/id/0499F131BE8B24AAE70BF8AD8EB16D3A", + "attributes": {} + }, + "attributes": { + "creationDate": "2026-06-26T09:54:24Z", + "mfaAuthenticated": "false" + } + } + }, + "eventTime": "2026-06-26T09:54:25Z", + "eventSource": "elasticloadbalancing.amazonaws.com", + "eventName": "DescribeLoadBalancers", + "awsRegion": "us-west-2", + "sourceIPAddress": "44.241.82.204", + "userAgent": "aws-sdk-go-v2/1.36.3 ua/2.1 os/linux lang/go#1.24.5 md/GOOS#linux md/GOARCH#amd64 api/elasticloadbalancingv2#1.45.0 elbv2.k8s.aws/v2.13.4 m/C,E", + "requestParameters": { + "loadBalancerArns": [ + "arn:aws:elasticloadbalancing:us-west-2:224064240808:loadbalancer/net/k8s-gloosyst-gatewayp-9e3a2f18b7/262e2df5d81d69e3" + ] + }, + "responseElements": null, + "requestID": "b231b530-2877-467d-9a0b-eb9b0fed0f39", + "eventID": "7800ac19-806e-434e-b2b0-aec11ad7d312", + "readOnly": true, + "eventType": "AwsApiCall", + "apiVersion": "2015-12-01", + "managementEvent": true, + "recipientAccountId": "224064240808", + "eventCategory": "Management", + "tlsDetails": { + "tlsVersion": "TLSv1.3", + "cipherSuite": "TLS_AES_128_GCM_SHA256", + "clientProvidedHostHeader": "elasticloadbalancing.us-west-2.amazonaws.com" + } +} +``` +
### Sample queries @@ -22,13 +85,31 @@ The AWS Network Load Balancer app uses AWS Network Load Balancer metrics. account=* region=* LoadBalancer=* Namespace=aws/NetworkELB metric=ActiveFlowCount Statistic=Sum | sum by account, region, namespace, LoadBalancer ``` +```sql title="Successful Events Details" +account=* region=* "\"eventsource\":\"elasticloadbalancing.amazonaws.com\"" "2015-12-01" +| json "userIdentity", "eventSource", "eventName", "awsRegion", "sourceIPAddress", "userAgent", "eventType", "recipientAccountId", "requestParameters", "responseElements", "requestID", "errorCode", "errorMessage", "apiVersion" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message, api_version nodrop +| where event_source = "elasticloadbalancing.amazonaws.com" and api_version matches "2015-12-01" +| where namespace matches "aws/networkelb" or isEmpty(namespace) +| json field=userIdentity "accountId", "type", "arn", "userName" as accountid, type, arn, username nodrop +| parse field=arn ":assumed-role/*" as user nodrop +| parse field=arn "arn:aws:iam::*:*" as accountid, user nodrop +| json field=requestParameters "name" as networkloadbalancer nodrop +| if (isBlank(accountid), recipient_account_id, accountid) as accountid +| where (tolowercase(networkloadbalancer) matches tolowercase("*")) or isBlank(networkloadbalancer) +| if (isEmpty(error_code), "Success", "Failure") as event_status +| where event_status= "Success" +| if (isEmpty(username), user, username) as user +| count as event_count by event_name +| sort by event_count, event_name asc +``` + ## Collecting logs and metrics for AWS Network Load Balancer ### Configure Hosted Collector When you create an AWS Source, you'll need to identify the Hosted Collector you want to use or create a new Hosted Collector. Once you create an AWS Source, associate it with a Hosted Collector. For instructions, see [Configure a Hosted Collector and Source](/docs/send-data/hosted-collectors/configure-hosted-collector). -### Collect AWS Network Load Balancer metrics +### Collect AWS Network Load Balancer CloudWatch metrics Sumo Logic supports collecting metrics using one of the following source types: @@ -53,8 +134,8 @@ Follow the steps below to add custom metadata [fields](/docs/manage/fields) with #### Prerequisites 1. [Grant Sumo Logic access](/docs/send-data/hosted-collectors/amazon-aws/grant-access-aws-product) to an Amazon S3 bucket. -2. [Create a trail for your AWS account](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html). -3. Confirm that logs are being delivered to the Amazon S3 bucket. +1. [Create a trail for your AWS account](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html). +1. Confirm that logs are being delivered to the Amazon S3 bucket. :::note Namespace for **AWS Network Load Balancer** service is **AWS/NetworkELB**. @@ -71,6 +152,29 @@ Follow the steps below to collect logs for AWS Network Load Balancer (NLB): * You will have the option to automatically add or enable the field. * If a field is sent but not present or enabled in the schema, it is ignored and marked as **Dropped**. +### Centralized AWS CloudTrail log collection + +In case you have a centralized collection of CloudTrail logs and are ingesting them from all accounts into a single Sumo Logic CloudTrail log source, create the following Field Extraction Rule to map a proper AWS account(s) friendly name / alias. Create it if not already present / update it as required. + +```sql +Rule Name: AWS Accounts +Applied at: Ingest Time +Scope (Specific Data): _sourceCategory=aws/observability/cloudtrail/logs +``` + +#### Parse Expression + +Enter a parse expression to create an `account` field that maps to the alias you set for each sub account. For example, if you used the `dev` alias for an AWS account with ID `528560886094` and the `prod` alias for an AWS account with ID `567680881046`, your parse expression would look like: + +```sumo +| json "recipientAccountId" +// Manually map your aws account id with the AWS account alias you setup earlier for individual child account +| "" as account +| if (recipientAccountId = "528560886094", "dev", account) as account +| if (recipientAccountId = "567680881046", "prod", account) as account +| fields account +``` + ## Installing the AWS Network Load Balancer app Now that you have set up a collection for **AWS Network Load Balancer**, install the Sumo Logic app to use the pre-configured dashboards that provide visibility into your environment for real-time analysis of overall usage. @@ -79,7 +183,9 @@ import AppInstall from '../../reuse/apps/app-install-v2.md'; -As part of the app installation process, the following fields will be created by default: +As part of the app installation process, the following **content** will be created by default along with dashboards and monitor template: + +#### Fields - `account` Name / alias to the AWS account. - `accountid` AWS account id. @@ -87,11 +193,11 @@ As part of the app installation process, the following fields will be created by - `namespace` Namespace for AWS Network Load Balancer Service is AWS/NetworkELB. - `networkloadbalancer` Network Load Balancer name. -## Field Extraction Rule(s) +#### Field Extraction Rule(s) The FER **AwsObservabilityNLBCloudTrailLogsFER** to extract fields `region`, `namespace`, `accountid`, and `networkloadbalancer` will be created as a part of app installation. -## Metric rule(s) +#### Metric rule(s) The Metric Rule **AwsObservabilityNLBMetricsRule** for the AWS/NetworkELB namespace will be created as a part of app installation. diff --git a/docs/integrations/amazon-aws/rds.md b/docs/integrations/amazon-aws/rds.md index 5c00cc82f6..abb56dab4a 100644 --- a/docs/integrations/amazon-aws/rds.md +++ b/docs/integrations/amazon-aws/rds.md @@ -26,21 +26,22 @@ To further enhance performance and availability, Amazon RDS Proxy is a fully man The Sumo Logic Amazon RDS Proxy dashboards provide visibility into the performance of Amazon RDS Proxy, helping improve application scalability, availability, and security. They track key metrics, including connection pooling, client connections, authentication outcomes, TLS usage, and query patterns, to optimize connection management and reduce database load. -## Log and metrics types +## Log and metric types The Amazon RDS app uses the following logs and metrics: -* [RDS CloudWatch Instance Level Metrics](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-metrics.html#rds-cw-metrics-instance), [RDS CloudWatch Aurora Metrics](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.AuroraMySQL.Monitoring.Metrics.html), [Amazon CloudWatch metrics for Performance Insights](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.Cloudwatch.html) and [Amazon RDS Proxy metrics](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-proxy.monitoring.html). -* [Amazon RDS operations using AWS CloudTrail](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/logging-using-cloudtrail.html). +* [Amazon RDS CloudTrail Logs](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/logging-using-cloudtrail.html). * [Publishing RDS CloudWatch Logs, RDS Database logs for Aurora MySQL, RDS MySQL, MariaDB](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.MySQLDB.PublishtoCloudWatchLogs.html). * [Publishing RDS CloudWatch logs, RDS Database logs for Aurora PostgreSQL, RDS PostgreSQL](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.Concepts.PostgreSQL.html#USER_LogAccess.Concepts.PostgreSQL.PublishtoCloudWatchLogs) * [Publishing RDS CloudWatch logs, RDS Database logs for RDS MSSQL](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.Concepts.SQLServer.html#USER_LogAccess.SQLServer.PublishtoCloudWatchLogs) * [Publishing RDS CloudWatch logs, RDS Database logs for RDS Oracle](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.Concepts.Oracle.html#USER_LogAccess.Oracle.PublishtoCloudWatchLogs) +* [RDS CloudWatch Instance Level Metrics](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-metrics.html#rds-cw-metrics-instance), [RDS CloudWatch Aurora Metrics](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.AuroraMySQL.Monitoring.Metrics.html), [Amazon CloudWatch metrics for Performance Insights](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.Cloudwatch.html) and [Amazon RDS Proxy metrics](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-proxy.monitoring.html). + ### Sample CloudTrail log message
-Click to expand +Sample CloudTrail Log Message -```json title="CloudTrail" +```json { "eventVersion":"1.05", "userIdentity": @@ -128,9 +129,9 @@ The Amazon RDS app uses the following logs and metrics: ### Sample Database CloudWatch logs
-Click to expand +Recent Warning Events (Error Logs - MySQL) -```json title="Recent Warning Events (Error Logs - MySQL)" +```json { "timestamp":1682606169000, "message":"2023-04-27 14:36:09 14487 [Warning] Access denied for user 'dev'@'1.2.3.4' (using password: YES)", @@ -332,97 +333,129 @@ account=* region=* namespace=aws/rds proxyname=* _sourceHost=/aws/rds/proxy/* "D | fields time, proxyname, dbidentifier, db_host, db_port, db_version ``` -## Collecting logs and metrics for the Amazon RDS app +## Collecting logs and metrics for Amazon RDS + +### Configure Hosted Collector + +When you create an AWS Source, you'll need to identify the Hosted Collector you want to use or create a new Hosted Collector. Once you create an AWS Source, associate it with a Hosted Collector. For instructions, see [Configure a Hosted Collector and Source](/docs/send-data/hosted-collectors/configure-hosted-collector). + +### Collect Amazon RDS CloudWatch metrics + +Sumo Logic supports collecting metrics using one of the following source types: -Sumo Logic supports collecting metrics using two source types: -* Configure an [AWS Kinesis Firehose for Metrics Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-metrics-source) (Recommended); or +* Configure an [AWS Kinesis Firehose for Metrics Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-metrics-source) (**recommended**) * Configure an [Amazon CloudWatch Source for Metrics](/docs/send-data/hosted-collectors/amazon-aws/amazon-cloudwatch-source-metrics) -* Namespace for **Amazon RDS** Service is **AWS/RDS**. - * ​​​**Metadata**. Add an **account** field to the source and assign it a value that is a friendly name/alias to your AWS account from which you are collecting metrics. Metrics can be queried via the “account field”. + + :::note + Namespace for **Amazon RDS** service is **AWS/RDS**. + ::: + +Follow the steps below to add custom metadata [fields](/docs/manage/fields) with your metrics: +1. Click **+Add Field** under **Metadata**. Each field consists of a name (key) and a corresponding value. +1. Create a field named `account` and assign it a value that represents a friendly name or alias to your AWS account from which metrics are collected. This value will appear in the [AWS Observability view](/docs/dashboards/explore-view/#aws-observability), and metrics can be queried using the `account` field.Metadata +1. After adding fields, check their status indicators: + * Green check circle A green check mark indicates the field exists and is enabled in the Fields table schema. + * Orange exclamation point An orange exclamation icon indicates the field does not exist or is disabled in the schema. + * You will have the option to automatically add or enable the field. + * If a field is sent but not present or enabled in the schema, it is ignored and marked as **Dropped**. ### Collect Amazon RDS CloudTrail logs -1. Add an [AWS CloudTrail Source](/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source.md) to your Hosted Collector. - * **Name**. Enter a name to display the new Source. - * **Description**. Enter an optional description. - * **S3 Region**. Select the Amazon Region for your **Amazon RDS** S3 bucket. - * **Bucket Name**. Enter the exact name of your **Amazon RDS** S3 bucket. - * **Path Expression**. Enter the string that matches the S3 objects you'd like to collect. You can use a wildcard (*) in this string. (DO NOT use a leading forward slash. See [Amazon Path Expressions](/docs/send-data/hosted-collectors/amazon-aws/amazon-path-expressions)). The S3 bucket name is not part of the path. Don’t include the bucket name when you are setting the Path Expression - * **Source Category**. Enter `aws/observability/cloudtrail/logs`. - * **Fields**. Add an **account** field and assign it a value that is a friendly name/alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”. - * **Access Key ID and Secret Access Key**. Enter your Amazon [Access Key ID and Secret Access Key](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSGettingStartedGuide/AWSCredentials.html). Learn how to use Role-based access to AWS [here](/docs/send-data/hosted-collectors/amazon-aws/aws-sources) - * **Log File Discovery** > **Scan Interval**. Use the default of 5 minutes. Alternately, enter the frequency. Sumo Logic will scan your S3 bucket for new data. Learn how to configure **Log File Discovery** [here](/docs/send-data/hosted-collectors/amazon-aws/aws-sources). - * **Enable Timestamp Parsing**. Select the **Extract timestamp information from log file entries** check box. - * **Time Zone**. Select **Ignore time zone from the log file and instead use**, and select **UTC** from the dropdown. - * **Timestamp Format.** Select **Automatically detect the format**. - * **Enable Multiline Processing**. Select the **Detect messages spanning multiple lines** check box, and select **Infer Boundaries**. -2. Click **Save**. +#### Prerequisites + +1. [Grant Sumo Logic access](/docs/send-data/hosted-collectors/amazon-aws/grant-access-aws-product) to an Amazon S3 bucket. +1. [Create a trail for your AWS account](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html). +1. Confirm that logs are being delivered to the Amazon S3 bucket. + + :::note + Namespace for **Amazon RDS** service is **AWS/RDS**. + ::: + +Follow the steps below to collect logs for AWS Network Load Balancer (NLB): +1. Configure a [CloudTrail Logs Source](/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source/). +1. Add custom metadata [fields](/docs/manage/fields) with your logs: + 1. Click **+Add Field** under **Metadata**. Each field consists of a name (key) and a corresponding value. + 1. Create a field named `account` and assign it a value that represents a friendly name or alias to your AWS account from which logs are collected. This value will appear in the [AWS Observability view](/docs/dashboards/explore-view/#aws-observability), and logs can be queried using the `account` field.Metadata + 1. After adding fields, check their status indicators: + * Green check circle A green check mark indicates the field exists and is enabled in the Fields table schema. + * Orange exclamation point An orange exclamation icon indicates the field does not exist or is disabled in the schema. + * You will have the option to automatically add or enable the field. + * If a field is sent but not present or enabled in the schema, it is ignored and marked as **Dropped**. ### Collect Amazon RDS CloudWatch logs -Make sure you enable the following parameters before collecting the Amazon RDS CloudWatch Logs. - -#### MySQL -- Amazon RDS [MySQL](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.Concepts.MySQL.html#USER_LogAccess.MySQLDB.PublishtoCloudWatchLogs) supports [publishing the following MySQL logs to CloudWatch](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.MySQLDB.PublishtoCloudWatchLogs.html): - - Error (enabled by default) - - SlowQuery - - Audit - - General -- You can enable the following additional parameters at [DB Parameter group](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithDBInstanceParamGroups.html) for better slow query and general log monitoring: - - `log_slow_admin_statements` - - `log_slow_slave_statements` - - `log_replica_updates` - - `log_queries_not_using_indexes` - - `log_output to FILE` - - `general_log` (to enable, set value to `1`) -- You can configure [DB Cluster Parameter group](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html) to enable audit logs: - - `server_audit_logging` - - `server_audit_logs_upload` - - `server_audit_events` - -#### PostgreSQL - -- Amazon RDS [PostgreSQL](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.Concepts.PostgreSQL.html) supports [publishing the following PostgreSQL logs to CloudWatch](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.Concepts.PostgreSQL.html#USER_LogAccess.Concepts.PostgreSQL.PublishtoCloudWatchLogs): - - postgresql.log -- You can enable the following additional parameters at [DB parameter group](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithDBInstanceParamGroups.html) or [DB Cluster Parameter group](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html) for slow query, connection, and query execution timing related logs. - - `log_connections` - - `log_duration` - - `log_min_duration_statement` to a value (in milliseconds) over which statements will be logged for any query taking more time than the given value. -:::note -We recommend not setting `log_statement` to any value other than none (default value), since it will slow query logs and ingestion will increase significantly. -::: - -#### MSSQL - -- Amazon RDS [MSSQL](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.Concepts.SQLServer.html) supports [publishing the following MSSQL logs to CloudWatch](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.Concepts.SQLServer.html#USER_LogAccess.SQLServer.PublishtoCloudWatchLogs): - - Agent - - Error - -#### Oracle - -- Amazon RDS [Oracle](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.Concepts.Oracle.html) supports [publishing the following Oracle logs to CloudWatch](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.Concepts.Oracle.html#USER_LogAccess.Oracle.PublishtoCloudWatchLogs): - - Alert logs - - Audit files - - Listener logs - -#### Proxy -- Amazon RDS [Proxy](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-proxy-setup.html) supports [publishing the following Proxy logs to CloudWatch](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-proxy-creating.html): - - Enhanced logs - :::note - The log group for an AWS RDS Proxy is created automatically. You do not need to create it manually. When you create an RDS Proxy, AWS automatically creates a CloudWatch Log Group to store logs related to the proxy’s activity. - ::: - -Sumo Logic supports several methods for collecting logs from Amazon CloudWatch. You can choose either of them to collect logs: - -- **AWS Kinesis Firehose for Logs**. Configure an [AWS Kinesis Firehose for Logs](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-logs-source/#create-an-aws-kinesis-firehose-for-logssource) (Recommended); or -- **Lambda Log Forwarder**. Configure a collection of Amazon CloudWatch Logs using our AWS Lambda function using a Sumo Logic provided CloudFormation template, as described in [Amazon CloudWatch Logs](/docs/send-data/collect-from-other-data-sources/amazon-cloudwatch-logs/) or configure collection without using CloudFormation, see [Collect Amazon CloudWatch Logs using a Lambda Function](/docs/send-data/collect-from-other-data-sources/amazon-cloudwatch-logs/collect-with-lambda-function/).
