From 41dec7136a7cbf9e2b6d73093eb90c735594284e Mon Sep 17 00:00:00 2001 From: Nitin Pande Date: Mon, 29 Nov 2021 18:10:59 +0530 Subject: [PATCH 01/44] Initial dev checkin for adding support for EC2 cloudtrail Logs FER and updates to ECS and Elasticache cloudtrail FERs --- .../app-modules/ec2metrics/app.tf | 26 +++++++- .../app-modules/ecs/app.tf | 1 + .../app-modules/elasticache/app.tf | 1 + .../ec2metrics/ec2_metrics_app.template.yaml | 61 +++++++++++++++++++ .../apps/ecs/ecs_app.template.yaml | 1 + .../elasticache/elasticache_app.template.yaml | 1 + ...mologic_observability.master.template.yaml | 2 + 7 files changed, 92 insertions(+), 1 deletion(-) diff --git a/aws-observability-terraform/app-modules/ec2metrics/app.tf b/aws-observability-terraform/app-modules/ec2metrics/app.tf index cb75cba8..f4137f4a 100644 --- a/aws-observability-terraform/app-modules/ec2metrics/app.tf +++ b/aws-observability-terraform/app-modules/ec2metrics/app.tf @@ -16,7 +16,31 @@ module "ec2metrics_module" { # } # } - # ********************** No FERs for EC2 Metrics ********************** # + # ********************** FERs (for EC2 CloudTrail Logs) ********************** # + managed_field_extraction_rules = { + "CloudTrailFieldExtractionRule" = { + name = "AwsObservabilityEC2CloudTrailLogsFER" + scope = "account=* eventname eventsource \"ec2.amazonaws.com\"" + parse_expression = <.*?)\"" nodrop + | parse regex field=req_instancesSet_items "\"instanceId\":\s*\"(?.*?)\"" nodrop + | json field=responseElements "instancesSet.items" as res_responseElements_items nodrop + | parse regex field=res_responseElements_items "\"instanceType\":\s*\"(?.*?)\"" nodrop + | parse regex field=res_responseElements_items "\"instanceId\":\s*\"(?.*?)\"" nodrop + | if (!isBlank(req_instanceid_1), req_instanceid_1, if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, "")))) as req_instanceid + | if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid + | if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType + | tolowercase(instanceid) as instanceid + | fields region, namespace, accountid, instanceid + EOT + enabled = true + } + } # ********************** Apps ********************** # managed_apps = { diff --git a/aws-observability-terraform/app-modules/ecs/app.tf b/aws-observability-terraform/app-modules/ecs/app.tf index 9ebe0a10..06c688fe 100644 --- a/aws-observability-terraform/app-modules/ecs/app.tf +++ b/aws-observability-terraform/app-modules/ecs/app.tf @@ -26,6 +26,7 @@ module "ecs_module" { | json field=requestParameters "cluster" as clustername nodrop | where eventSource = "ecs.amazonaws.com" | "aws/ecs" as namespace + | tolowercase(clustername) as clustername | fields region, namespace, clustername, accountid EOT enabled = true diff --git a/aws-observability-terraform/app-modules/elasticache/app.tf b/aws-observability-terraform/app-modules/elasticache/app.tf index 86fd74d0..0f6ece76 100644 --- a/aws-observability-terraform/app-modules/elasticache/app.tf +++ b/aws-observability-terraform/app-modules/elasticache/app.tf @@ -26,6 +26,7 @@ module "elasticache_module" { | where eventSource = "elasticache.amazonaws.com" | if (!isEmpty(req_cacheClusterId), req_cacheClusterId, res_cacheClusterId) as cacheclusterid | "aws/elasticache" as namespace + | tolowercase(cacheclusterid) as cacheclusterid | fields region, namespace, cacheclusterid, accountid EOT enabled = true diff --git a/aws-observability/apps/ec2metrics/ec2_metrics_app.template.yaml b/aws-observability/apps/ec2metrics/ec2_metrics_app.template.yaml index 35a94a4a..6a60ccfe 100755 --- a/aws-observability/apps/ec2metrics/ec2_metrics_app.template.yaml +++ b/aws-observability/apps/ec2metrics/ec2_metrics_app.template.yaml @@ -25,6 +25,12 @@ Metadata: - Section3bTemplatesBucketName - Section3cNestedTemplateVersion + - Label: + default: "App Details - CloudTrail Log Source Configuration" + Parameters: + - Section4aCloudTrailLogsSourceName + - Section4bCloudTrailSourceUpdated + ParameterLabels: Section1aSumoDeployment: default: "Sumo Logic Deployment Name" @@ -44,6 +50,11 @@ Metadata: default: "Nested Templates Bucket Name" Section3cNestedTemplateVersion: default: "Nested Templates Version" + + Section4aCloudTrailLogsSourceName: + default: "Sumo Logic CloudTrail Logs Source Name" + Section4bCloudTrailSourceUpdated: + default: "Existing Source Updated" Parameters: Section1aSumoDeployment: @@ -92,9 +103,26 @@ Parameters: Description: "Provide the version for the nested templates. Default is the latest version." AllowedPattern: ".