- -- While configuring the CloudWatch log source, the following fields can be added in the source: - - Add an **account** field and assign it a value which is a friendly name/alias to your AWS account from which you are collecting logs. Logs can be queried via the **account** field. - - Add a **region** field and assign it the value of the respective AWS region where the RDS exists. - - Add an **accountId** field and assign it the value of the respective AWS account ID that is being used. - - Fields +#### Prerequisites + +Esure you enable the following parameters before collecting the Amazon RDS CloudWatch Logs. + +* **MySQL** + + - Amazon RDS [MySQL](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.Concepts.MySQL.html#USER_LogAccess.MySQLDB.PublishtoCloudWatchLogs) supports [publishing the following MySQL logs to CloudWatch](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.MySQLDB.PublishtoCloudWatchLogs.html): + - Error (enabled by default) + - SlowQuery + - Audit + - General + - You can enable the following additional parameters at [DB Parameter group](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithDBInstanceParamGroups.html) for better slow query and general log monitoring: + - `log_slow_admin_statements` + - `log_slow_slave_statements` + - `log_replica_updates` + - `log_queries_not_using_indexes` + - `log_output to FILE` + - `general_log` (to enable, set value to `1`) + - You can configure [DB Cluster Parameter group](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html) to enable audit logs: + - `server_audit_logging` + - `server_audit_logs_upload` + - `server_audit_events` + +* **PostgreSQL** + + - Amazon RDS [PostgreSQL](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.Concepts.PostgreSQL.html) supports [publishing the following PostgreSQL logs to CloudWatch](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.Concepts.PostgreSQL.html#USER_LogAccess.Concepts.PostgreSQL.PublishtoCloudWatchLogs): + - postgresql.log + - You can enable the following additional parameters at [DB parameter group](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithDBInstanceParamGroups.html) or [DB Cluster Parameter group](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_WorkingWithParamGroups.html) for slow query, connection, and query execution timing related logs. + - `log_connections` + - `log_duration` + - `log_min_duration_statement` to a value (in milliseconds) over which statements will be logged for any query taking more time than the given value. + :::note + We recommend not setting `log_statement` to any value other than none (default value), since it will slow query logs and ingestion will increase significantly. + ::: + +* **MSSQL** + + - Amazon RDS [MSSQL](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.Concepts.SQLServer.html) supports [publishing the following MSSQL logs to CloudWatch](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.Concepts.SQLServer.html#USER_LogAccess.SQLServer.PublishtoCloudWatchLogs): + - Agent + - Error + +* **Oracle** + + - Amazon RDS [Oracle](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.Concepts.Oracle.html) supports [publishing the following Oracle logs to CloudWatch](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.Concepts.Oracle.html#USER_LogAccess.Oracle.PublishtoCloudWatchLogs): + - Alert logs + - Audit files + - Listener logs + +* **Proxy** + + - Amazon RDS [Proxy](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-proxy-setup.html) supports [publishing the following Proxy logs to CloudWatch](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-proxy-creating.html): + - Enhanced logs + :::note + The log group for an AWS RDS Proxy is created automatically. You do not need to create it manually. When you create an RDS Proxy, AWS automatically creates a CloudWatch Log Group to store logs related to the proxy’s activity. + ::: + +Sumo Logic supports collecting logs from Amazon CloudWatch using one of the following methods: +- **AWS Kinesis Firehose for Logs**. Configure an [AWS Kinesis Firehose for Logs Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-logs-source/#create-an-aws-kinesis-firehose-for-logssource) (**Recommended**) +- **Lambda Log Forwarder**. There are two ways to set up the Lambda Log Forwarder: + - **With CloudFormation**. Configure the collection of Amazon CloudWatch logs using Sumo Logic-provided CloudFormation template, as described in [Amazon CloudWatch Logs](/docs/send-data/collect-from-other-data-sources/amazon-cloudwatch-logs/). + - **Without CloudFormation**. Configure the collection of Amazon CloudWatch Logs using a Lambda function, as described in [Collect Amazon CloudWatch Logs using a Lambda Function](/docs/send-data/collect-from-other-data-sources/amazon-cloudwatch-logs/collect-with-lambda-function/). + +Follow the steps below to add custom fields when configuring the CloudWatch log source: +1. Click **+Add Field** under **Metadata**. Each field consists of a name (key) and a corresponding value. +1. Create a field named `account` and assign it a value that represents a friendly name or alias to your AWS account from which metrics are collected. This value will appear in the [AWS Observability view](/docs/dashboards/explore-view/#aws-observability), and logs can be queried using the `account` field.
Fields +1. Add a `region` field and assign it the value of the respective AWS region where the Lambda function exists. +1. Add an `accountId` field and assign it the value of the respective AWS account ID being used. +1. After adding fields, check their status indicators: + * Green check circle A green check mark indicates the field exists and is enabled in the Fields table schema. + * Orange exclamation point An orange exclamation icon indicates the field does not exist or is disabled in the schema. + * You will have the option to automatically add or enable the field. + * If a field is sent but not present or enabled in the schema, it is ignored and marked as **Dropped**. ### Centralized AWS CloudTrail log collection @@ -434,7 +467,7 @@ Applied at: Ingest Time Scope (Specific Data): _sourceCategory=aws/observability/cloudtrail/logs ``` -**Parse Expression**: +#### Parse Expression Enter a parse expression to create an “account” field that maps to the alias you set for each sub-account. For example, if you used the `“dev”` alias for an AWS account with ID `"528560886094"` and the `“prod”` alias for an AWS account with ID `"567680881046"`, your parse expression would look like: @@ -455,7 +488,9 @@ import AppInstall from '../../reuse/apps/app-install-v2.md'; -As part of the app installation process, the following fields will be created by default: +As part of the app installation process, the following **content** will be created by default along with dashboards and monitor template: + +#### Fields - `account` Name / alias to the AWS account. - `accountid` AWS account id. @@ -466,13 +501,13 @@ As part of the app installation process, the following fields will be created by - `dBClusterIdentifier` The identifier of the RDS DB cluster. - `proxyname` The name of the RDS Proxy. -### Field Extraction Rule(s) +#### Field Extraction Rule(s) The FER **AwsObservabilityRDSCloudTrailLogsFER** to extract fields `region`, `namespace`, `dBInstanceIdentifier`, `dBClusterIdentifier`, `dbidentifier`, `proxyname`, and `accountid` will be created as a part of app installation. The FER **AwsObservabilityRDSCloudWatchLogsFER** to extract fields `namespace`, `dbidentifier`, and `proxyname` will be created as a part of app installation. -### Metric Rules +#### Metric Rules The Metric Rules **AwsObservabilityRDSClusterMetricsRule** and **AwsObservabilityRDSInstanceMetricsRule** for the aws/rds namespace will be created as a part of app installation. diff --git a/docs/integrations/amazon-aws/sns.md b/docs/integrations/amazon-aws/sns.md index 8fd9316290..050c12bfa6 100644 --- a/docs/integrations/amazon-aws/sns.md +++ b/docs/integrations/amazon-aws/sns.md @@ -12,39 +12,43 @@ Amazon Simple Notification Service (SNS) is a pub/sub messaging and mobile notif The Sumo Logic app for Amazon SNS collects CloudTrail logs and CloudWatch metrics provides a unified logs and metrics app that provides insights into the operations and utilization of your SNS service. The preconfigured dashboards help you monitor the key metrics by application, platform, region, and topic name, view the SNS events for activities, and help you plan the capacity of your SNS service. -## Log and Metrics types +## Log and metric types -The Sumo Logic app for Amazon SNS uses: -* SNS CloudWatch Metrics. For details, see [here](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/sns-metricscollected.html). -* SNS operations using AWS CloudTrail. For details, see [here](https://docs.aws.amazon.com/sns/latest/dg/logging-using-cloudtrail.html). +The Sumo Logic app for Amazon SNS uses the following logs and metrics: +* [Amazon SNS CloudTrail Logs](https://docs.aws.amazon.com/sns/latest/dg/logging-using-cloudtrail.html). +* [Amazon SNS CloudWatch Metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/sns-metricscollected.html). ### Sample log messages -``` -{ -eventVersion:"1.08", -userIdentity: -{...}, -eventTime:"2022-07-14T23:06:43Z", -eventSource:"sns.amazonaws.com", -eventName:"ListTagsForResource", -awsRegion:"us-east-1", -sourceIPAddress:"config.amazonaws.com", -userAgent:"config.amazonaws.com", -requestParameters: +
+Sample CloudTrail Log Message + +```json { -resourceArn:"arn:aws:sns:us-east-1:956882708938:testnull-SumoCWEmailSNSTopic-1NV3GQ8XZ4DFY" -}, -responseElements:null, -requestID:"d8eee5b8-a894-5db4-994c-bef20b57fc0b", -eventID:"2156cf7f-f18d-47f4-b7ba-7b8a6907390a", -readOnly:true, -eventType:"AwsApiCall", -managementEvent:true, -recipientAccountId:"956882708938", -eventCategory:"Management" + eventVersion:"1.08", + userIdentity: + {...}, + eventTime:"2022-07-14T23:06:43Z", + eventSource:"sns.amazonaws.com", + eventName:"ListTagsForResource", + awsRegion:"us-east-1", + sourceIPAddress:"config.amazonaws.com", + userAgent:"config.amazonaws.com", + requestParameters: + { + resourceArn:"arn:aws:sns:us-east-1:956882708938:testnull-SumoCWEmailSNSTopic-1NV3GQ8XZ4DFY" + }, + responseElements:null, + requestID:"d8eee5b8-a894-5db4-994c-bef20b57fc0b", + eventID:"2156cf7f-f18d-47f4-b7ba-7b8a6907390a", + readOnly:true, + eventType:"AwsApiCall", + managementEvent:true, + recipientAccountId:"956882708938", + eventCategory:"Management" } ``` +
### Sample queries @@ -73,43 +77,65 @@ account={{account}} region={{region}} namespace={{namespace}} "\"eventsource\":\ account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicname}} metric=NumberOfMessagesPublished Statistic=Sum | sum ``` -## Collecting logs and metrics for the Amazon SNS app - -### Collecting Metrics for Amazon SNS - -1. Configure a [Hosted Collector](/docs/send-data/hosted-collectors/configure-hosted-collector). -2. Configure an [Amazon CloudWatch Source for Metrics](/docs/send-data/hosted-collectors/amazon-aws/amazon-cloudwatch-source-metrics) or [AWS Kinesis Firehose for Metrics Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-metrics-source) (Recommended). -3. Namespaces. Select **aws/sns**. -4. **Metadata**. Add an **account** field to the source and assign it a value that is a friendly name/alias to your AWS account from which you are collecting metrics. The **account** field allows you to query metrics.
Metadata -5. Click **Save**. - -### Collecting Amazon SNS Events using CloudTrail - -1. Add an [AWS CloudTrail Source](/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source.md) to your Hosted Collector. - * **Name**. Enter a name to display for the new Source. - * **Description**. Enter an optional description. - * **S3 Region**. Select the Amazon Region for your SNS S3 bucket. - * **Bucket Name**. Enter the exact name of your SNS S3 bucket. - * **Path Expression**. Enter the string that matches the S3 objects you'd like to collect. You can use a wildcard (*) in this string. - * DO NOT use a [leading forward slash](/docs/send-data/hosted-collectors/amazon-aws/amazon-path-expressions). - * The S3 bucket name is not part of the path. Don’t include the bucket name when you are setting the Path Expression. - * **Source Category**. Enter a source category. For example, enter `aws/observability/CloudTrail/logs`. - * **Fields**. Add an account field and assign it a value that is a friendly name/alias to your AWS account from which you are collecting logs. Logs can be queried using the **account** field.
Fields - * **Access Key ID and Secret Access Key**. Enter your Amazon [Access Key ID and Secret Access Key](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSGettingStartedGuide/AWSCredentials.html). Learn how to use Role-based access to AWS [here](/docs/send-data/hosted-collectors/amazon-aws/aws-sources). - * **Log File Discovery -> Scan Interval**. Use the default of 5 minutes. Alternately, enter the frequency. Sumo Logic will scan your S3 bucket for new data. Learn how to configure Log File Discovery [here](/docs/send-data/hosted-collectors/amazon-aws/aws-sources). - * **Enable Timestamp Parsing**. Select the **Extract timestamp information from log file entries** check box. - * **Time Zone**. Select **Ignore time zone from the log file and instead use**, and select **UTC** from the dropdown. - * **Timestamp Format.** Select **Automatically detect the format**. - * **Enable Multiline Processing**. Select the **Detect messages spanning multiple lines** check box, and select **Infer Boundaries**. -2. Click **Save**. - -## Centralized AWS CloudTrail Log Collection +## Collecting logs and metrics for Amazon SNS + +### Configure Hosted Collector + +When you create an AWS Source, you'll need to identify the Hosted Collector you want to use or create a new Hosted Collector. Once you create an AWS Source, associate it with a Hosted Collector. For instructions, see [Configure a Hosted Collector and Source](/docs/send-data/hosted-collectors/configure-hosted-collector). + +### Collect Amazon SNS CloudWatch metrics + +Sumo Logic supports collecting metrics using one of the following source types: + +* Configure an [AWS Kinesis Firehose for Metrics Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-metrics-source) (**recommended**) +* Configure an [Amazon CloudWatch Source for Metrics](/docs/send-data/hosted-collectors/amazon-aws/amazon-cloudwatch-source-metrics) + + :::note + Namespace for **Amazon SNS** service is **AWS/SNS**. + ::: + +Follow the steps below to add custom metadata [fields](/docs/manage/fields) with your metrics: +1. Click **+Add Field** under **Metadata**. Each field consists of a name (key) and a corresponding value. +1. Create a field named `account` and assign it a value that represents a friendly name or alias to your AWS account from which metrics are collected. This value will appear in the [AWS Observability view](/docs/dashboards/explore-view/#aws-observability), and metrics can be queried using the `account` field.Metadata +1. After adding fields, check their status indicators: + * Green check circle A green check mark indicates the field exists and is enabled in the Fields table schema. + * Orange exclamation point An orange exclamation icon indicates the field does not exist or is disabled in the schema. + * You will have the option to automatically add or enable the field. + * If a field is sent but not present or enabled in the schema, it is ignored and marked as **Dropped**. + +### Collect Amazon SNS CloudTrail logs + +#### Prerequisites + +1. [Grant Sumo Logic access](/docs/send-data/hosted-collectors/amazon-aws/grant-access-aws-product) to an Amazon S3 bucket. +1. [Create a trail for your AWS account](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html). +1. Confirm that logs are being delivered to the Amazon S3 bucket. + + :::note + Namespace for **Amazon SNS** service is **AWS/SNS**. + ::: + +Follow the steps below to collect logs for AWS Network Load Balancer (NLB): +1. Configure a [CloudTrail Logs Source](/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source/). +1. Add custom metadata [fields](/docs/manage/fields) with your logs: + 1. Click **+Add Field** under **Metadata**. Each field consists of a name (key) and a corresponding value. + 1. Create a field named `account` and assign it a value that represents a friendly name or alias to your AWS account from which logs are collected. This value will appear in the [AWS Observability view](/docs/dashboards/explore-view/#aws-observability), and logs can be queried using the `account` field.Metadata + 1. After adding fields, check their status indicators: + * Green check circle A green check mark indicates the field exists and is enabled in the Fields table schema. + * Orange exclamation point An orange exclamation icon indicates the field does not exist or is disabled in the schema. + * You will have the option to automatically add or enable the field. + * If a field is sent but not present or enabled in the schema, it is ignored and marked as **Dropped**. + +## Centralized AWS CloudTrail log collection In case, you have a centralized collection of CloudTrail logs and are ingesting them from all accounts into a single Sumo Logic CloudTrail log source, create the following **Field Extraction Rule** to map a proper AWS account(s) friendly name/alias. Create it if not already present or update it as required. * **Rule Name**: AWS Accounts * **Applied at**: Ingest Time * **Scope (Specific Data)**: `_sourceCategory=aws/observability/cloudtrail/logs` -* **Parse Expression**: Enter a parse expression to create an “account” field that maps to the alias you set for each sub account. For example, if you used the “dev” alias for an AWS account with ID "528560886094" and the “prod” alias for an AWS account with ID "567680881046", your parse expression would look like: + +### Parse Expression + +Enter a parse expression to create an “account” field that maps to the alias you set for each sub account. For example, if you used the “dev” alias for an AWS account with ID "528560886094" and the “prod” alias for an AWS account with ID "567680881046", your parse expression would look like: ```sumo | json "recipientAccountId" @@ -128,7 +154,9 @@ import AppInstall from '../../reuse/apps/app-install-v2.md'; -As part of the app installation process, the following fields will be created by default: +As part of the app installation process, the following **content** will be created by default along with dashboards and monitor template: + +#### Fields - `account` Name / alias to the AWS account. - `accountid` AWS account id. @@ -136,7 +164,7 @@ As part of the app installation process, the following fields will be created by - `namespace` Namespace for Amazon SNS service is aws/sns. - `topicname` Amazon SNS a Topic Name. -## Field Extraction Rule(s) +#### Field Extraction Rule(s) The FER **AwsObservabilitySNSCloudTrailLogsFER** to extract fields `region`, `namespace`, `accountid`, and `topicname` will be created as a part of app installation. diff --git a/docs/integrations/amazon-aws/sqs.md b/docs/integrations/amazon-aws/sqs.md index 4329e8b045..8dce0c4285 100644 --- a/docs/integrations/amazon-aws/sqs.md +++ b/docs/integrations/amazon-aws/sqs.md @@ -10,15 +10,17 @@ import useBaseUrl from '@docusaurus/useBaseUrl'; Amazon Simple Queue Service (Amazon SQS) is a fully managed message queuing service that makes it easy to decouple and scale microservices, distributed systems, and serverless applications. The Sumo Logic app for Amazon SQS is a unified logs and metrics (ULM) app that provides operational insights into your Amazon SQS utilization. The preconfigured dashboards help you monitor the key metrics, view the SQS events for queue activities, and help you plan the capacity of your SQS service utilization. -## Log and Metrics types - -The app uses SQS logs and metrics for: -* SQS CloudWatch Metrics. For details, [see here](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-monitoring-using-cloudwatch.html). -* SQS operations using AWS CloudTrail. For details, [see here](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-logging-using-cloudtrail.html). +## Log and metric types +The Sumo Logic app for Amazon SNS uses the following logs and metrics: +* [Amazon SQS CloudTrail Logs](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-logging-using-cloudtrail.html). +* [Amazon SQS CloudWatch Metrics](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-monitoring-using-cloudwatch.html). ### Sample log messages +
+Sample CloudTrail Log Message + ```json { "eventVersion":"1.08", @@ -63,6 +65,7 @@ The app uses SQS logs and metrics for: "sessionCredentialFromConsole":"true" } ``` +
### Sample queries @@ -90,50 +93,66 @@ account=* region=* namespace=aws/sqs eventname eventsource "sqs.amazonaws.com" | top 10 username by event_count, username asc ``` -## Collecting logs and metrics for the Amazon SQS app +## Collecting logs and metrics for Amazon SQS + +### Configure Hosted Collector + +When you create an AWS Source, you'll need to identify the Hosted Collector you want to use or create a new Hosted Collector. Once you create an AWS Source, associate it with a Hosted Collector. For instructions, see [Configure a Hosted Collector and Source](/docs/send-data/hosted-collectors/configure-hosted-collector). + +### Collect Amazon SQS CloudWatch metrics -### Collect Metrics for AmazonSQS +Sumo Logic supports collecting metrics using one of the following source types: -Sumo Logic supports collecting metrics using two source types: +* Configure an [AWS Kinesis Firehose for Metrics Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-metrics-source) (**recommended**) +* Configure an [Amazon CloudWatch Source for Metrics](/docs/send-data/hosted-collectors/amazon-aws/amazon-cloudwatch-source-metrics) -1. Configure an [AWS Kinesis Firehose for Metrics Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-metrics-source). (recommended) Or -2. Configure an [Amazon CloudWatch Source for Metrics](/docs/send-data/hosted-collectors/amazon-aws/amazon-cloudwatch-source-metrics). + :::note + Namespace for **Amazon SNS** service is **AWS/SQS**. + ::: - :::note - Namespace for **Amazon SQS** Service is **AWS/SQS** - ::: +Follow the steps below to add custom metadata [fields](/docs/manage/fields) with your metrics: +1. Click **+Add Field** under **Metadata**. Each field consists of a name (key) and a corresponding value. +1. Create a field named `account` and assign it a value that represents a friendly name or alias to your AWS account from which metrics are collected. This value will appear in the [AWS Observability view](/docs/dashboards/explore-view/#aws-observability), and metrics can be queried using the `account` field.Metadata +1. After adding fields, check their status indicators: + * Green check circle A green check mark indicates the field exists and is enabled in the Fields table schema. + * Orange exclamation point An orange exclamation icon indicates the field does not exist or is disabled in the schema. + * You will have the option to automatically add or enable the field. + * If a field is sent but not present or enabled in the schema, it is ignored and marked as **Dropped**. -**Metadata**: Add an account field to the source and assign it a value which is a friendly name / alias to your AWS account from which you are collecting metrics. Metrics can be queried via the “account” field.
Metadata +### Collect Amazon SQS CloudTrail logs -### Collect Amazon SQS Events using CloudTrail +#### Prerequisites -1. To your Hosted Collector, add an [AWS CloudTrail Source](/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source). - * **Name**. Enter a name to display for the new Source. - * **Description**. Enter an optional description. - * **S3 Region**. Select the Amazon Region for your SQS S3 bucket. - * **Bucket Name**. Enter the exact name of your SQS S3 bucket. - * **Path Expression**. Enter the string that matches the S3 objects you'd like to collect. You can use a wildcard (*) in this string. (DO NOT use a leading forward slash. See [Amazon Path Expressions](/docs/send-data/hosted-collectors/amazon-aws/amazon-path-expressions). - :::note - The S3 bucket name is not part of the path. Don’t include the bucket name when you are setting the Path Expression. - ::: - * **Source Category**. Enter aws/observability/CloudTrail/logs. - * **Fields**. Add an account field and assign it a value which is a friendly name / alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”.
Account Fields - * **Access Key ID and Secret Access Key**. Enter your Amazon [Access Key ID and Secret Access Key](https://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html). - * **Log File Interval > Scan Interval**. Use the default of 5 minutes. Alternately, enter the frequency Sumo Logic will scan your S3 bucket for new data. - * **Enable Timestamp Parsing**. Select the **Extract timestamp information from log file entries** check box. - * **Time Zone**. Select **Ignore time zone from the log file and instead use**, and select **UTC** from the dropdown. - * **Timestamp Format.** Select **Automatically detect the format**. - * **Enable Multiline Processing**. Select the **Detect messages spanning multiple lines** check box, and select **Infer Boundaries**. -2. Click **Save**. +1. [Grant Sumo Logic access](/docs/send-data/hosted-collectors/amazon-aws/grant-access-aws-product) to an Amazon S3 bucket. +1. [Create a trail for your AWS account](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html). +1. Confirm that logs are being delivered to the Amazon S3 bucket. -## Centralized AWS CloudTrail Log Collection + :::note + Namespace for **Amazon SNS** service is **AWS/SQS**. + ::: + +Follow the steps below to collect logs for AWS Network Load Balancer (NLB): +1. Configure a [CloudTrail Logs Source](/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source/). +1. Add custom metadata [fields](/docs/manage/fields) with your logs: + 1. Click **+Add Field** under **Metadata**. Each field consists of a name (key) and a corresponding value. + 1. Create a field named `account` and assign it a value that represents a friendly name or alias to your AWS account from which logs are collected. This value will appear in the [AWS Observability view](/docs/dashboards/explore-view/#aws-observability), and logs can be queried using the `account` field.Metadata + 1. After adding fields, check their status indicators: + * Green check circle A green check mark indicates the field exists and is enabled in the Fields table schema. + * Orange exclamation point An orange exclamation icon indicates the field does not exist or is disabled in the schema. + * You will have the option to automatically add or enable the field. + * If a field is sent but not present or enabled in the schema, it is ignored and marked as **Dropped**. + +## Centralized AWS CloudTrail log collection In case you have a centralized collection of CloudTrail logs and are ingesting them from all accounts into a single Sumo Logic CloudTrail log source, create the following **Field Extraction Rule** to map a proper AWS account(s) friendly name/alias. Create it if not already present/update it as required. * **Rule Name**: AWS Accounts * **Applied at**: Ingest Time * **Scope (Specific Data)**: _sourceCategory=aws/observability/cloudtrail/logs -* **Parse Expression**: Enter a parse expression to create an “account” field that maps to the alias you set for each sub account. For example, if you used the “dev” alias for an AWS account with ID "528560886094" and the “prod” alias for an AWS account with ID "567680881046", your parse expression would look like: + +### Parse Expression + +Enter a parse expression to create an “account” field that maps to the alias you set for each sub account. For example, if you used the “dev” alias for an AWS account with ID "528560886094" and the “prod” alias for an AWS account with ID "567680881046", your parse expression would look like: ```sumo | json "recipientAccountId" @@ -152,7 +171,9 @@ import AppInstall from '../../reuse/apps/app-install-v2.md'; -As part of the app installation process, the following fields will be created by default: +As part of the app installation process, the following **content** will be created by default along with dashboards and monitor template: + +#### Fields - `account` Name / alias to the AWS account. - `accountid` AWS account id. @@ -160,7 +181,7 @@ As part of the app installation process, the following fields will be created by - `namespace` Namespace for Amazon SQS Service is AWS/SQS. - `queuename` Amazon SQS Service Queue Name. -## Field Extraction Rule(s) +#### Field Extraction Rule(s) The FER **AwsObservabilitySQSCloudTrailLogsFER** to extract fields `region`, `namespace`, `accountid`, and `queuename` will be created as a part of app installation. diff --git a/docs/reuse/apps/app-install-v2.md b/docs/reuse/apps/app-install-v2.md index f79d28345e..55b981e068 100644 --- a/docs/reuse/apps/app-install-v2.md +++ b/docs/reuse/apps/app-install-v2.md @@ -13,7 +13,7 @@ Next-Gen App: To install or update the app, you must be an account administrator 1. **Field Name**. If you already have collectors and sources set up, select the configured metadata field name (eg _sourcecategory) or specify other custom metadata (eg: _collector) along with its metadata **Field Value**. 1. Click **Next**. You will be redirected to the **Preview & Done** section. -**Post-installation** +### Post-installation Once your app is installed, it will appear in your **Installed Apps** folder, and dashboard panels will start to fill automatically. From fd04d81051b7b208974312f9e41f9c7afbb603d1 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Fri, 26 Jun 2026 20:56:15 +0530 Subject: [PATCH 10/16] DOCS-1710 - AWSO Apps doc consistency updates for ALB and minor fixes across all docs Co-Authored-By: Claude Sonnet 4.6 --- docs/integrations/amazon-aws/api-gateway.md | 2 +- .../amazon-aws/application-load-balancer.md | 150 +++++++++++------- docs/integrations/amazon-aws/elasticache.md | 2 +- docs/integrations/amazon-aws/lambda.md | 2 +- .../amazon-aws/network-load-balancer.md | 2 +- docs/integrations/amazon-aws/rds.md | 4 +- docs/integrations/amazon-aws/sns.md | 2 +- docs/integrations/amazon-aws/sqs.md | 4 +- 8 files changed, 106 insertions(+), 62 deletions(-) diff --git a/docs/integrations/amazon-aws/api-gateway.md b/docs/integrations/amazon-aws/api-gateway.md index 42c9bc0783..e91c224844 100644 --- a/docs/integrations/amazon-aws/api-gateway.md +++ b/docs/integrations/amazon-aws/api-gateway.md @@ -15,7 +15,7 @@ The Sumo Logic AWS API Gateway app provides insights into API Gateway tasks whil ## Log and metric types -The AWS API Gateway app uses the following logs and metrics: +The Sumo Logic app for AWS API Gateway uses the following logs and metrics: * [Amazon API Gateway CloudTrail Logs](https://docs.aws.amazon.com/apigateway/latest/developerguide/cloudtrail.html) External link icon * Amazon API Gateway access logs: diff --git a/docs/integrations/amazon-aws/application-load-balancer.md b/docs/integrations/amazon-aws/application-load-balancer.md index b69b77c74b..ab86915f10 100644 --- a/docs/integrations/amazon-aws/application-load-balancer.md +++ b/docs/integrations/amazon-aws/application-load-balancer.md @@ -13,28 +13,24 @@ The AWS Application Load Balancer functions at the application layer, receives r The Sumo Logic app for AWS Application Load Balancing uses logs and metrics to give you visibility into the health of your Application Load Balancer and target groups. Use the pre-configured dashboards to understand the latency, request and host status, threat intel, and HTTP backend codes by availability zone and target group. -## Log types - -This app uses: -* The metrics are included in the AWS/Application ELB namespace. For more details, see [here](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/elb-metricscollected.html#load-balancer-metrics-alb). -* The [Application Load Balancer Access](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html#enable-access-logging) Log introduces two new fields in addition to the fields contained in the Classic ELB Access log: - * `Type`. This is the type of request or connection (HTTP, HTTPS, H2, ws, wss). - * `target_group_arn`. This is the Amazon Resource Name (ARN) of the target group. -* The logs are stored in a .gzip format in the specified S3 bucket and contain these fields in this order: -```bash -timestamp, elb, client:port, target:port, \ -request_processing_time, target_processing_time, \ -response_processing_time, elb_status_code, \ -target_status_code, received_bytes, sent_bytes, \ -request, user_agent, ssl_cipher, ssl_protocol, \ -target_group_arn, trace_id -``` - -The log format is described in [AWS Application Load Balancer Access Log Collection](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html). For details on AWS Application Load Balancing metrics, see [here](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-cloudwatch-metrics.html). - -## Metrics Type - -For details on the metrics of AWS Application Load Balancing, see [here](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-cloudwatch-metrics.html). +## Log and metric types + +The Sumo Logic app for AWS Application Load Balancer uses the following logs and metrics: +* The [Application Load Balancer Access Logs](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html#enable-access-logging) introduces two new fields in addition to the fields contained in the Classic ELB Access log: + * `Type`. This is the type of request or connection (HTTP, HTTPS, H2, ws, wss). + * `target_group_arn`. This is the Amazon Resource Name (ARN) of the target group. +The logs are stored in a .gzip format in the specified S3 bucket and contain these fields in this order: + ```bash + timestamp, elb, client:port, target:port, \ + request_processing_time, target_processing_time, \ + response_processing_time, elb_status_code, \ + target_status_code, received_bytes, sent_bytes, \ + request, user_agent, ssl_cipher, ssl_protocol, \ + target_group_arn, trace_id + ``` + The log format is described in [AWS Application Load Balancer Access Log Collection](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html). +* [AWS Application Load Balancing metrics](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-cloudwatch-metrics.html). +The metrics are included in the AWS/Application ELB namespace. For more details, see [here](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/elb-metricscollected.html#load-balancer-metrics-alb). ### Sample log message @@ -63,21 +59,33 @@ account="account" region="region" namespace="AWS/ApplicationELB" account="account" region="region" Namespace="AWS/ApplicationELB" loadbalancer="loadbalancer" AvailabilityZone=* TargetGroup=* metric=HTTPCode_Target_5XX_Count Statistic=Sum | parse field= TargetGroup */* as Unused, TargetGroup | sum by account, region, namespace, loadbalancer, TargetGroup, AvailabilityZone ``` -## Collecting logs and metrics for the AWS Application Load Balancer -When you create an AWS Source, you'll need to identify the Hosted Collector you want to use or create a new Hosted Collector. Once you create an AWS Source, associate it with a Hosted Collector. For instructions, see [Configure a Hosted Collector](/docs/send-data/hosted-collectors/configure-hosted-collector). +## Collecting logs and metrics for AWS Application Load Balancer + +### Configure Hosted Collector -### Collect metrics +When you create an AWS Source, you'll need to identify the Hosted Collector you want to use or create a new Hosted Collector. Once you create an AWS Source, associate it with a Hosted Collector. For instructions, see [Configure a Hosted Collector and Source](/docs/send-data/hosted-collectors/configure-hosted-collector). -1. Sumo Logic supports collecting metrics using two source types: - * Configure an [AWS Kinesis Firehose for Metrics Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-metrics-source) (recommended); or - * Configure an [Amazon CloudWatch Source for Metrics](/docs/send-data/hosted-collectors/amazon-aws/amazon-cloudwatch-source-metrics) -1. **Metadata**. Click the **+Add Field** link to add custom log metadata [fields](/docs/manage/fields). Define the fields you want to associate, each field needs a name (key) and value. - 1. Add an **account** field and assign it a value which is a friendly name / alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”.