+" + Section4aCloudTrailLogsSourceName: + Type: String + Description: Change the CloudTrail Source name to be created else default name will be used. + Default: "" + Section4bCloudTrailSourceUpdated: + Type: String + Description: "Yes - If fields are added to the existing source. + No - If a new source was created." + Default: 'No' + AllowedValues: + - 'Yes' + - 'No' + Conditions: install_app: !Equals [!Ref Section2aInstallApp, 'Yes'] + create_fer: !Not [!Equals [!Ref Section4aCloudTrailLogsSourceName, '']] + + source_updated: !Equals [!Ref Section4bCloudTrailSourceUpdated, 'Yes'] + Resources: sumoApp: @@ -112,6 +140,39 @@ Resources: SumoDeployment: !Ref Section1aSumoDeployment AppJsonS3Url: !Sub "https://${Section3bTemplatesBucketName}.s3.amazonaws.com/aws-observability-versions/${Section3cNestedTemplateVersion}/appjson/EC2-Metrics-App.json" + FieldExtractionRule: + Type: Custom::SumoLogicFieldExtractionRule + Condition: create_fer + DependsOn: AddInstanceIdField + Properties: + ServiceToken: !Ref Section3aParentStackLambdaARN + RemoveOnDeleteStack: false + FieldExtractionRuleName: "AwsObservabilityEC2CloudTrailLogsFER" + FieldExtractionRuleScope: !Join + - "" + - - "(_source=" + - !If [source_updated, !Sub "\"${Section4aCloudTrailLogsSourceName}\"", !Ref Section4aCloudTrailLogsSourceName] + - " (\"ec2.amazonaws.com\"))" + FieldExtractionRuleParseExpression: '| json "eventSource", "awsRegion", "requestParameters", "responseElements", "recipientAccountId" as eventSource, region, requestParameters, responseElements, accountid nodrop + | where eventSource = "ec2.amazonaws.com" + | "aws/ec2" as namespace + | json field=requestParameters "instanceType", "instancesSet", "instanceId", "DescribeInstanceCreditSpecificationsRequest.InstanceId.content" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop + | json field=req_instancesSet "item", "items" as req_instancesSet_item, req_instancesSet_items nodrop + | parse regex field=req_instancesSet_item "\"instanceId\":\s*\"(?.*?)\"" nodrop + | parse regex field=req_instancesSet_items "\"instanceId\":\s*\"(?.*?)\"" nodrop + | json field=responseElements "instancesSet.items" as res_responseElements_items nodrop + | parse regex field=res_responseElements_items "\"instanceType\":\s*\"(?.*?)\"" nodrop + | parse regex field=res_responseElements_items "\"instanceId\":\s*\"(?.*?)\"" nodrop + | if (!isBlank(req_instanceid_1), req_instanceid_1, if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, "")))) as req_instanceid + | if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid + | if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType + | tolowercase(instanceid) as instanceid + | fields region, namespace, accountid, instanceid' + FieldExtractionRuleParseEnabled: true + SumoAccessID: !Ref Section1bSumoAccessID + SumoAccessKey: !Ref Section1cSumoAccessKey + SumoDeployment: !Ref Section1aSumoDeployment + sumoOverview: Type: Custom::App Condition: install_app diff --git a/aws-observability/apps/ecs/ecs_app.template.yaml b/aws-observability/apps/ecs/ecs_app.template.yaml index ca310205..fb0dbca8 100755 --- a/aws-observability/apps/ecs/ecs_app.template.yaml +++ b/aws-observability/apps/ecs/ecs_app.template.yaml @@ -167,6 +167,7 @@ Resources: | json field=requestParameters "cluster" as clustername nodrop | where eventSource = "ecs.amazonaws.com" | "aws/ecs" as namespace + | tolowercase(clustername) as clustername | fields region, namespace, clustername, accountid' FieldExtractionRuleParseEnabled: true SumoAccessID: !Ref Section1bSumoAccessID diff --git a/aws-observability/apps/elasticache/elasticache_app.template.yaml b/aws-observability/apps/elasticache/elasticache_app.template.yaml index fd607d1c..ecb02369 100755 --- a/aws-observability/apps/elasticache/elasticache_app.template.yaml +++ b/aws-observability/apps/elasticache/elasticache_app.template.yaml @@ -157,6 +157,7 @@ Resources: | where eventSource = "elasticache.amazonaws.com" | if (!isEmpty(req_cacheClusterId), req_cacheClusterId, res_cacheClusterId) as cacheclusterid | "aws/elasticache" as namespace + | tolowercase(cacheclusterid) as cacheclusterid | fields region, namespace, cacheclusterid, accountid' FieldExtractionRuleParseEnabled: true SumoAccessID: !Ref Section1bSumoAccessID diff --git a/aws-observability/templates/sumologic_observability.master.template.yaml b/aws-observability/templates/sumologic_observability.master.template.yaml index e72578ef..1d0044d6 100755 --- a/aws-observability/templates/sumologic_observability.master.template.yaml +++ b/aws-observability/templates/sumologic_observability.master.template.yaml @@ -458,6 +458,8 @@ Resources: Section3aParentStackLambdaARN: !GetAtt CreateCommonResources.Outputs.LambdaHelperARN Section3bTemplatesBucketName: !FindInMap [CommonData, NestedTemplate, BucketName] Section3cNestedTemplateVersion: !FindInMap [CommonData, NestedTemplate, Version] + Section4aCloudTrailLogsSourceName: !If [create_cloudtrail_source, "*cloudtrail-logs*", !If [update_cloudtrail_logs_source, !GetAtt sumoLambdaMetricsAppStack.Outputs.ExistingCloudTrailLogSourceName, "" ] ] + Section4bCloudTrailSourceUpdated: !If [update_cloudtrail_logs_source, "Yes", "No"] sumoAlbMetricsAppStack: Type: AWS::CloudFormation::Stack From 86ce92521e3c892180537723d5c6241605dc6ddc Mon Sep 17 00:00:00 2001 From: Himanshu Sharma Date: Thu, 9 Dec 2021 15:01:47 +0530 Subject: [PATCH 02/44] Adding ELB app to AWSO --- aws-observability-terraform/app-modules/main.tf | 17 +++++++++++++++++ .../app-modules/variables.tf | 6 ++++++ 2 files changed, 23 insertions(+) diff --git a/aws-observability-terraform/app-modules/main.tf b/aws-observability-terraform/app-modules/main.tf index a2d25482..cfa3ebb6 