Metadata - 1. Keep in mind: - * Green check circle A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * Orange exclamation point An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. +### Collect AWS Application Load Balancer metrics -### Collect access logs +Sumo Logic supports collecting metrics using one of the following source types: + +* Configure an [AWS Kinesis Firehose for Metrics Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-metrics-source) (**recommended**) +* Configure an [Amazon CloudWatch Source for Metrics](/docs/send-data/hosted-collectors/amazon-aws/amazon-cloudwatch-source-metrics) + + :::note + Namespace for **AWS Application Load Balancer** service is **AWS/ApplicationELB**. + ::: + +Follow the steps below to add custom metadata [fields](/docs/manage/fields) with your metrics: +1. Click **+Add Field** under **Metadata**. Each field consists of a name (key) and a corresponding value. +1. Create a field named `account` and assign it a value that represents a friendly name or alias to your AWS account from which metrics are collected. This value will appear in the [AWS Observability view](/docs/dashboards/explore-view/#aws-observability), and metrics can be queried using the `account` field.
Metadata +1. After adding fields, check their status indicators: + * Green check circle A green check mark indicates the field exists and is enabled in the Fields table schema. + * Orange exclamation point An orange exclamation icon indicates the field does not exist or is disabled in the schema. + * You will have the option to automatically add or enable the field. + * If a field is sent but not present or enabled in the schema, it is ignored and marked as **Dropped**. + +### Collect AWS Application Load Balancer access logs #### Prerequisites @@ -86,30 +94,64 @@ Before you begin to use the AWS Elastic Load Balancing (ELB) Application app, co 2. [Enable Application Load Balancer logging](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html#enable-access-logging) in AWS. 3. Confirm that logs are being delivered to the Amazon S3 bucket. -#### Collecting access Logs for AWS Application Load Balancer +Follow the steps below to collect access logs for AWS Application Load Balancer: +1. Configure the [Access Logs Source](/docs/send-data/hosted-collectors/amazon-aws/aws-sources/#create-an-aws-source). +1. Add custom metadata [fields](/docs/manage/fields) with your logs: + 1. Click **+Add Field** under **Metadata**. Each field consists of a name (key) and a corresponding value. + 1. Create a field named `account` and assign it a value that represents a friendly name or alias to your AWS account from which logs are collected. This value will appear in the [AWS Observability view](/docs/dashboards/explore-view/#aws-observability), and logs can be queried using the `account` field.
Metadata + 1. After adding fields, check their status indicators: + * Green check circle A green check mark indicates the field exists and is enabled in the Fields table schema. + * Orange exclamation point An orange exclamation icon indicates the field does not exist or is disabled in the schema. + * You will have the option to automatically add or enable the field. + * If a field is sent but not present or enabled in the schema, it is ignored and marked as **Dropped**. -1. Configure a Application Load Balancing (ALB) [Access Logs Source](/docs/send-data/hosted-collectors/amazon-aws/aws-sources/#create-an-aws-source). -1. **Metadata**. Click the **+Add Field** link to add custom log metadata [fields](/docs/manage/fields). Define the fields you want to associate, each field needs a name (key) and value. The following **Fields** are to be added in the source: - 1. Add an **account** field and assign it a value which is a friendly name / alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”. - 1. Add a **region** field and assign it the value of respective AWS region where the Load Balancer exists. - 1. Add an **accountId** field and assign it the value of the respective AWS account id which is being used. - 1. Keep in mind: - * Green check circle A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * Orange exclamation point An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. +### Collect AWS Application Load Balancer CloudTrail logs -### Collect Cloudtrail logs +#### Prerequisites -1. Configure a Application Load Balancing (ALB) [Cloudtrail Logs Source](/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source/). -1. **Metadata**. Click the **+Add Field** link to add custom log metadata [Fields](/docs/manage/fields). Define the fields you want to associate, each field needs a name (key) and value. - 1. Add an **account** field and assign it a value which is a friendly name / alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”. - 1. Keep in mind: - * Green check circle A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * Orange exclamation point An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. +1. [Grant Sumo Logic access](/docs/send-data/hosted-collectors/amazon-aws/grant-access-aws-product) to an Amazon S3 bucket. +2. [Create a trail for your AWS account](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html). +3. Confirm that logs are being delivered to the Amazon S3 bucket. :::note -Namespace for AWS Application Load Balancer Service is AWS/ApplicationELB. +Namespace for **AWS Application Load Balancer** service is **AWS/ApplicationELB**. ::: +Follow the steps below to collect logs for AWS Application Load Balancer: +1. Configure a [CloudTrail Logs Source](/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source/). +1. Add custom metadata [fields](/docs/manage/fields) with your logs: + 1. Click **+Add Field** under **Metadata**. Each field consists of a name (key) and a corresponding value. + 1. Create a field named `account` and assign it a value that represents a friendly name or alias to your AWS account from which logs are collected. This value will appear in the [AWS Observability view](/docs/dashboards/explore-view/#aws-observability), and logs can be queried using the `account` field.
Metadata + 1. After adding fields, check their status indicators: + * Green check circle A green check mark indicates the field exists and is enabled in the Fields table schema. + * Orange exclamation point An orange exclamation icon indicates the field does not exist or is disabled in the schema. + * You will have the option to automatically add or enable the field. + * If a field is sent but not present or enabled in the schema, it is ignored and marked as **Dropped**. + +### Centralized AWS CloudTrail log collection + +In case you have a centralized collection of CloudTrail logs and are ingesting them from all accounts into a single Sumo Logic CloudTrail log source, create the following field extraction rule to map proper AWS account(s) friendly name/alias. You'll need to create it if not already present or update it as required. + +```sumo +Rule Name: AWS Accounts +Applied at: Ingest Time +Scope (Specific Data): +_sourceCategory=aws/observability/cloudtrail/logs +``` + +#### Parse Expression + +Enter a parse expression to create an `account` field that maps to the alias you set for each sub account. For example, if you used the `dev` alias for an AWS account with ID `528560886094` and the `prod` alias for an AWS account with ID `567680881046`, your parse expression would look like this: + +```sumo +| json "recipientAccountId" +// Manually map your aws account id with the AWS account alias you setup earlier for individual child account +| "" as account +| if (recipientAccountId = "528560886094", "dev", account) as account +| if (recipientAccountId = "567680881046", "prod", account) as account +| fields account +``` + ## Installing the AWS Application Load Balancer app Now that you have set up collection for AWS Application Load Balancer, install the Sumo Logic App to use the pre-configured searches and dashboards that provide visibility into your environment for real-time analysis of overall usage. @@ -118,7 +160,9 @@ import AppInstall from '../../reuse/apps/app-install-index-apps-v2.md'; -As part of the app installation process, the following fields will be created by default: +As part of the app installation process, the following **content** will be created by default along with dashboards and monitor template: + +#### Fields - `account` Name / alias to the AWS account. - `accountid` AWS account id. @@ -126,7 +170,7 @@ As part of the app installation process, the following fields will be created by - `namespace` Namespace for AWS Application Load Balancer Service is AWS/ApplicationELB. - `loadbalancer` Application Load Balancer name. -## Field Extraction Rule(s) +#### Field Extraction Rule(s) The FER **AwsObservabilityALBAccessLogsFER** to extract fields `loadbalancer` and `namespace` from access logs will be created as a part of app installation. diff --git a/docs/integrations/amazon-aws/elasticache.md b/docs/integrations/amazon-aws/elasticache.md index 7e8a99bd00..aad46a729a 100644 --- a/docs/integrations/amazon-aws/elasticache.md +++ b/docs/integrations/amazon-aws/elasticache.md @@ -15,7 +15,7 @@ The Amazon ElastiCache dashboards provide visibility into key event and performa ## Log and metric types -The Amazon ElastiCache app uses the following logs and metrics: +The Sumo Logic app for Amazon ElastiCache uses the following logs and metrics: * [Amazon ElastiCache CloudTrail Logs](https://docs.aws.amazon.com/AmazonElastiCache/latest/mem-ug/logging-using-cloudtrail.html) * [Amazon ElastiCache Host-Level Metrics for individual cache nodes](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheMetrics.HostLevel.html) * [Amazon ElastiCache Cache Engine Metrics](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheMetrics.Redis.html) diff --git a/docs/integrations/amazon-aws/lambda.md b/docs/integrations/amazon-aws/lambda.md index 2f81f5f05e..c6c0d5442f 100644 --- a/docs/integrations/amazon-aws/lambda.md +++ b/docs/integrations/amazon-aws/lambda.md @@ -16,7 +16,7 @@ The Sumo Logic AWS Lambda App uses the Lambda logs via CloudWatch, CloudWatch Me This section describes the data sources for the AWS Lambda app and how the app leverages these data sources to provide insight into AWS Lambda. -The AWS Lambda app uses the following logs and metrics: +The Sumo Logic app for AWS Lambda uses the following logs and metrics: * [AWS Lambda CloudTrail Logs](https://docs.aws.amazon.com/lambda/latest/dg/logging-using-cloudtrail.html#cloudtrail-data-events) * [AWS Lambda CloudWatch Logs](https://docs.aws.amazon.com/lambda/latest/dg/monitoring-functions-logs.html) * [AWS Lambda Metrics](https://docs.aws.amazon.com/lambda/latest/dg/monitoring-functions-metrics.html) diff --git a/docs/integrations/amazon-aws/network-load-balancer.md b/docs/integrations/amazon-aws/network-load-balancer.md index 160762e904..67aa75c36d 100644 --- a/docs/integrations/amazon-aws/network-load-balancer.md +++ b/docs/integrations/amazon-aws/network-load-balancer.md @@ -14,7 +14,7 @@ The Sumo Logic app for AWS Network Load Balancer is using metrics to provide ins ## Log and metric types -The AWS Network Load Balancer app uses the following logs and metrics: +The Sumo Logic app for AWS Network Load Balancer uses the following logs and metrics: * [AWS Network Load Balancer CloudTrail Logs](https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/cloudtrail-logs.html) * [AWS Network Load Balancer CloudWatch Metrics](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-cloudwatch-metrics.html) diff --git a/docs/integrations/amazon-aws/rds.md b/docs/integrations/amazon-aws/rds.md index abb56dab4a..7a0ff30426 100644 --- a/docs/integrations/amazon-aws/rds.md +++ b/docs/integrations/amazon-aws/rds.md @@ -28,7 +28,7 @@ The Sumo Logic Amazon RDS Proxy dashboards provide visibility into the performan ## Log and metric types -The Amazon RDS app uses the following logs and metrics: +The Sumo Logic app for Amazon RDS uses the following logs and metrics: * [Amazon RDS CloudTrail Logs](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/logging-using-cloudtrail.html). * [Publishing RDS CloudWatch Logs, RDS Database logs for Aurora MySQL, RDS MySQL, MariaDB](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.MySQLDB.PublishtoCloudWatchLogs.html). * [Publishing RDS CloudWatch logs, RDS Database logs for Aurora PostgreSQL, RDS PostgreSQL](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.Concepts.PostgreSQL.html#USER_LogAccess.Concepts.PostgreSQL.PublishtoCloudWatchLogs) @@ -371,7 +371,7 @@ Follow the steps below to add custom metadata [fields](/docs/manage/fields) with Namespace for **Amazon RDS** service is **AWS/RDS**. ::: -Follow the steps below to collect logs for AWS Network Load Balancer (NLB): +Follow the steps below to collect logs for Amazon RDS: 1. Configure a [CloudTrail Logs Source](/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source/). 1. Add custom metadata [fields](/docs/manage/fields) with your logs: 1. Click **+Add Field** under **Metadata**. Each field consists of a name (key) and a corresponding value. diff --git a/docs/integrations/amazon-aws/sns.md b/docs/integrations/amazon-aws/sns.md index 050c12bfa6..b970737057 100644 --- a/docs/integrations/amazon-aws/sns.md +++ b/docs/integrations/amazon-aws/sns.md @@ -115,7 +115,7 @@ Follow the steps below to add custom metadata [fields](/docs/manage/fields) with Namespace for **Amazon SNS** service is **AWS/SNS**. ::: -Follow the steps below to collect logs for AWS Network Load Balancer (NLB): +Follow the steps below to collect logs for Amazon SNS: 1. Configure a [CloudTrail Logs Source](/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source/). 1. Add custom metadata [fields](/docs/manage/fields) with your logs: 1. Click **+Add Field** under **Metadata**. Each field consists of a name (key) and a corresponding value. diff --git a/docs/integrations/amazon-aws/sqs.md b/docs/integrations/amazon-aws/sqs.md index 8dce0c4285..439094a372 100644 --- a/docs/integrations/amazon-aws/sqs.md +++ b/docs/integrations/amazon-aws/sqs.md @@ -128,10 +128,10 @@ Follow the steps below to add custom metadata [fields](/docs/manage/fields) with 1. Confirm that logs are being delivered to the Amazon S3 bucket. :::note - Namespace for **Amazon SNS** service is **AWS/SQS**. + Namespace for **Amazon SQS** service is **AWS/SQS**. ::: -Follow the steps below to collect logs for AWS Network Load Balancer (NLB): +Follow the steps below to collect logs for Amazon SQS: 1. Configure a [CloudTrail Logs Source](/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source/). 1. Add custom metadata [fields](/docs/manage/fields) with your logs: 1. Click **+Add Field** under **Metadata**. Each field consists of a name (key) and a corresponding value. From 2b837a751021c44762a78d7bb6a6e0624bc31fb2 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Fri, 26 Jun 2026 21:05:36 +0530 Subject: [PATCH 11/16] DOCS-1710 - Minor fixes to ALB and API Gateway docs Co-Authored-By: Claude Sonnet 4.6 --- docs/integrations/amazon-aws/api-gateway.md | 4 ++-- docs/integrations/amazon-aws/application-load-balancer.md | 7 ++++--- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/docs/integrations/amazon-aws/api-gateway.md b/docs/integrations/amazon-aws/api-gateway.md index e91c224844..95b1badf83 100644 --- a/docs/integrations/amazon-aws/api-gateway.md +++ b/docs/integrations/amazon-aws/api-gateway.md @@ -174,7 +174,7 @@ account=dev region=us-east-1 namespace=aws/apigateway apiname=* apiid stage doma When you create an AWS Source, you'll need to identify the Hosted Collector you want to use or create a new Hosted Collector. Once you create an AWS Source, associate it with a Hosted Collector. For instructions, see [Configure a Hosted Collector and Source](/docs/send-data/hosted-collectors/configure-hosted-collector). -### Collect AWS API Gateway metrics +### Collect AWS API Gateway CloudTrail metrics Sumo Logic supports collecting metrics using one of the following source types: @@ -241,7 +241,7 @@ Call the [UpdateStage](https://docs.aws.amazon.com/apigatewayv2/latest/api-refer aws apigatewayv2 update-stage --api-id 9pk1qlmpci --stage-name $default --default-route-settings "{\"DetailedMetricsEnabled\":true}" --output json --region eu-north-1 ``` -### Collect AWS API Gateway access logs +### Collect AWS API Gateway Access logs 1. Configure the [AWS Kinesis Firehose for Logs Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-logs-source/#create-an-aws-kinesis-firehose-for-logssource). 1. **Name**. Enter a name to display the new Source. diff --git a/docs/integrations/amazon-aws/application-load-balancer.md b/docs/integrations/amazon-aws/application-load-balancer.md index ab86915f10..c48ff5a6e3 100644 --- a/docs/integrations/amazon-aws/application-load-balancer.md +++ b/docs/integrations/amazon-aws/application-load-balancer.md @@ -16,6 +16,7 @@ The Sumo Logic app for AWS Application Load Balancing uses logs and metrics to g ## Log and metric types The Sumo Logic app for AWS Application Load Balancer uses the following logs and metrics: +* [AWS Application Load Balancer CloudTrail Logs](https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/cloudtrail-logs.html) * The [Application Load Balancer Access Logs](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html#enable-access-logging) introduces two new fields in addition to the fields contained in the Classic ELB Access log: * `Type`. This is the type of request or connection (HTTP, HTTPS, H2, ws, wss). * `target_group_arn`. This is the Amazon Resource Name (ARN) of the target group. @@ -29,7 +30,7 @@ The logs are stored in a .gzip format in the specified S3 bucket and contain the target_group_arn, trace_id ``` The log format is described in [AWS Application Load Balancer Access Log Collection](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html). -* [AWS Application Load Balancing metrics](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-cloudwatch-metrics.html). +* [AWS Application Load Balancer CloudWatch Metrics](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-cloudwatch-metrics.html). The metrics are included in the AWS/Application ELB namespace. For more details, see [here](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/elb-metricscollected.html#load-balancer-metrics-alb). ### Sample log message @@ -65,7 +66,7 @@ account="account" region="region" Namespace="AWS/ApplicationELB" loadbalancer="l When you create an AWS Source, you'll need to identify the Hosted Collector you want to use or create a new Hosted Collector. Once you create an AWS Source, associate it with a Hosted Collector. For instructions, see [Configure a Hosted Collector and Source](/docs/send-data/hosted-collectors/configure-hosted-collector). -### Collect AWS Application Load Balancer metrics +### Collect AWS Application Load Balancer CloudWatch metrics Sumo Logic supports collecting metrics using one of the following source types: @@ -85,7 +86,7 @@ Follow the steps below to add custom metadata [fields](/docs/manage/fields) with * You will have the option to automatically add or enable the field. * If a field is sent but not present or enabled in the schema, it is ignored and marked as **Dropped**. -### Collect AWS Application Load Balancer access logs +### Collect AWS Application Load Balancer Access logs #### Prerequisites From 3a583a079bfe2b017e476beca6a3f24193695834 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Fri, 26 Jun 2026 22:40:38 +0530 Subject: [PATCH 12/16] DOCS-1710 - AWSO Apps doc consistency updates for CLB and DynamoDB Co-Authored-By: Claude Sonnet 4.6 --- docs/integrations/amazon-aws/api-gateway.md | 2 +- .../amazon-aws/application-load-balancer.md | 2 +- .../amazon-aws/classic-load-balancer.md | 131 ++++++++++----- docs/integrations/amazon-aws/dynamodb.md | 156 ++++++++++-------- 4 files changed, 178 insertions(+), 113 deletions(-) diff --git a/docs/integrations/amazon-aws/api-gateway.md b/docs/integrations/amazon-aws/api-gateway.md index 95b1badf83..2afbc10347 100644 --- a/docs/integrations/amazon-aws/api-gateway.md +++ b/docs/integrations/amazon-aws/api-gateway.md @@ -174,7 +174,7 @@ account=dev region=us-east-1 namespace=aws/apigateway apiname=* apiid stage doma When you create an AWS Source, you'll need to identify the Hosted Collector you want to use or create a new Hosted Collector. Once you create an AWS Source, associate it with a Hosted Collector. For instructions, see [Configure a Hosted Collector and Source](/docs/send-data/hosted-collectors/configure-hosted-collector). -### Collect AWS API Gateway CloudTrail metrics +### Collect AWS API Gateway CloudWatch metrics Sumo Logic supports collecting metrics using one of the following source types: diff --git a/docs/integrations/amazon-aws/application-load-balancer.md b/docs/integrations/amazon-aws/application-load-balancer.md index c48ff5a6e3..0aebc2561f 100644 --- a/docs/integrations/amazon-aws/application-load-balancer.md +++ b/docs/integrations/amazon-aws/application-load-balancer.md @@ -33,7 +33,7 @@ The logs are stored in a .gzip format in the specified S3 bucket and contain the * [AWS Application Load Balancer CloudWatch Metrics](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-cloudwatch-metrics.html). The metrics are included in the AWS/Application ELB namespace. For more details, see [here](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/elb-metricscollected.html#load-balancer-metrics-alb). -### Sample log message +### Sample log messages ```json https 2017-11-20T22:05:36 long-bill-lb 77.222.19.149:41148 10.168.203.134:23662 0.000201 0.401924 0.772005 500 200 262 455 "GET https://elmagek.no-ip.org:443/json/v1/collector/histogram/100105037?startTimestamp=1405571270000&endTimestamp=1405574870000&bucketCount=60&_=1405574870206 HTTP/1.1" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4" DH-RSA-AES256-GCM-SHA384 TLSv1.2 arn:aws:elasticloadbalancing:us-west-2:104030218370:targetgroup/Prod-frontend/92e3199b1rc814fe9 "Root=1-58337364-23a8c76965a2ef7629b185e134" diff --git a/docs/integrations/amazon-aws/classic-load-balancer.md b/docs/integrations/amazon-aws/classic-load-balancer.md index 5f1d269a9a..a0668225f8 100644 --- a/docs/integrations/amazon-aws/classic-load-balancer.md +++ b/docs/integrations/amazon-aws/classic-load-balancer.md @@ -15,28 +15,28 @@ The Sumo Logic app for AWS Elastic Load Balancer Classic is a unified logs and m ## Log and metric types -ELB logs are stored as *.log files in the buckets you specify when you enable logging. The process to enable collection for these logs is described in [AWS ELB Enable Access Logs](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-access-logs.html). +The Sumo Logic app for AWS Classic Load Balancer uses the following logs and metrics: +* [AWS Classic Load Balancer CloudTrail Logs](https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/cloudtrail-logs.html) +* [Classic Load Balancer Access Logs](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/access-log-collection.html). ELB logs are stored as *.log files in the buckets you specify when you enable logging. The process to enable collection for these logs is described in [AWS ELB Enable Access Logs](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-access-logs.html). -The logs themselves contain these fields in this order: -```bash -datetime, ELB_Server, clientIP, port, backend, backend_port, requestProc, ba_Response, cli_Response, ELB_StatusCode, be_StatusCode, rcvd, send, method, protocol, domain, server_port, path -``` - -The log format is described in [AWS ELB Access Log Collection](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/access-log-collection.html). + The logs themselves contain these fields in this order: + ```bash + datetime, ELB_Server, clientIP, port, backend, backend_port, requestProc, ba_Response, cli_Response, ELB_StatusCode, be_StatusCode, rcvd, send, method, protocol, domain, server_port, path + ``` -For details on AWS Classic Load Balancer metrics, see [here](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-cloudwatch-metrics.html). + The log format is described in [AWS ELB Access Log Collection](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/access-log-collection.html). +* [AWS Classic Load Balancer CloudWatch Metrics](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-cloudwatch-metrics.html) -### Sample access log message +### Sample log messages -```json +```json title="Sample CloudTrail Log Message" 2017-11-06T23:20:38 stag-www-lb 250.38.201.246:56658 10.168.203.134:23662 0.007731 0.214433 0.000261 404 200 3194 123279 \ "GET https://stag-www.sumologic.net:443/json/v2/searchquery/3E7959EC4BA8AAC5/messages/raw?offset=29&length=15&highlight=true&_=1405591692470 HTTP/1.1" \ "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:23.0) Gecko/20131011 Firefox/23.0" \ ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 ``` - ### Sample queries ```sumo title="Response Codes Distribution by Domain and URI (Access Log Based)" @@ -63,55 +63,98 @@ loadbalancername={{loadbalancername}} metric=HTTPCode_ELB_4XX \ Statistic=Sum | sum by account, region, namespace, loadbalancername ``` -## Collecting logs and metrics for the AWS Classic Load Balancer +## Collecting logs and metrics for AWS Classic Load Balancer + +### Configure Hosted Collector When you create an AWS Source, you'll need to identify the Hosted Collector you want to use or create a new Hosted Collector. Once you create an AWS Source, associate it with a Hosted Collector. For instructions, see [Configure a Hosted Collector and Source](/docs/send-data/hosted-collectors/configure-hosted-collector). -### Collect metrics +### Collect AWS Classic Load Balancer CloudWatch metrics -1. Sumo Logic supports collecting metrics using two source types: - * Configure an [AWS Kinesis Firehose for Metrics Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-metrics-source) (recommended); or - * Configure an [Amazon CloudWatch Source for Metrics](/docs/send-data/hosted-collectors/amazon-aws/amazon-cloudwatch-source-metrics) -1. **Metadata**. Click the **+Add Field** link to add custom log metadata [fields](/docs/manage/fields). Define the fields you want to associate, each field needs a name (key) and value. - 1. Add an **account** field and assign it a value which is a friendly name / alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”.
Metadata - 1. Keep in mind: - * Green check circle A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * Orange exclamation point An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. +Sumo Logic supports collecting metrics using one of the following source types: -### Collect access logs +* Configure an [AWS Kinesis Firehose for Metrics Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-metrics-source) (**recommended**) +* Configure an [Amazon CloudWatch Source for Metrics](/docs/send-data/hosted-collectors/amazon-aws/amazon-cloudwatch-source-metrics) -#### Prerequisites + :::note + Namespace for **AWS Classic Load Balancer** service is **AWS/ELB**. + ::: -Before you can begin to use the AWS Classic Load Balancing (ELB) App, complete the following steps: +Follow the steps below to add custom metadata [fields](/docs/manage/fields) with your metrics: +1. Click **+Add Field** under **Metadata**. Each field consists of a name (key) and a corresponding value. +1. Create a field named `account` and assign it a value that represents a friendly name or alias to your AWS account from which metrics are collected. This value will appear in the [AWS Observability view](/docs/dashboards/explore-view/#aws-observability), and metrics can be queried using the `account` field.
Metadata +1. After adding fields, check their status indicators: + * Green check circle A green check mark indicates the field exists and is enabled in the Fields table schema. + * Orange exclamation point An orange exclamation icon indicates the field does not exist or is disabled in the schema. + * You will have the option to automatically add or enable the field. + * If a field is sent but not present or enabled in the schema, it is ignored and marked as **Dropped**. +### Collect AWS Classic Load Balancer Access logs + +#### Prerequisites + +Before you begin to use the AWS Elastic Load Balancing (ELB) Application app, complete the following steps: 1. [Grant Sumo Logic access](/docs/send-data/hosted-collectors/amazon-aws/grant-access-aws-product) to an Amazon S3 bucket. 2. [Enable Application Load Balancer logging](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html#enable-access-logging) in AWS. 3. Confirm that logs are being delivered to the Amazon S3 bucket. -#### Collecting access logs for AWS Classic Load Balancer +Follow the steps below to collect access logs for AWS Classic Load Balancer: +1. Configure the [Access Logs Source](/docs/send-data/hosted-collectors/amazon-aws/aws-sources/#create-an-aws-source). +1. Add custom metadata [fields](/docs/manage/fields) with your logs: + 1. Click **+Add Field** under **Metadata**. Each field consists of a name (key) and a corresponding value. + 1. Create a field named `account` and assign it a value that represents a friendly name or alias to your AWS account from which logs are collected. This value will appear in the [AWS Observability view](/docs/dashboards/explore-view/#aws-observability), and logs can be queried using the `account` field.
Metadata + 1. After adding fields, check their status indicators: + * Green check circle A green check mark indicates the field exists and is enabled in the Fields table schema. + * Orange exclamation point An orange exclamation icon indicates the field does not exist or is disabled in the schema. + * You will have the option to automatically add or enable the field. + * If a field is sent but not present or enabled in the schema, it is ignored and marked as **Dropped**. -1. Configure a Classic Load Balancing (CLB) [Access Logs Source](/docs/send-data/hosted-collectors/amazon-aws/aws-sources/#create-an-aws-source). -1. **Metadata**. Click the **+Add Field** link to add custom log metadata [fields](/docs/manage/fields). Define the fields you want to associate, each field needs a name (key) and value. The following **Fields** are to be added in the source: - 1. Add an **account** field and assign it a value which is a friendly name / alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”. - 1. Add a **region** field and assign it the value of respective AWS region where the Load Balancer exists. - 1. Add an **accountId** field and assign it the value of the respective AWS account id which is being used. - 1. Keep in mind: - * Green check circle A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * Orange exclamation point An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. -### Collect Cloudtrail logs +### Collect AWS Classic Load Balancer CloudTrail logs -1. Configure a Classic Load Balancing (CLB) [Cloudtrail Logs Source](/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source/). -1. **Metadata**. Click the **+Add Field** link to add custom log metadata [fields](/docs/manage/fields). Define the fields you want to associate, each field needs a name (key) and value. - 1. Add an **account** field and assign it a value which is a friendly name / alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”. - 1. Keep in mind: - * Green check circle A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * Orange exclamation point An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. +1. [Grant Sumo Logic access](/docs/send-data/hosted-collectors/amazon-aws/grant-access-aws-product) to an Amazon S3 bucket. +2. [Create a trail for your AWS account](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html). +3. Confirm that logs are being delivered to the Amazon S3 bucket. :::note -Namespace for **AWS Classic Load Balancer** Service is **AWS/ELB**. +Namespace for **AWS Classic Load Balancer** service is **AWS/ELB**. ::: +Follow the steps below to collect logs for AWS Classic Load Balancer: +1. Configure a [CloudTrail Logs Source](/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source/). +1. Add custom metadata [fields](/docs/manage/fields) with your logs: + 1. Click **+Add Field** under **Metadata**. Each field consists of a name (key) and a corresponding value. + 1. Create a field named `account` and assign it a value that represents a friendly name or alias to your AWS account from which logs are collected. This value will appear in the [AWS Observability view](/docs/dashboards/explore-view/#aws-observability), and logs can be queried using the `account` field.