100644 --- a/aws-observability-terraform/app-modules/main.tf +++ b/aws-observability-terraform/app-modules/main.tf @@ -143,6 +143,23 @@ module "alb_app" { group_notifications = var.group_notifications } +# Install the classic lb app and resources. +module "elb_app" { + depends_on = [module.lambda_app] + source = "./elb" + + access_id = var.access_id + access_key = var.access_key + environment = var.environment + json_file_directory_path = var.json_file_directory_path + app_folder_id = sumologic_folder.apps_folder.id + monitor_folder_id = sumologic_monitor_folder.monitor_folder.id + monitors_disabled = var.elb_monitors_disabled + connection_notifications = var.connection_notifications + email_notifications = var.email_notifications + group_notifications = var.group_notifications +} + # Install the dynamodb app and resources. module "dynamodb_app" { depends_on = [module.rce_app] diff --git a/aws-observability-terraform/app-modules/variables.tf b/aws-observability-terraform/app-modules/variables.tf index c197aa33..aa624041 100644 --- a/aws-observability-terraform/app-modules/variables.tf +++ b/aws-observability-terraform/app-modules/variables.tf @@ -107,6 +107,12 @@ variable "alb_monitors_disabled" { default = true } +variable "elb_monitors_disabled" { + type = bool + description = "Indicates if the ALB Apps monitors should be enabled. true to disable; false to enable." + default = true +} + variable "apigateway_monitors_disabled" { type = bool description = "Indicates if the API Gateway Apps monitors should be enabled. true to disable; false to enable." From 2caf06e6b89d10b7e511c5cdd380803db7aa098a Mon Sep 17 00:00:00 2001 From: Himanshu Sharma Date: Thu, 9 Dec 2021 15:03:23 +0530 Subject: [PATCH 03/44] Adding Classic ELB source to AWSO --- .../source-module/local.tf | 16 ++++-- .../source-module/main.tf | 43 ++++++++++++++ .../source-module/main_iam_role.tf | 6 +- .../source-module/outputs.tf | 20 +++++++ .../source-module/update_sources.tf | 24 +++++++- .../source-module/variables.tf | 56 +++++++++++++++++++ 6 files changed, 157 insertions(+), 8 deletions(-) diff --git a/aws-observability-terraform/source-module/local.tf b/aws-observability-terraform/source-module/local.tf index 898bbac5..bc8d1791 100644 --- a/aws-observability-terraform/source-module/local.tf +++ b/aws-observability-terraform/source-module/local.tf @@ -19,6 +19,13 @@ locals { elb_path_exp = var.elb_source_details.bucket_details.create_bucket ? "*AWSLogs/${local.aws_account_id}/elasticloadbalancing/${local.aws_region}/*" : var.elb_source_details.bucket_details.path_expression elb_fields = merge(var.elb_source_details.fields, { account = var.aws_account_alias, region = local.aws_region, namespace = "aws/applicationelb", accountid = local.aws_account_id }) + # Classic ELB Source updated Details + create_classic_lb_source = var.collect_classic_lb_logs && var.classic_lb_log_source_url == "" + update_classic_lb_source = var.collect_classic_lb_logs ? (var.classic_lb_log_source_url == "" ? false : true) : false + classic_lb_source_name = var.classic_lb_source_details.source_name == "Classic lb Logs (Region)" ? "Classic lb Logs ${local.aws_region}" : var.classic_lb_source_details.source_name + classic_lb_path_exp = var.classic_lb_source_details.bucket_details.create_bucket ? "*AWSLogs/${local.aws_account_id}/classicloadbalancing/${local.aws_region}/*" : var.classic_lb_source_details.bucket_details.path_expression + classic_lb_fields = merge(var.classic_lb_source_details.fields, { account = var.aws_account_alias, region = local.aws_region, namespace = "aws/elb", accountid = local.aws_account_id }) + # CloudWatch metrics source updated details create_cw_metrics_source = var.collect_cloudwatch_metrics == "CloudWatch Metrics Source" && var.cloudwatch_metrics_source_url == "" create_kf_metrics_source = var.collect_cloudwatch_metrics == "Kinesis Firehose Metrics Source" && var.cloudwatch_metrics_source_url == "" @@ -47,19 +54,20 @@ locals { # Common Bucket details create_cloudtrail_bucket = local.create_cloudtrail_source && var.cloudtrail_source_details.bucket_details.create_bucket create_elb_bucket = local.create_elb_source && var.elb_source_details.bucket_details.create_bucket + create_classic_lb_bucket = local.create_classic_lb_source && var.classic_lb_source_details.bucket_details.create_bucket create_kf_metrics_fail_bucket = local.create_kf_metrics_source && var.cloudwatch_metrics_source_details.bucket_details.create_bucket create_kf_logs_fail_bucket = local.create_kf_logs_source && var.cloudwatch_logs_source_details.bucket_details.create_bucket - create_common_bucket = local.create_cloudtrail_bucket || local.create_elb_bucket || local.create_kf_metrics_fail_bucket || local.create_kf_logs_fail_bucket + create_common_bucket = local.create_cloudtrail_bucket || local.create_elb_bucket || local.create_classic_lb_source || local.create_kf_metrics_fail_bucket || local.create_kf_logs_fail_bucket common_bucket_name = local.create_common_bucket ? "aws-observability-${random_string.aws_random.id}" : "" common_force_destroy = local.create_common_bucket && (var.cloudtrail_source_details.bucket_details.force_destroy_bucket || var.elb_source_details.bucket_details.force_destroy_bucket || var.cloudwatch_metrics_source_details.bucket_details.force_destroy_bucket || var.cloudwatch_logs_source_details.bucket_details.force_destroy_bucket) - create_common_sns_topic = local.create_common_bucket && (local.create_elb_source || local.create_cloudtrail_source) + create_common_sns_topic = local.create_common_bucket && (local.create_elb_source || local.create_classic_lb_source || local.create_cloudtrail_source) # Create an IAM role that provides trust relationship with AWS account - create_iam_role = var.existing_iam_details.create_iam_role && (local.create_elb_source || local.create_cloudtrail_source || local.create_kf_metrics_source || local.create_cw_metrics_source || local.create_root_cause_source) + create_iam_role = var.existing_iam_details.create_iam_role && (local.create_elb_source || local.create_classic_lb_source ||local.create_cloudtrail_source || local.create_kf_metrics_source || local.create_cw_metrics_source || local.create_root_cause_source) # Create any Sumo Logic source. Keep on adding to this if any new source is added. - create_any_source = local.create_cloudtrail_source || local.create_elb_source || local.create_metric_source || local.create_cw_logs_source || local.create_root_cause_source + create_any_source = local.create_cloudtrail_source || local.create_elb_source || local.create_metric_source || local.create_cw_logs_source || local.create_root_cause_source || local.create_classic_lb_source # Create a new Sumo Logic hosted collector diff --git a/aws-observability-terraform/source-module/main.tf b/aws-observability-terraform/source-module/main.tf index 27ecf032..58481ea5 100644 --- a/aws-observability-terraform/source-module/main.tf +++ b/aws-observability-terraform/source-module/main.tf @@ -103,6 +103,49 @@ module "elb_module" { } } +module "classic_lb_module" { + depends_on = [time_sleep.wait_for_minutes] + for_each = toset(local.create_classic_lb_source ? ["classic_lb_module"] : []) + + source = "SumoLogic/sumo-logic-integrations/sumologic//aws/elb" + + create_collector = false + sumologic_organization_id = var.sumologic_organization_id + wait_for_seconds = 1 + + source_details = { + source_name = local.classic_lb_source_name + source_category = var.classic_lb_source_details.source_category + description = var.classic_lb_source_details.description + collector_id = local.create_collector ? sumologic_collector.collector["collector"].id : var.sumologic_existing_collector_details.collector_id + bucket_details = { + create_bucket = false + bucket_name = var.classic_lb_source_details.bucket_details.create_bucket ? aws_s3_bucket.s3_bucket["s3_bucket"].bucket : var.classic_lb_source_details.bucket_details.bucket_name + path_expression = local.classic_lb_path_exp + force_destroy_bucket = false + } + paused = false + scan_interval = 60000 + sumo_account_id = local.sumo_account_id + cutoff_relative_time = "-1d" + fields = local.classic_lb_fields + iam_details = { + create_iam_role = false + iam_role_arn = local.create_iam_role ? aws_iam_role.sumologic_iam_role["sumologic_iam_role"].arn : var.existing_iam_details.iam_role_arn + } + sns_topic_details = { + create_sns_topic = var.classic_lb_source_details.bucket_details.create_bucket ? false : true + sns_topic_arn = var.classic_lb_source_details.bucket_details.create_bucket ? aws_sns_topic.sns_topic["sns_topic"].arn : "" + } + } + #check with nitin to intro new var or not, I think no need + auto_enable_access_logs = var.auto_enable_access_logs + auto_enable_access_logs_options = { + filter = "'Type': 'application'|'type': 'application'" + remove_on_delete_stack = true + } +} + module "cloudwatch_metrics_source_module" { depends_on = [time_sleep.wait_for_minutes] for_each = local.create_cw_metrics_source ? toset(var.cloudwatch_metrics_source_details.limit_to_namespaces) : [] diff --git a/aws-observability-terraform/source-module/main_iam_role.tf b/aws-observability-terraform/source-module/main_iam_role.tf index a8a6402d..482c741c 100644 --- a/aws-observability-terraform/source-module/main_iam_role.tf +++ b/aws-observability-terraform/source-module/main_iam_role.tf @@ -38,16 +38,16 @@ resource "aws_iam_role_policy_attachment" "cloudtrail_policy_attach" { # Sumo Logic ELB Source Policy Attachment resource "aws_iam_policy" "elb_policy" { - for_each = toset(local.create_elb_source && local.create_iam_role ? ["elb_policy"] : []) + for_each = toset((local.create_elb_source || local.create_classic_lb_source) && local.create_iam_role ? ["elb_policy"] : []) #for_each = toset(var.collect_elb_logs && local.create_iam_role ? ["elb_policy"] : []) policy = templatefile("${path.module}/templates/iam_s3_source_policy.tmpl", { - BUCKET_NAME = local.create_elb_bucket ? local.common_bucket_name : var.elb_source_details.bucket_details.bucket_name + BUCKET_NAME = (local.create_elb_bucket || local.create_classic_lb_source) ? local.common_bucket_name : var.elb_source_details.bucket_details.bucket_name }) } resource "aws_iam_role_policy_attachment" "elb_policy_attach" { - for_each = toset(local.create_elb_source && local.create_iam_role ? ["elb_policy_attach"] : []) + for_each = toset((local.create_elb_source || local.create_classic_lb_source) && local.create_iam_role ? ["elb_policy_attach"] : []) #for_each = toset(var.collect_elb_logs && local.create_iam_role ? ["elb_policy_attach"] : []) policy_arn = aws_iam_policy.elb_policy["elb_policy"].arn diff --git a/aws-observability-terraform/source-module/outputs.tf b/aws-observability-terraform/source-module/outputs.tf index 6ae6b644..ecbf6ec1 100644 --- a/aws-observability-terraform/source-module/outputs.tf +++ b/aws-observability-terraform/source-module/outputs.tf @@ -58,6 +58,26 @@ output "elb_auto_enable_stack" { description = "AWS CloudFormation stack for ALB Auto Enable access logs." } +output "clasic_lb_sns_topic" { + value = local.create_classic_lb_source && !var.classic_lb_source_details.bucket_details.create_bucket ? module.classic_lb_module["classic_lb_module"].aws_sns_topic : {} + description = "SNS topic created to be attached to an existing elb logs bucket." +} + +output "clasic_lb_source" { + value = local.create_classic_lb_source ? module.classic_lb_module["classic_lb_module"].sumologic_source : null + description = "Sumo Logic AWS ELB source." +} + +output "clasic_lb_sns_subscription" { + value = local.create_classic_lb_source ? module.classic_lb_module["classic_lb_module"].aws_sns_subscription : {} + description = "AWS SNS subscription to Sumo Logic AWS ELB source." +} + +output "clasic_lb_auto_enable_stack" { + value = local.create_classic_lb_source && var.auto_enable_access_logs != "None" ? module.classic_lb_module["classic_lb_module"].aws_serverlessapplicationrepository_cloudformation_stack : {} + description = "AWS CloudFormation stack for ALB Auto Enable access logs." +} + output "cloudwatch_metrics_source" { value = local.create_cw_metrics_source ? toset([ for namespace in var.cloudwatch_metrics_source_details.limit_to_namespaces : module.cloudwatch_metrics_source_module[namespace].sumologic_source diff --git a/aws-observability-terraform/source-module/update_sources.tf b/aws-observability-terraform/source-module/update_sources.tf index 10e94f44..eda93c4a 100644 --- a/aws-observability-terraform/source-module/update_sources.tf +++ b/aws-observability-terraform/source-module/update_sources.tf @@ -42,7 +42,7 @@ resource "null_resource" "AddFieldsToCloudTrailSource" { } } -# Add fields to source if LoadBalancer source already exists +# Add fields to source if Application LoadBalancer source already exists resource "null_resource" "AddFieldsToELBSource" { for_each = toset(local.update_elb_source ? ["add_fields_to_source"] : []) triggers = { @@ -64,6 +64,28 @@ resource "null_resource" "AddFieldsToELBSource" { } } +# Add fields to source if Classic LoadBalancer source already exists +resource "null_resource" "AddFieldsToCLBSource" { + for_each = toset(local.update_classic_lb_source ? ["add_fields_to_source"] : []) + triggers = { + access_id = var.access_id + access_key = var.access_key + env = var.environment + source_url = var.elb_log_source_url + } + provisioner "local-exec" { + when = create + command = "python ${path.module}/attach_fields_to_source.py" + environment = { + SumoAccessID = self.triggers.access_id + SumoAccessKey = self.triggers.access_key + SumoDeployment = self.triggers.env + SourceApiUrl = self.triggers.source_url + Fields = jsonencode(local.classic_lb_fields) + } + } +} + # Add fields to source if CloudWatch Logs source already exists resource "null_resource" "AddFieldsToLogSource" { for_each = toset(local.update_logs_source ? ["add_fields_to_source"] : []) diff --git a/aws-observability-terraform/source-module/variables.tf b/aws-observability-terraform/source-module/variables.tf index 9e555c28..3b21ba90 100644 --- a/aws-observability-terraform/source-module/variables.tf +++ b/aws-observability-terraform/source-module/variables.tf @@ -55,6 +55,12 @@ variable "elb_log_source_url" { default = "" } +variable "classic_lb_log_source_url" { + type = string + description = "Required if you are already collecting Classic LB logs. Provide the existing Sumo Logic Classic LB Source API URL. The account, accountid, region and namespace fields will be added to the Source. For information on how to determine the URL, see [View or Download Source JSON Configuration](https://help.sumologic.com/03Send-Data/Sources/03Use-JSON-to-Configure-Sources/Local-Configuration-File-Management/View-or-Download-Source-JSON-Configuration)." + default = "" +} + variable "cloudwatch_logs_source_url" { type = string description = "Required if you are already collecting AWS Lambda CloudWatch logs. Provide the existing Sumo Logic AWS Lambda CloudWatch Source API URL. The account, accountid, region and namespace fields will be added to the Source. For information on how to determine the URL, see [View or Download Source JSON Configuration](https://help.sumologic.com/03Send-Data/Sources/03Use-JSON-to-Configure-Sources/Local-Configuration-File-Management/View-or-Download-Source-JSON-Configuration)." @@ -207,6 +213,18 @@ variable "collect_elb_logs" { default = true } +variable "collect_classic_lb_logs" { + type = bool + description = < Date: Thu, 9 Dec 2021 15:04:22 +0530 Subject: [PATCH 04/44] Handling new fields --- aws-observability-terraform/field.tf | 7 +++++++ aws-observability-terraform/fields.sh | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/aws-observability-terraform/field.tf b/aws-observability-terraform/field.tf index 9f5add9f..1b7dc985 100644 --- a/aws-observability-terraform/field.tf +++ b/aws-observability-terraform/field.tf @@ -33,6 +33,13 @@ resource "sumologic_field" "loadbalancer" { state = "Enabled" } +# Used in Classic LB +resource "sumologic_field" "loadbalancername" { + data_type = "String" + field_name = "loadbalancername" + state = "Enabled" +} + # Used in API gateway resource "sumologic_field" "apiname" { data_type = "String" diff --git a/aws-observability-terraform/fields.sh b/aws-observability-terraform/fields.sh index d49d14c8..5d4d83eb 100644 --- a/aws-observability-terraform/fields.sh +++ b/aws-observability-terraform/fields.sh @@ -23,7 +23,7 @@ else fi # awso_list contains fields required for AWS Obervablity Solution. Update the list if new field is added to the solution. -declare -ra awso_list=(loadbalancer apiname tablename instanceid clustername cacheclusterid functionname networkloadbalancer account region namespace accountid dbidentifier) +declare -ra awso_list=(loadbalancer apiname tablename instanceid clustername cacheclusterid functionname networkloadbalancer account region namespace accountid dbidentifier loadbalancername) function get_remaining_fields() { local RESPONSE From a8049e4e909dc2df3c426a19bbb836f9c2891abe Mon Sep 17 00:00:00 2001 From: Himanshu Sharma Date: Thu, 9 Dec 2021 15:06:31 +0530 Subject: [PATCH 05/44] Adding Classic App Json --- .../app-modules/elb/README.md | 39 + .../app-modules/elb/elb.tf | 29 + .../app-modules/elb/outputs.tf | 14 + .../app-modules/elb/variables.tf | 93 + aws-observability/json/Classic-lb-App.json | 3019 +++++++++++++++++ 5 files changed, 3194 insertions(+) create mode 100644 aws-observability-terraform/app-modules/elb/README.md create mode 100644 aws-observability-terraform/app-modules/elb/elb.tf create mode 100644 aws-observability-terraform/app-modules/elb/outputs.tf create mode 100644 aws-observability-terraform/app-modules/elb/variables.tf create mode 100644 aws-observability/json/Classic-lb-App.json diff --git a/aws-observability-terraform/app-modules/elb/README.md b/aws-observability-terraform/app-modules/elb/README.md new file mode 100644 index 00000000..c41b6240 --- /dev/null +++ b/aws-observability-terraform/app-modules/elb/README.md @@ -0,0 +1,39 @@ +## Requirements + +No requirements. + +## Providers + +No providers. + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [alb\_module](#module\_alb\_module) | SumoLogic/sumo-logic-integrations/sumologic//sumologic | n/a | + +## Resources + +No resources. + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [access\_id](#input\_access\_id) | Sumo Logic Access ID. Visit https://help.sumologic.com/Manage/Security/Access-Keys#Create_an_access_key | `string` | n/a | yes | +| [access\_key](#input\_access\_key) | Sumo Logic Access Key. | `string` | n/a | yes | +| [app\_folder\_id](#input\_app\_folder\_id) | Please provide a folder ID where you would like the app to be installed. | `string` | `""` | no | +| [connection\_notifications](#input\_connection\_notifications) | Connection Notifications to be sent by the alert. | 
list(object(
    {
      connection_type       = string,
      connection_id         = string,
      payload_override      = string,
      run_for_trigger_types = list(string)
    }
  ))
| n/a | yes | +| [email\_notifications](#input\_email\_notifications) | Email Notifications to be sent by the alert. | 
list(object(
    {
      connection_type       = string,
      recipients            = list(string),
      subject               = string,
      time_zone             = string,
      message_body          = string,
      run_for_trigger_types = list(string)
    }
  ))
| n/a | yes | +| [environment](#input\_environment) | Enter au, ca, de, eu, jp, us2, in, fed or us1. Visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security | `string` | n/a | yes | +| [group\_notifications](#input\_group\_notifications) | Whether or not to group notifications for individual items that meet the trigger condition. Defaults to true. | `bool` | `true` | no | +| [monitor\_folder\_id](#input\_monitor\_folder\_id) | Please provide a folder ID where you would like the monitors to be installed. | `string` | `""` | no | +| [monitors\_disabled](#input\_monitors\_disabled) | Whether the monitors are enabled or not? | `bool` | `true` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [sumologic\_content](#output\_sumologic\_content) | This output contains alb App. | +| [sumologic\_field](#output\_sumologic\_field) | This output contains fields required for alb app. | +| [sumologic\_field\_extraction\_rule](#output\_sumologic\_field\_extraction\_rule) | This output