Metadata + 1. After adding fields, check their status indicators: + * Green check circle A green check mark indicates the field exists and is enabled in the Fields table schema. + * Orange exclamation point An orange exclamation icon indicates the field does not exist or is disabled in the schema. + * You will have the option to automatically add or enable the field. + * If a field is sent but not present or enabled in the schema, it is ignored and marked as **Dropped**. + +### Centralized AWS CloudTrail log collection + +In case you have a centralized collection of CloudTrail logs and are ingesting them from all accounts into a single Sumo Logic CloudTrail log source, create the following field extraction rule to map proper AWS account(s) friendly name/alias. You'll need to create it if not already present or update it as required. + +```sumo +Rule Name: AWS Accounts +Applied at: Ingest Time +Scope (Specific Data): +_sourceCategory=aws/observability/cloudtrail/logs +``` + +#### Parse Expression + +Enter a parse expression to create an `account` field that maps to the alias you set for each sub account. For example, if you used the `dev` alias for an AWS account with ID `528560886094` and the `prod` alias for an AWS account with ID `567680881046`, your parse expression would look like this: + +```sumo +| json "recipientAccountId" +// Manually map your aws account id with the AWS account alias you setup earlier for individual child account +| "" as account +| if (recipientAccountId = "528560886094", "dev", account) as account +| if (recipientAccountId = "567680881046", "prod", account) as account +| fields account +``` + ## Installing the AWS Classic Load Balancer app Now that you have set up a collection for AWS Classic Load Balancer, install the Sumo Logic app to use the pre-configured searches and dashboards that provide visibility into your environment for real-time analysis of overall usage. @@ -120,7 +163,9 @@ import AppInstall from '../../reuse/apps/app-install-v2.md'; -As part of the app installation process, the following fields will be created by default: +As part of the app installation process, the following **content** will be created by default along with dashboards and monitor template: + +#### Fields - `account` Name / alias to the AWS account. - `accountid` AWS account id. @@ -128,7 +173,7 @@ As part of the app installation process, the following fields will be created by - `namespace` Namespace for AWS Classic Load Balancer Service is AWS/ELB. - `loadbalancername` Classic Load Balancer name. -## Field Extraction Rule(s) +#### Field Extraction Rule(s) The FER **AwsObservabilityCLBAccessLogsFER** to extract fields `loadbalancername` and `namespace` from access logs will be created as a part of app installation. diff --git a/docs/integrations/amazon-aws/dynamodb.md b/docs/integrations/amazon-aws/dynamodb.md index f2df1da192..0bf51fdb5d 100644 --- a/docs/integrations/amazon-aws/dynamodb.md +++ b/docs/integrations/amazon-aws/dynamodb.md @@ -14,52 +14,53 @@ Amazon DynamoDB is a fast and flexible NoSQL database service that provides cons The Sumo app for Amazon DynamoDB uses both logs and metrics to is a unified logs and metrics app that provides operational insights into your DynamoDB. The app includes Dashboards that allow you to monitor key metrics, view the throttle events, errors, and latency, and also help you plan the capacity of your DynamoDB instances. -## Collect Logs and Metrics for the Amazon DynamoDB app +## Log and metric types -### Log and metric types +The Sumo Logic app for AWS DynamoDB uses the following logs and metrics: +* [Amazon DynamoDB CloudTrail Logs](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/logging-using-cloudtrail.html) +* [Amazon DynamoDB CloudWatch Metrics](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/metrics-dimensions.html) -The AWS DynamoDB app uses the following logs and metrics: +### Sample log messages -* [DynamoDB CloudWatch Metrics](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/metrics-dimensions.html) -* [DynamoDB operations using AWS CloudTrail](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/logging-using-cloudtrail.html) - -### Sample CloudTrail log message +
+Sample CloudTrail Log Message ```json -{ - "eventVersion":"1.05", - "userIdentity":{ - "type":"IAMUser", - "principalId":"AIDAIBF5TU7HNYUE7V676", - "arn":"arn:aws:iam::568388783903:user/ankit", - "accountId":"568388783903", - "accessKeyId":"ASIAI3Q5RU4FIZFHFJZA", - "userName":"ankit", - "sessionContext":{ - "attributes":{ - "mfaAuthenticated":"false", - "creationDate":"2017-10-10T23:01:45+0000" - } - }, - "invokedBy":"signin.amazonaws.com" - }, - "eventTime":"2017-10-10T23:01:45+0000", - "eventSource":"dynamodb.amazonaws.com", - "eventName":"DescribeTable", - "awsRegion":"us-east-1", - "sourceIPAddress":"38.99.50.98", - "userAgent":"signin.amazonaws.com", - "requestParameters":{ - "tableName":"users3" - }, - "responseElements":null, - "requestID":"AIFQQ1I27ASKDSAQ4L9L4DTQPVVV4KQNSO5AEMVJF66Q9ASUAAJG", - "eventID":"f2bec08c-a56a-4f04-be92-0cac7aaabe9b", - "eventType":"AwsApiCall", - "apiVersion":"2012-08-10", - "recipientAccountId":"568388783903" -} + { + "eventVersion":"1.05", + "userIdentity":{ + "type":"IAMUser", + "principalId":"AIDAIBF5TU7HNYUE7V676", + "arn":"arn:aws:iam::568388783903:user/ankit", + "accountId":"568388783903", + "accessKeyId":"ASIAI3Q5RU4FIZFHFJZA", + "userName":"ankit", + "sessionContext":{ + "attributes":{ + "mfaAuthenticated":"false", + "creationDate":"2017-10-10T23:01:45+0000" + } + }, + "invokedBy":"signin.amazonaws.com" + }, + "eventTime":"2017-10-10T23:01:45+0000", + "eventSource":"dynamodb.amazonaws.com", + "eventName":"DescribeTable", + "awsRegion":"us-east-1", + "sourceIPAddress":"38.99.50.98", + "userAgent":"signin.amazonaws.com", + "requestParameters":{ + "tableName":"users3" + }, + "responseElements":null, + "requestID":"AIFQQ1I27ASKDSAQ4L9L4DTQPVVV4KQNSO5AEMVJF66Q9ASUAAJG", + "eventID":"f2bec08c-a56a-4f04-be92-0cac7aaabe9b", + "eventType":"AwsApiCall", + "apiVersion":"2012-08-10", + "recipientAccountId":"568388783903" + } ``` +
### Sample queries @@ -78,37 +79,54 @@ account=dev namespace=aws/dynamodb region=us-east-1 "\"eventSource\":\"dynamodb. | limit 20 ``` -### Collect Metrics for Amazon DynamoDB - -Sumo Logic supports collecting metrics using two source types: -* Configure an [AWS Kinesis Firehose for Metrics Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-metrics-source) (Recommended); or -* Configure an [Amazon CloudWatch Source for Metrics](/docs/send-data/hosted-collectors/amazon-aws/amazon-cloudwatch-source-metrics) - -Namespace for **Amazon DynamoDB** Service is **AWS/DynamoDB**. +## Collect logs and metrics for Amazon DynamoDB -* **Metadata**. Add an **account** field to the source and assign it a value that is a friendly name/alias to your AWS account from which you are collecting metrics. Metrics can be queried via the “account field”. +### Configure Hosted Collector +When you create an AWS Source, you'll need to identify the Hosted Collector you want to use or create a new Hosted Collector. Once you create an AWS Source, associate it with a Hosted Collector. For instructions, see [Configure a Hosted Collector and Source](/docs/send-data/hosted-collectors/configure-hosted-collector). -### Collect Amazon DynamoDB CloudTrail Logs +### Collect Amazon DynamoDB CloudWatch metrics -1. To your Hosted Collector, add an [AWS CloudTrail Source](/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source.md). - * **Name**. Enter a name to display the new Source. - * **Description**. Enter an optional description. - * **S3 Region**. Select the Amazon Region for your **Amazon DynamoDB** S3 bucket. - * **Bucket Name**. Enter the exact name of your **Amazon DynamoDB** S3 bucket. - * **Path Expression**. Enter the string that matches the S3 objects you'd like to collect. You can use a wildcard (`*`) in this string. (DO NOT use a leading forward slash. See [Amazon Path Expressions](/docs/send-data/hosted-collectors/amazon-aws/amazon-path-expressions).) The S3 bucket name is not part of the path. Don’t include the bucket name when you are setting the Path Expression - * **Source Category**. Enter `aws/observability/cloudtrail/logs` - * **Fields**. Add an **account** field and assign it a value that is a friendly name/alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”. - * **Access Key ID and Secret Access Key**. Enter your Amazon [Access Key ID and Secret Access Key](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSGettingStartedGuide/AWSCredentials.html). Learn how to use Role-based access to AWS [here](/docs/send-data/hosted-collectors/amazon-aws/aws-sources) - * **Log File Discovery -> Scan Interval**. Use the default of 5 minutes. Alternately, enter the frequency. Sumo Logic will scan your S3 bucket for new data. Learn how to configure **Log File Discovery** [here](/docs/send-data/hosted-collectors/amazon-aws/aws-sources). - * **Enable Timestamp Parsing**. Select the **Extract timestamp information from log file entries** check box. - * **Time Zone**. Select **Ignore time zone from the log file and instead use**, and select **UTC** from the dropdown. - * **Timestamp Format.** Select **Automatically detect the format**. - * **Enable Multiline Processing**. Select the **Detect messages spanning multiple lines** check box, and select **Infer Boundaries**. -2. Click **Save**. +Sumo Logic supports collecting metrics using one of the following source types: +* Configure an [AWS Kinesis Firehose for Metrics Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-metrics-source) (**recommended**) +* Configure an [Amazon CloudWatch Source for Metrics](/docs/send-data/hosted-collectors/amazon-aws/amazon-cloudwatch-source-metrics) -### Centralized AWS CloudTrail Log Collection + :::note + Namespace for **Amazon DynamoDB** service is **AWS/DynamoDB**. + ::: + +Follow the steps below to add custom metadata [fields](/docs/manage/fields) with your metrics: +1. Click **+Add Field** under **Metadata**. Each field consists of a name (key) and a corresponding value. +1. Create a field named `account` and assign it a value that represents a friendly name or alias to your AWS account from which metrics are collected. This value will appear in the [AWS Observability view](/docs/dashboards/explore-view/#aws-observability), and metrics can be queried using the `account` field.
Metadata +1. After adding fields, check their status indicators: + * Green check circle A green check mark indicates the field exists and is enabled in the Fields table schema. + * Orange exclamation point An orange exclamation icon indicates the field does not exist or is disabled in the schema. + * You will have the option to automatically add or enable the field. + * If a field is sent but not present or enabled in the schema, it is ignored and marked as **Dropped**. + +### Collect Amazon DynamoDB CloudTrail logs + +1. [Grant Sumo Logic access](/docs/send-data/hosted-collectors/amazon-aws/grant-access-aws-product) to an Amazon S3 bucket. +2. [Create a trail for your AWS account](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html). +3. Confirm that logs are being delivered to the Amazon S3 bucket. + +:::note +Namespace for **Amazon DynamoDB** service is **AWS/DynamoDB**. +::: + +Follow the steps below to collect logs for Amazon DynamoDB: +1. Configure a [CloudTrail Logs Source](/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source/). +1. Add custom metadata [fields](/docs/manage/fields) with your logs: + 1. Click **+Add Field** under **Metadata**. Each field consists of a name (key) and a corresponding value. + 1. Create a field named `account` and assign it a value that represents a friendly name or alias to your AWS account from which logs are collected. This value will appear in the [AWS Observability view](/docs/dashboards/explore-view/#aws-observability), and logs can be queried using the `account` field.
Metadata + 1. After adding fields, check their status indicators: + * Green check circle A green check mark indicates the field exists and is enabled in the Fields table schema. + * Orange exclamation point An orange exclamation icon indicates the field does not exist or is disabled in the schema. + * You will have the option to automatically add or enable the field. + * If a field is sent but not present or enabled in the schema, it is ignored and marked as **Dropped**. + +### Centralized AWS CloudTrail log collection In case you have a centralized collection of CloudTraillogs and are ingesting them from all accounts into a single Sumo Logic CloudTraillog source, create following Field Extraction Rule to map proper AWS account(s) friendly name/alias. Create it if not already present / update it as required. ```sql @@ -118,7 +136,7 @@ Scope (Specific Data): _sourceCategory=aws/observability/cloudtrail/logs ``` -**Parse Expression** +#### Parse Expression Enter a parse expression to create an “account” field that maps to the alias you set for each sub-account. For example, if you used the `“dev”` alias for an AWS account with ID `"528560886094"` and the `“prod”` alias for an AWS account with ID `"567680881046"`, your parse expression would look like this: ```sumo @@ -138,7 +156,9 @@ import AppInstall from '../../reuse/apps/app-install-v2.md'; -As part of the app installation process, the following fields will be created by default: +As part of the app installation process, the following **content** will be created by default along with dashboards and monitor template: + +#### Fields - `account` Name / alias to the AWS account. - `accountid` AWS account id. @@ -146,7 +166,7 @@ As part of the app installation process, the following fields will be created by - `namespace` Namespace for Amazon DynamoDB Service is AWS/DynamoDB. - `tablename` DynamoDB table name. -### Field Extraction Rule(s) +#### Field Extraction Rule(s) The FER **AwsObservabilityDynamoDBCloudTrailLogsFER** to extract fields `region`, `namespace`, `tablename`, and `accountid` will be created as a part of app installation. From 78c2e175fdc1194fe9049af4448a3078b8008397 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Fri, 26 Jun 2026 23:07:07 +0530 Subject: [PATCH 13/16] DOCS-1710 - Fix cross-references in API Gateway, Lambda, Threat Intel, and AWS Observability docs Co-Authored-By: Claude Sonnet 4.6 --- docs/integrations/amazon-aws/api-gateway.md | 2 +- docs/integrations/amazon-aws/lambda.md | 2 +- docs/integrations/amazon-aws/threat-intel.md | 2 +- .../aws/deploy-use-aws-observability/before-you-deploy.md | 2 +- docs/observability/aws/integrations/aws-api-gateway.md | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/integrations/amazon-aws/api-gateway.md b/docs/integrations/amazon-aws/api-gateway.md index 2afbc10347..889a610350 100644 --- a/docs/integrations/amazon-aws/api-gateway.md +++ b/docs/integrations/amazon-aws/api-gateway.md @@ -586,7 +586,7 @@ Use these dashboards to: ### Access Logs Access logs contains information about who has accessed your API and how the caller accessed the API. -To populate the dashboards, you must explicitly [enable access logs](#collect-access-logs-for-aws-api-gateway). +To populate the dashboards, you must explicitly [enable access logs](#collect-aws-api-gateway-access-logs). #### AWS API Gateway - Access Logs - Overview diff --git a/docs/integrations/amazon-aws/lambda.md b/docs/integrations/amazon-aws/lambda.md index c6c0d5442f..47572891d5 100644 --- a/docs/integrations/amazon-aws/lambda.md +++ b/docs/integrations/amazon-aws/lambda.md @@ -220,7 +220,7 @@ AWS Lambda provides Provisioned Concurrency for greater control over the start-u To collect the metrics in Sumo Logic, follow the steps below: -1. Jump to the [Collect Amazon CloudWatch Metrics](#collect-amazon-cloudwatch-metrics) section and complete the steps as described. +1. Jump to the [Collect Amazon CloudWatch Metrics](#collect-aws-lambda-cloudwatch-metrics) section and complete the steps as described. 