contains Field Extraction rules required for alb app. | diff --git a/aws-observability-terraform/app-modules/elb/elb.tf b/aws-observability-terraform/app-modules/elb/elb.tf new file mode 100644 index 00000000..61a96c59 --- /dev/null +++ b/aws-observability-terraform/app-modules/elb/elb.tf @@ -0,0 +1,29 @@ +module "classic_elb_module" { + source = "SumoLogic/sumo-logic-integrations/sumologic//sumologic" + + access_id = var.access_id + access_key = var.access_key + environment = var.environment + + # ********************** FERs ********************** # + # managed_field_extraction_rules = { + # "AlbAccessLogsFieldExtractionRule" = { + # name = "AwsObservabilityAlbAccessLogsFER" + # scope = "account=* region=* namespace=aws/alb" + # parse_expression = <\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| timeslice 5m\n| count as ip_count by ClientIp, Classicloadbalancer\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by Classicloadbalancer\n| sort by ThreatCount", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + } + ], + "variables": [ + { + "id": null, + "name": "account", + "displayName": null, + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "", + "key": "account" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "region", + "displayName": null, + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}}", + "key": "region" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "namespace", + "displayName": "namespace", + "defaultValue": "aws/elb", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}}", + "key": "namespace" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "loadbalancername", + "displayName": "loadbalancername", + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}} namespace={{namespace}}", + "key": "loadbalancername" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + } + ], + "coloringRules": [] + }, + { + "type": "DashboardV2SyncDefinition", + "name": "1. AWS Classic Load Balancer - Response Analysis (DONE)", + "description": "See the details of the Load Balancer HTTP codes 3XX, 4XX, and 5XX by availability zone, and load balancer.", + "title": "1. AWS Classic Load Balancer - Response Analysis (DONE)", + "rootPanel": null, + "theme": "Light", + "topologyLabelMap": { + "data": { + "loadbalancername": [ + "*" + ], + "namespace": [ + "aws/elb" + ], + "region": [ + "*" + ], + "account": [ + "*" + ] + } + }, + "refreshInterval": 0, + "timeRange": { + "type": "BeginBoundedTimeRange", + "from": { + "type": "RelativeTimeRangeBoundary", + "relativeTime": "-1d" + }, + "to": null + }, + "layout": { + "layoutType": "Grid", + "layoutStructures": [ + { + "key": "panelPANE-6431EF94BE865945", + "structure": "{\"height\":1,\"width\":8,\"x\":0,\"y\":6}" + }, + { + "key": "panelPANE-9488B966ABC1E940", + "structure": "{\"height\":1,\"width\":8,\"x\":8,\"y\":6}" + }, + { + "key": "panel80A18A0EB225FB4B", + "structure": "{\"height\":1,\"width\":8,\"x\":16,\"y\":6}" + }, + { + "key": "panel373343E8B68AA846", + "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":14}" + }, + { + "key": "panelPANE-351E28339D1FDB40", + "structure": "{\"height\":7,\"width\":8,\"x\":8,\"y\":7}" + }, + { + "key": "panelAA81D9348A212B4B", + "structure": "{\"height\":7,\"width\":8,\"x\":0,\"y\":7}" + }, + { + "key": "panelFAD82336AEDD0B49", + "structure": "{\"height\":7,\"width\":8,\"x\":16,\"y\":7}" + }, + { + "key": "panelPANE-CCFCC1BB99CA3843", + "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":20}" + }, + { + "key": "panelE7BD64DF89B9B94E", + "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":14}" + }, + { + "key": "panel849F83B5B73CC844", + "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":14}" + }, + { + "key": "panel848E183B8031884D", + "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":20}" + }, + { + "key": "panel114E4560B4917A43", + "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":20}" + }, + { + "key": "panelPANE-4E589BF4AEA7D84B", + "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":0}" + } + ] + }, + "panels": [ + { + "id": null, + "key": "panelPANE-6431EF94BE865945", + "title": "Untitled", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"showTitle\":false,\"backgroundColor\":\"#f36644\",\"textColor\":\"#222d3b\"}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "Load Balancer 5XX Response Codes" + }, + { + "id": null, + "key": "panelPANE-9488B966ABC1E940", + "title": "Untitled", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"textColor\":\"#222d3b\",\"backgroundColor\":\"#f4a866\",\"showTitle\":false}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "Load Balancer 4XX Response Codes" + }, + { + "id": null, + "key": "panel80A18A0EB225FB4B", + "title": "Untitled", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"textColor\":\"#222d3b\",\"backgroundColor\":\"#f6c851\",\"showTitle\":false}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "Load Balancer 3XX Response Codes" + }, + { + "id": null, + "key": "panel373343E8B68AA846", + "title": "5XX Response