2. Configure Provisioned Concurrency while creating a Lambda function in the AWS Management Console, as shown in the following example. Configure Provisioned Concurrency diff --git a/docs/integrations/amazon-aws/threat-intel.md b/docs/integrations/amazon-aws/threat-intel.md index 3154c7a07d..0a65ed4a9b 100644 --- a/docs/integrations/amazon-aws/threat-intel.md +++ b/docs/integrations/amazon-aws/threat-intel.md @@ -24,7 +24,7 @@ The Sumo Logic Threat Intel lookup database is only available with Sumo Logic En If you are not already collecting your AWS logs, follow the instructions below to collect data from one or more of these data sources: * [Collect AWS CloudTrail Logs](/docs/integrations/amazon-aws/cloudtrail#collecting-logs-for-the-aws-cloudtrail-app) -* [Collect AWS ELB Logs](/docs/integrations/amazon-aws/classic-load-balancer#collecting-logs-and-metrics-for-the-aws-classic-load-balancer) +* [Collect AWS ELB Logs](/docs/integrations/amazon-aws/classic-load-balancer#collecting-logs-and-metrics-for-aws-classic-load-balancer) VPC Flow Logs can be published to Amazon CloudWatch Logs and Amazon S3. Each method has advantages. Using an Amazon S3 source is more reliable, while using a CloudFormation template allows you to customize your logs by adding more information and filtering unwanted data. You can use either of the following methods to collect Amazon VPC Flow Logs: * [Using an Amazon S3 source](/docs/integrations/amazon-aws/vpc-flow-logs#collecting-amazon-vpc-flow-logs-using-an-amazon-s3-source) diff --git a/docs/observability/aws/deploy-use-aws-observability/before-you-deploy.md b/docs/observability/aws/deploy-use-aws-observability/before-you-deploy.md index 15f4566e4a..658e4922a0 100644 --- a/docs/observability/aws/deploy-use-aws-observability/before-you-deploy.md +++ b/docs/observability/aws/deploy-use-aws-observability/before-you-deploy.md @@ -42,7 +42,7 @@ If you are already collecting AWS metrics, logs, and/or events, we recommend tha * Set up the [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html) and configure the AWS CLI as described in the [AWS documentation](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html) if you would like to use an AWS profile for Terraform script based deployment. * For AWS services exporting to CloudWatch Logs, make sure logs are exported to log groups: * RDS - Enable publishing of logs to CloudWatch by following instructions in [Collect Amazon RDS CloudTrail logs](/docs/integrations/amazon-aws/rds/#collect-amazon-rds-cloudwatch-logs). - * API Gateway - Enable Access Logs for each respective API by following instructions in Step 3 of [Collect access logs for AWS API Gateway](/docs/integrations/amazon-aws/api-gateway/#collect-access-logs-for-aws-api-gateway). Make sure you have the following prefix `/aws/apigateway//` while creating the log group. + * API Gateway - Enable Access Logs for each respective API by following instructions in Step 3 of [Collect access logs for AWS API Gateway](/docs/integrations/amazon-aws/api-gateway/#collect-aws-api-gateway-access-logs). Make sure you have the following prefix `/aws/apigateway//` while creating the log group. * AWS Lambda - If you are exporting logs to your custom log group, make sure you have the following prefix `/aws/lambda/` while creating the log group. * The AWS Solution does not enable detailed or enhanced metrics collection by default. * ECS - Enable enhanced metrics for respective cluster. Refer to [AWS documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/deploy-container-insights-ECS-cluster.html). diff --git a/docs/observability/aws/integrations/aws-api-gateway.md b/docs/observability/aws/integrations/aws-api-gateway.md index c6b6ad5cb4..6e60365908 100644 --- a/docs/observability/aws/integrations/aws-api-gateway.md +++ b/docs/observability/aws/integrations/aws-api-gateway.md @@ -195,7 +195,7 @@ Use these dashboards to: ### Access Logs Access logs contains information about who has accessed your API and how the caller accessed the API. -To populate the dashboards, you must explicitly [enable access logs](/docs/integrations/amazon-aws/api-gateway/#collect-access-logs-for-aws-api-gateway). +To populate the dashboards, you must explicitly [enable access logs](/docs/integrations/amazon-aws/api-gateway/#collect-aws-api-gateway-access-logs). #### AWS API Gateway - Access Logs - Overview From 21ccfdb1eccd7a9ca44b8ce270a03ee57948487f Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Mon, 29 Jun 2026 10:25:58 +0530 Subject: [PATCH 14/16] DOCS-1710 - AWSO Apps doc consistency updates for ECS and AWS API Gateway observability Co-Authored-By: Claude Sonnet 4.6 --- .../amazon-aws/elastic-container-service.md | 97 +++++++++++++------ .../aws/integrations/aws-api-gateway.md | 1 + 2 files changed, 71 insertions(+), 27 deletions(-) diff --git a/docs/integrations/amazon-aws/elastic-container-service.md b/docs/integrations/amazon-aws/elastic-container-service.md index d1388c65aa..a7b07f3dcc 100644 --- a/docs/integrations/amazon-aws/elastic-container-service.md +++ b/docs/integrations/amazon-aws/elastic-container-service.md @@ -15,9 +15,13 @@ We offer two different ECS versions, which have separate data collection steps: * **[Collect Logs and Metrics for ECS](/docs/integrations/amazon-aws/elastic-container-service)**. This version collects [ECS CloudWatch Metrics](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/available-metrics.html) and [ECS Events using AWS CloudTrail](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/logging-using-cloudtrail.html#service-name-info-in-cloudtrail). * **[Collect Logs, Metrics (Container Insights+CloudWatch) and Traces for ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/logging-using-cloudtrail.html)**. This version collects [ECS CloudWatch Metrics](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cloudwatch-metrics.html#available_cloudwatch_metrics), [Container Insights Metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Container-Insights-metrics-ECS.html), [ECS Events using AWS CloudTrail](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/logging-using-cloudtrail.html#service-name-info-in-cloudtrail), Application Logs and Traces. Metrics collected by Container Insights are charged as custom metrics. For more information about CloudWatch pricing, see[ Amazon CloudWatch Pricing](https://aws.amazon.com/cloudwatch/pricing/). This solution enables you to monitor both EC2 and Fargate based ECS deployments. For instructions on collecting this data, refer to the [Amazon Elastic Container Service (ECS) using Container Insights and CloudWatch](/docs/integrations/amazon-aws/elastic-container-service-container-insights-cloudwatch/). -This page has instructions for collecting logs and metrics for the Amazon ECS without Container Insights and Traces app. It uses the following data: -* CloudWatch Metrics -* AWS CloudTrail Events +This documentation has instructions for collecting logs and metrics for the Amazon ECS app without Container Insights and Traces. + +## Log and metric types + +The Sumo Logic app for Amazon ECS without Container Insights and Traces uses the following logs and metrics: +* Amazon CloudWatch Metrics +* Amazon CloudTrail Logs ### Sample log messages @@ -272,7 +276,6 @@ This page has instructions for collecting logs and metrics for the Amazon ECS wi "recipientAccountId":"435456556566" } ``` -
### Sample queries @@ -288,34 +291,74 @@ _sourceCategory=ecs* (DeleteCluster or DeleteService or DeregisterContainerInsta | count by resource_type, _timeslice | transpose row _timeslice column resource_type ``` -## Collect Logs and Metrics for Amazon ECS +## Collecting logs and metrics for Amazon ECS + +### Configure Hosted Collector -This section has instructions for collecting logs and metrics for the Amazon ECS app. +When you create an AWS Source, you'll need to identify the Hosted Collector you want to use or create a new Hosted Collector. Once you create an AWS Source, associate it with a Hosted Collector. For instructions, see [Configure a Hosted Collector and Source](/docs/send-data/hosted-collectors/configure-hosted-collector). -### Collect Metrics for Amazon ECS +### Collect Amazon ECS CloudWatch metrics + +Sumo Logic supports collecting metrics using one of the following source types: + +* Configure an [AWS Kinesis Firehose for Metrics Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-metrics-source) (**recommended**) +* Configure an [Amazon CloudWatch Source for Metrics](/docs/send-data/hosted-collectors/amazon-aws/amazon-cloudwatch-source-metrics) -1. Sumo Logic supports collecting metrics using two source types: - * Configure an [AWS Kinesis Firehose for Metrics Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-metrics-source) (recommended) or - * Configure an [Amazon CloudWatch Source for Metrics](/docs/send-data/hosted-collectors/amazon-aws/amazon-cloudwatch-source-metrics) :::note - Amazon ECS metrics use the AWS/ECS namespace + Namespace for **Amazon ECS** service is **AWS/ECS**. ::: -1. **Metadata**. Click the **+Add Field** link to add custom log metadata [fields](/docs/manage/fields). Define the fields you want to associate, each field needs a name (key) and value. - 1. Add an **account** field and assign it a value which is a friendly name / alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”.
Metadata - 1. Keep in mind: - * Green check circle A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * Orange exclamation point An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. +Follow the steps below to add custom metadata [fields](/docs/manage/fields) with your metrics: +1. Click **+Add Field** under **Metadata**. Each field consists of a name (key) and a corresponding value. +1. Create a field named `account` and assign it a value that represents a friendly name or alias to your AWS account from which metrics are collected. This value will appear in the [AWS Observability view](/docs/dashboards/explore-view/#aws-observability), and metrics can be queried using the `account` field.
Metadata +1. After adding fields, check their status indicators: + * Green check circle A green check mark indicates the field exists and is enabled in the Fields table schema. + * Orange exclamation point An orange exclamation icon indicates the field does not exist or is disabled in the schema. + * You will have the option to automatically add or enable the field. + * If a field is sent but not present or enabled in the schema, it is ignored and marked as **Dropped**. -### Collect ECS events using CloudTrail +### Collect Amazon ECS CloudTrail logs -1. Configure a [AWS CloudTrail Logs Source](/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source/). -1. **Metadata**. Click the **+Add Field** link to add custom log metadata [Fields](/docs/manage/fields). Define the fields you want to associate, each field needs a name (key) and value. - 1. Add an **account** field and assign it a value which is a friendly name / alias to your AWS account from which you are collecting logs. Logs can be queried via the “account field”. - 1. Keep in mind: - * Green check circle A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema. - * Orange exclamation point An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic but isn’t present or enabled in the schema, it’s ignored and marked as **Dropped**. +1. [Grant Sumo Logic access](/docs/send-data/hosted-collectors/amazon-aws/grant-access-aws-product) to an Amazon S3 bucket. +2. [Create a trail for your AWS account](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html). +3. Confirm that logs are being delivered to the Amazon S3 bucket. + :::note + Namespace for **Amazon ECS** service is **AWS/ECS**. + ::: + +Follow the steps below to collect logs for Amazon ECS: +1. Configure a [CloudTrail Logs Source](/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source/). +1. Add custom metadata [fields](/docs/manage/fields) with your logs: + 1. Click **+Add Field** under **Metadata**. Each field consists of a name (key) and a corresponding value. + 1. Create a field named `account` and assign it a value that represents a friendly name or alias to your AWS account from which logs are collected. This value will appear in the [AWS Observability view](/docs/dashboards/explore-view/#aws-observability), and logs can be queried using the `account` field.
Metadata + 1. After adding fields, check their status indicators: + * Green check circle A green check mark indicates the field exists and is enabled in the Fields table schema. + * Orange exclamation point An orange exclamation icon indicates the field does not exist or is disabled in the schema. + * You will have the option to automatically add or enable the field. + * If a field is sent but not present or enabled in the schema, it is ignored and marked as **Dropped**. + +### Centralized AWS CloudTrail log collection + +In case you have a centralized collection of CloudTraillogs and are ingesting them from all accounts into a single Sumo Logic CloudTraillog source, create following Field Extraction Rule to map proper AWS account(s) friendly name/alias. Create it if not already present / update it as required. +```sql +Rule Name: AWS Accounts +Applied at: Ingest Time +Scope (Specific Data): +_sourceCategory=aws/observability/cloudtrail/logs +``` + +#### Parse Expression + +Enter a parse expression to create an “account” field that maps to the alias you set for each sub-account. For example, if you used the `“dev”` alias for an AWS account with ID `"528560886094"` and the `“prod”` alias for an AWS account with ID `"567680881046"`, your parse expression would look like this: +```sumo +| json "recipientAccountId" +// Manually map your aws account id with the AWS account alias you setup earlier for individual child account +| "" as account +| if (recipientAccountId = "528560886094", "dev", account) as account +| if (recipientAccountId = "567680881046", "prod", account) as account +| fields account +``` ## Installing the Amazon ECS app @@ -325,7 +368,9 @@ import AppInstall from '../../reuse/apps/app-install-v2.md'; -As part of the app installation process, the following fields will be created by default: +As part of the app installation process, the following **content** will be created by default along with dashboards and monitor template: + +#### Fields - `account` Name / alias to the AWS account. - `accountid` AWS account id. @@ -333,12 +378,10 @@ As part of the app installation process, the following fields will be created by - `namespace` Namespace for Amazon ECS Service is AWS/ECS. - `clustername` The name of the ECS cluster. -## Field Extraction Rule(s) +#### Field Extraction Rule(s) The FER **AwsObservabilityECSCloudTrailLogsFER** to extract fields `region`, `namespace`, `clustername`, and `accountid` will be created as a part of app installation. -The FER **AwsObservabilityECSCloudWatchLogsFER** to extract the `namespace` field will be created as a part of app installation. - ## Viewing the Amazon ECS app dashboards import ViewDashboards from '../../reuse/apps/view-dashboards.md'; diff --git a/docs/observability/aws/integrations/aws-api-gateway.md b/docs/observability/aws/integrations/aws-api-gateway.md index 6e60365908..a7e78d94f0 100644 --- a/docs/observability/aws/integrations/aws-api-gateway.md +++ b/docs/observability/aws/integrations/aws-api-gateway.md @@ -10,6 +10,7 @@ import useBaseUrl from '@docusaurus/useBaseUrl'; [Amazon API Gateway](https://aws.amazon.com/api-gateway/) service allows you to create RESTful APIs, HTTP APIs, and WebSocket APIs for real-time two-way communication applications in containerized and serverless environments, as well as web applications. The Sumo Logic AWS API Gateway app provides insights into API Gateway tasks while accepting and processing concurrent API calls throughout your infrastructure, including traffic management, CORS support, authorization and access control, throttling, monitoring, and API version management. + ## Log and metrics types  The AWS API Gateway app uses the following logs and metrics: From 540438366a0df850c0e6edf280ab38a4bfb99cf5 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Mon, 29 Jun 2026 17:00:27 +0530 Subject: [PATCH 15/16] DOCS-1710 - AWSO Apps doc consistency updates for EC2 CloudWatch Metrics and EC2 Host Metrics Co-Authored-By: Claude Sonnet 4.6 --- .../amazon-aws/ec2-cloudwatch-metrics.md | 103 ++++++++++-------- .../amazon-aws/ec2-host-metrics.md | 53 +++++---- 2 files changed, 81 insertions(+), 75 deletions(-) diff --git a/docs/integrations/amazon-aws/ec2-cloudwatch-metrics.md b/docs/integrations/amazon-aws/ec2-cloudwatch-metrics.md index 194dd5d266..fbd4c42346 100644 --- a/docs/integrations/amazon-aws/ec2-cloudwatch-metrics.md +++ b/docs/integrations/amazon-aws/ec2-cloudwatch-metrics.md @@ -13,17 +13,18 @@ Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity i The Sumo Logic app for AWS EC2 allows you to collect your EC2 instance metrics and display them using predefined dashboards. The app provides dashboards to display analysis of EC2 instance metrics for CPU, disk, network, EBS, Health Status Check, and EC2 CloudTrail Events. Also, it provides detailed insights into all CloudTrail audit events associated with EC2 instances and specifically helps identify changes, errors, and user activities. -## Collecting CloudWatch Metrics and CloudTrail logs for AWS EC2 +## Log and metric types -This section describes the AWS EC2 app's data sources and instructions for setting up a metric collection. - -### Metrics types - -For details on the metrics of AWS EC2, see [here](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch.html). +The Sumo Logic app for AWS EC2 CloudWatch Metrics uses the following metrics: +* [Amazon CloudWatch Metrics](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch.html) +* [Amazon CloudTrail Logs](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html#logging-data-events) ### Sample log messages -```json title="Sample CloudTrail Log" +
+Sample CloudTrail Log + +```json { "eventVersion":"1.08", "userIdentity":{ @@ -68,6 +69,7 @@ For details on the metrics of AWS EC2, see [here](https://docs.aws.amazon.com/AW } } ``` +
### Sample queries @@ -101,56 +103,62 @@ account={{account}} region={{region}} namespace={{namespace}} eventname eventsou | count as count by error_code | sort by count, error_code asc | limit 10 ``` +## Collecting logs and metrics for AWS EC2 -### AWS EC2 CloudWatch Metrics +### Configure Hosted Collector -AWS EC2 automatically monitors functions on your behalf, reporting [AWS EC2 metrics](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch.html) through Amazon CloudWatch. These metrics are collected by our Hosted Collector by configuring the Amazon CloudWatch source. +When you create an AWS Source, you'll need to identify the Hosted Collector you want to use or create a new Hosted Collector. Once you create an AWS Source, associate it with a Hosted Collector. For instructions, see [Configure a Hosted Collector and Source](/docs/send-data/hosted-collectors/configure-hosted-collector). -The Sumo Logic app for AWS EC2 (CloudWatch Metrics) allows you to collect your EC2 instance metrics and display them using predefined dashboards. The app provides dashboards to analyze EC2 instance metrics for CPU, disk, network, EBS, and Health Status Check. +### Collect AWS EC2 CloudWatch metrics +Sumo Logic supports collecting metrics using one of the following source types: -### CloudTrail EC2 Data Events +* Configure an [AWS Kinesis Firehose for Metrics Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-metrics-source) (**recommended**) +* Configure an [Amazon CloudWatch Source for Metrics](/docs/send-data/hosted-collectors/amazon-aws/amazon-cloudwatch-source-metrics) -[CloudTrail EC2 Data Events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html#logging-data-events) allow you to continuously monitor the execution activity of your EC2 instance and record details of all the related events. + :::note + Namespace for **Amazon EC2** service is **AWS/EC2**. + ::: +Follow the steps below to add custom metadata [fields](/docs/manage/fields) with your metrics: +1. Click **+Add Field** under **Metadata**. Each field consists of a name (key) and a corresponding value. +1. Create a field named `account` and assign it a value that represents a friendly name or alias to your AWS account from which metrics are collected. This value will appear in the [AWS Observability view](/docs/dashboards/explore-view/#aws-observability), and metrics can be queried using the `account` field.
Metadata +1. After adding fields, check their status indicators: + * Green check circle A green check mark indicates the field exists and is enabled in the Fields table schema. + * Orange exclamation point An orange exclamation icon indicates the field does not exist or is disabled in the schema. + * You will have the option to automatically add or enable the field. + * If a field is sent but not present or enabled in the schema, it is ignored and marked as **Dropped**. -### Collect Amazon CloudWatch EC2 Metrics +AWS EC2 automatically monitors functions on your behalf, reporting [AWS EC2 metrics](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch.html) through Amazon CloudWatch. These metrics are collected by our Hosted Collector by configuring the Amazon CloudWatch source. -Sumo Logic supports collecting metrics using two source types: -* Configure an [AWS Kinesis Firehose for Metrics Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-metrics-source) **(recommended)** or -* Configure an [Amazon CloudWatch Source for Metrics](/docs/send-data/hosted-collectors/amazon-aws/amazon-cloudwatch-source-metrics) -:::note -Namespace for **Amazon EC2** Service is **AWS/EC2**. -::: +The Sumo Logic app for AWS EC2 (CloudWatch Metrics) allows you to collect your EC2 instance metrics and display them using predefined dashboards. The app provides dashboards to analyze EC2 instance metrics for CPU, disk, network, EBS, and Health Status Check. -* **Metadata**: Add an **account** field to the source and assign it a value which is a friendly name / alias to your AWS account from which you are collecting metrics. Metrics can be queried through the **account** field. -Metadata +### Collect AWS EC2 CloudTrail logs -### Collect CloudTrail EC2 Data Events +:::note +CloudTrail data events will be collected under this source. +::: -To configure a CloudTrail Source, perform these steps: +#### Prerequisites 1. [Grant Sumo Logic access](/docs/send-data/hosted-collectors/amazon-aws/grant-access-aws-product) to an Amazon S3 bucket. -2. [Configure DataEvents with CloudTrail](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/using-cloudtrail.html) in your AWS account. +2. [Create a trail for your AWS account](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html). 3. Confirm that logs are being delivered to the Amazon S3 bucket. -4. Add an [AWS CloudTrail Source](/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source) to Sumo Logic. - 1. **Name**. Enter a name to display the new Source. - 2. **Description**. You may skip the description as it's optional. - 3. **S3 Region**. Select the Amazon Region for your API Gateway S3 bucket. - 4. **Bucket Name**. Enter the exact name of your API Gateway S3 bucket. - 5. **Path Expression**. Enter the string that matches the S3 objects you'd like to collect. You can use a wildcard `*` in this string. - :::note - DO NOT use a leading forward slash. See [Amazon Path Expressions](/docs/send-data/hosted-collectors/amazon-aws/amazon-path-expressions). The S3 bucket name is not part of the path. Don’t include the S3 bucket name when you are setting the Path Expression. - ::: -5. **Source Category**. Enter `aws/observability/cloud trail/logs`. -6. **Fields**. Add an **account** field and assign it a value that is a friendly name/alias to your AWS account from which you are collecting logs. Logs can be queried through the **account** field.
Fields -7. **Access Key ID and Secret Access Key**. Enter your [Access Key ID and Secret Access Key](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSGettingStartedGuide/AWSCredentials.html). Learn how to use Role-based access to AWS [here](/docs/send-data/hosted-collectors/amazon-aws/aws-sources). -8. **Log File Discovery -> Scan Interval**. Use the default of 5 minutes. Alternately, enter the frequency. Sumo Logic will scan your S3 bucket for new data. Learn how to configure Log File Discovery [here](/docs/send-data/hosted-collectors/amazon-aws/aws-sources). -9. **Enable Timestamp Parsing**. Select the **Extract timestamp information from log file entries** check box. -10. **Time Zone**. Select **Ignore time zone from the log file and instead use**, and select **UTC** from the dropdown. -11. **Timestamp Format.** Select **Automatically detect the format**. -12. **Enable Multiline Processing**. Select the **Detect messages spanning multiple lines** check box, and select **Infer Boundaries**. -13. Click **Save**. + +:::note +Namespace for **Amazon EC2** service is **AWS/EC2**. +::: + +Follow the steps below to collect logs for AWS API Gateway: +1. Configure a [CloudTrail Logs Source](/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source/). +1. Add custom metadata [fields](/docs/manage/fields) with your logs: + 1. Click **+Add Field** under **Metadata**. Each field consists of a name (key) and a corresponding value. + 1. Create a field named `account` and assign it a value that represents a friendly name or alias to your AWS account from which logs are collected. This value will appear in the [AWS Observability view](/docs/dashboards/explore-view/#aws-observability), and logs can be queried using the `account` field.
Metadata + 1. After adding fields, check their status indicators: + * Green check circle A green check mark indicates the field exists and is enabled in the Fields table schema. + * Orange exclamation point An orange exclamation icon indicates the field does not exist or is disabled in the schema. + * You will have the option to automatically add or enable the field. + * If a field is sent but not present or enabled in the schema, it is ignored and marked as **Dropped**. ### Centralized AWS CloudTrail log collection @@ -162,8 +170,7 @@ Applied at: Ingest Time Scope (Specific Data): _sourceCategory= ``` - -**Parse Expression** +#### Parse Expression Enter a parse expression to create an “account” field that maps to the alias you set for each sub account. For example, if you used the `“dev”` alias for an AWS account with ID `"528560886094"` and the `“prod”` alias for an AWS account with ID `"567680881046"`, your parse expression would look like: @@ -176,17 +183,17 @@ Enter a parse expression to create an “account” field that maps to the alias | fields account ``` - ## Installing the AWS EC2 app Now that you have set up collection for AWS EC2 metrics install the Sumo Logic app to use the pre-configured searches and dashboards that provide visibility into your environment for real-time analysis of overall usage. - import AppInstall from '../../reuse/apps/app-install-v2.md'; -As part of the app installation process, the following fields will be created by default: +As part of the app installation process, the following **content** will be created by default along with dashboards and monitor template: + +#### Fields - `account` Name/alias to the AWS account. - `accountid` AWS account ID. @@ -194,7 +201,7 @@ As part of the app installation process, the following fields will be created by - `namespace` Namespace for EC2 CW Metrics Service. - `instanceid` EC2 Instance Id. -### Field Extraction Rule(s) +#### Field Extraction Rule(s) The FER **AwsObservabilityEC2CloudTrailLogsFER** to extract fields `region`, `namespace`, `accountid`, and `instanceid` will be created as a part of app installation. diff --git a/docs/integrations/amazon-aws/ec2-host-metrics.md b/docs/integrations/amazon-aws/ec2-host-metrics.md index 40da95a812..e968293d88 100644 --- a/docs/integrations/amazon-aws/ec2-host-metrics.md +++ b/docs/integrations/amazon-aws/ec2-host-metrics.md @@ -13,17 +13,10 @@ Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity i The Sumo Logic App for Host Metrics (EC2) allows you to collect your EC2 instance metrics and display them using predefined dashboards. The App provides dashboards to display analysis of EC2 instance metrics for CPU, memory, disk, network, and TCP. Also, it provides detailed insights into all CloudTrail audit events associated with EC2 instances and specifically helps identify changes, errors, and user activities. +## Log and metric types -## Metrics Types - -Host metrics are gathered by the open-source [SIGAR library](https://github.com/hyperic/sigar). The metrics that are collected are described in [Host Metrics for Installed Collectors](/docs/send-data/installed-collectors/sources/host-metrics-source#collected-metrics). - -* [CPU Metrics](/docs/integrations/hosts-operating-systems/host-metrics#cpu-metrics) -* [Memory Metrics](/docs/integrations/hosts-operating-systems/host-metrics#memory-metrics) -* [TCP Metrics](/docs/integrations/hosts-operating-systems/host-metrics#tcp-metrics) -* [Networking Metrics](/docs/integrations/hosts-operating-systems/host-metrics#networking-metrics) -* [Disk Metrics](/docs/integrations/hosts-operating-systems/host-metrics#disk-metrics) - +The Sumo Logic app for AWS EC2 Host Metrics uses the following metrics: +* [Host Metrics](https://www.sumologic.com/help/docs/send-data/installed-collectors/sources/host-metrics-source) ### Sample queries @@ -31,20 +24,9 @@ Host metrics are gathered by the open-source [SIGAR library](https://github.com/ _sourceCategory=Labs/AWS/Host/Metrics metric=CPU_Total account=* region=* namespace=aws/ec2 instanceid=* | avg ``` +## Collecting metrics for AWS EC2 Host Metrics -## Collecting Metrics for the Host Metrics (EC2) App - -The Host Metrics (EC2) app relies upon an Installed Collector with a [Host Metrics Source](/docs/send-data/installed-collectors/sources/host-metrics-source) on each of your AWS EC2 hosts. This page describes the data sources for the Host Metrics (EC2) app and has instructions for setting up metric collection. - - -### Field in Field Schema - -1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Data Management**, and then under **Logs** select **Fields**. You can also click the **Go To...** menu at the top of the screen and select **Fields**.
[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Logs > Fields**. -1. Search for the `instanceid` field. -1. If not present, create it. Learn how to create and manage fields [here](/docs/manage/fields#manage-fields). - -Fields Schema - +The Host Metrics (EC2) app relies upon an Installed Collector with a [Host Metrics Source](/docs/send-data/installed-collectors/sources/host-metrics-source) on each of your AWS EC2 hosts. This section describes the data sources for the Host Metrics (EC2) app and has instructions for setting up metric collection. ### Configure Host Metrics sources @@ -59,7 +41,7 @@ Perform these steps for each EC2 host: * Add a field named **account**, and set it to your AWS account alias. * Add a field named **namespace** and set it to **aws/ec2**. -Configure metadata +Configure metadata 3. Set the **Scan Interval** (the frequency at which the Source is scanned) to 1 minute. @@ -67,6 +49,8 @@ A default Scan Interval of 1 minute is recommended. You can set it to a higher o You can also build your EC2 AMI machine image with these fields and settings. For instructions, see [this blog](https://www.sumologic.com/blog/packer-and-sumo-logic). Here’s a sample sources.json file that you can include in your AMI. +
+Click to expand ```json { @@ -110,12 +94,21 @@ You can also build your EC2 AMI machine image with these fields and settings. Fo } } ``` +
- -### AWS Metadata +#### AWS metadata Collectors running on AWS EC2 instances can optionally collect AWS Metadata such as EC2 tags to make it easier to search for Host Metrics. Only one AWS Metadata Source for Metrics is required to collect EC2 tags from multiple hosts. For more information, see [AWS Metadata Source for Metrics](/docs/send-data/hosted-collectors/amazon-aws/aws-metadata-tag-source). +#### Metrics types + +Host metrics are gathered by the open-source [SIGAR library](https://github.com/hyperic/sigar). The metrics that are collected are described in [Host Metrics for Installed Collectors](/docs/send-data/installed-collectors/sources/host-metrics-source#collected-metrics). + +* [CPU Metrics](/docs/integrations/hosts-operating-systems/host-metrics#cpu-metrics) +* [Memory Metrics](/docs/integrations/hosts-operating-systems/host-metrics#memory-metrics) +* [TCP Metrics](/docs/integrations/hosts-operating-systems/host-metrics#tcp-metrics) +* [Networking Metrics](/docs/integrations/hosts-operating-systems/host-metrics#networking-metrics) +* [Disk Metrics](/docs/integrations/hosts-operating-systems/host-metrics#disk-metrics) ## Install the Host Metrics (EC2) App @@ -125,7 +118,13 @@ import AppInstall from '../../reuse/apps/app-install.md'; -## Viewing EC2 Host Metrics Dashboards +As part of the app installation process, the following **content** will be created by default along with dashboards and monitor template: + +#### Fields + +- `accountid` AWS account id. + +## Viewing EC2 Host Metrics dashboards ### AWS EC2 - Overview (Host OS Metrics) From a491cc42bf654ba871dd3fd3164bcec923fdc332 Mon Sep 17 00:00:00 2001 From: Sachin Magar Date: Mon, 29 Jun 2026 17:47:28 +0530 Subject: [PATCH 16/16] moved metrics section --- .../amazon-aws/ec2-host-metrics.md | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/docs/integrations/amazon-aws/ec2-host-metrics.md b/docs/integrations/amazon-aws/ec2-host-metrics.md index e968293d88..de4bd18c7d 100644 --- a/docs/integrations/amazon-aws/ec2-host-metrics.md +++ b/docs/integrations/amazon-aws/ec2-host-metrics.md @@ -16,7 +16,11 @@ The Sumo Logic App for Host Metrics (EC2) allows you to collect your EC2 instanc ## Log and metric types The Sumo Logic app for AWS EC2 Host Metrics uses the following metrics: -* [Host Metrics](https://www.sumologic.com/help/docs/send-data/installed-collectors/sources/host-metrics-source) +* [CPU Metrics](/docs/integrations/hosts-operating-systems/host-metrics#cpu-metrics) +* [Memory Metrics](/docs/integrations/hosts-operating-systems/host-metrics#memory-metrics) +* [TCP Metrics](/docs/integrations/hosts-operating-systems/host-metrics#tcp-metrics) +* [Networking Metrics](/docs/integrations/hosts-operating-systems/host-metrics#networking-metrics) +* [Disk Metrics](/docs/integrations/hosts-operating-systems/host-metrics#disk-metrics) ### Sample queries @@ -26,6 +30,8 @@ _sourceCategory=Labs/AWS/Host/Metrics metric=CPU_Total account=* region=* namesp ## Collecting metrics for AWS EC2 Host Metrics +Host metrics are gathered by the open-source [SIGAR library](https://github.com/hyperic/sigar). The metrics that are collected are described in [Host Metrics for Installed Collectors](/docs/send-data/installed-collectors/sources/host-metrics-source#collected-metrics). + The Host Metrics (EC2) app relies upon an Installed Collector with a [Host Metrics Source](/docs/send-data/installed-collectors/sources/host-metrics-source) on each of your AWS EC2 hosts. This section describes the data sources for the Host Metrics (EC2) app and has instructions for setting up metric collection. ### Configure Host Metrics sources @@ -100,16 +106,6 @@ You can also build your EC2 AMI machine image with these fields and settings. Fo Collectors running on AWS EC2 instances can optionally collect AWS Metadata such as EC2 tags to make it easier to search for Host Metrics. Only one AWS Metadata Source for Metrics is required to collect EC2 tags from multiple hosts. For more information, see [AWS Metadata Source for Metrics](/docs/send-data/hosted-collectors/amazon-aws/aws-metadata-tag-source). -#### Metrics types - -Host metrics are gathered by the open-source [SIGAR library](https://github.com/hyperic/sigar). The metrics that are collected are described in [Host Metrics for Installed Collectors](/docs/send-data/installed-collectors/sources/host-metrics-source#collected-metrics). - -* [CPU Metrics](/docs/integrations/hosts-operating-systems/host-metrics#cpu-metrics) -* [Memory Metrics](/docs/integrations/hosts-operating-systems/host-metrics#memory-metrics) -* [TCP Metrics](/docs/integrations/hosts-operating-systems/host-metrics#tcp-metrics) -* [Networking Metrics](/docs/integrations/hosts-operating-systems/host-metrics#networking-metrics) -* [Disk Metrics](/docs/integrations/hosts-operating-systems/host-metrics#disk-metrics) - ## Install the Host Metrics (EC2) App Now that you have set up the collection for Host Metrics (EC2) metrics, install the Sumo Logic App to use the pre-configured searches and dashboards that provide visibility into your environment for real-time analysis of overall usage.