Codes", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"loadbalancer={{loadbalancer}} AvailabilityZone={{AvailabilityZone}}\"}}],\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_ELB_5XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-351E28339D1FDB40", + "title": "Client Locations", + "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| where (ElbStatusCode matches \"4*\")\n| count by ClientIP\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIP\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelAA81D9348A212B4B", + "title": "Client Locations", + "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| where (ElbStatusCode matches \"5*\")\n| count by ClientIP\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIP\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelFAD82336AEDD0B49", + "title": "Client Locations", + "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| where (ElbStatusCode matches \"3*\")\n| count by ClientIP\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIP\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-CCFCC1BB99CA3843", + "title": "Events - 5XX Response Codes", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Server Errors\"}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| if(ElbStatusCode matches \"5*\", 1, 0) as ServerErrors \n| timeslice 1m\n| sum(ServerErrors) as ServerErrors by _timeslice\n| sort _timeslice asc", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelE7BD64DF89B9B94E", + "title": "4XX Response Codes", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"loadbalancer={{loadbalancer}} AvailabilityZone={{AvailabilityZone}}\"}}],\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_ELB_4XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panel849F83B5B73CC844", + "title": "3XX Response Codes (This metric doesn't exist for clb)", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"loadbalancer={{loadbalancer}} AvailabilityZone={{AvailabilityZone}}\"}}],\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_Backend_3XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panel848E183B8031884D", + "title": "Events - 4XX Response Codes", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Server Errors\"}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| if(ElbStatusCode matches \"4*\", 1, 0) as ServerErrors \n| timeslice 1m\n| sum(ServerErrors) as ServerErrors by _timeslice\n| sort _timeslice asc", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panel114E4560B4917A43", + "title": "Events - 3XX Response Codes", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Server Errors\"}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| if(ElbStatusCode matches \"3*\", 1, 0) as ServerErrors \n| timeslice 1m\n| sum(ServerErrors) as ServerErrors by _timeslice\n| sort _timeslice asc", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-4E589BF4AEA7D84B", + "title": "Response Codes Distribution by Domain and URI", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n| where tolowercase(loadbalancername) matches tolowercase(\"*\")\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI \n| if (ElbStatusCode matches \"5*\",1,0) as ELB_5XX\n| if (ElbStatusCode matches \"4*\",1,0) as ELB_4XX\n| if (ElbStatusCode matches \"3*\",1,0) as ELB_3XX\n| sum(ELB_5XX) as ELB_5XX, sum(ELB_4XX) as ELB_4XX, sum(ELB_3XX) as ELB_3XX by loadbalancername, Domain, URI\n| limit 20\n| sort by ELB_5XX", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + } + ], + "variables": [ + { + "id": null, + "name": "account", + "displayName": null, + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "", + "key": "account" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "region", + "displayName": null, + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}}", + "key": "region" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "namespace", + "displayName": "namespace", + "defaultValue": "aws/elb", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}}", + "key": "namespace" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "loadbalancername", + "displayName": "loadbalancername", + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}} namespace={{namespace}}", + "key": "loadbalancername" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + } + ], + "coloringRules": [] + }, + { + "type": "DashboardV2SyncDefinition", + "name": "2. AWS Classic Load Balancer - Target Group Response Analysis (DONE)", + "description": "", + "title": "2. AWS Classic Load Balancer - Target Group Response Analysis (DONE)", + "rootPanel": null, + "theme": "Light", + "topologyLabelMap": { + "data": { + "loadbalancername": [ + "*" + ], + "namespace": [ + "aws/elb" + ], + "region": [ + "*" + ], + "account": [ + "*" + ] + } + }, + "refreshInterval": 0, + "timeRange": { + "type": "BeginBoundedTimeRange", + "from": { + "type": "RelativeTimeRangeBoundary", + "relativeTime": "-1d" + }, + "to": null + }, + "layout": { + "layoutType": "Grid", + "layoutStructures": [ + { + "key": "panelPANE-EFB93C23B0ABA948", + "structure": "{\"height\":1,\"width\":12,\"x\":0,\"y\":6}" + }, + { + "key": "panel05DD969FA8F84846", + "structure": "{\"height\":1,\"width\":12,\"x\":12,\"y\":19}" + }, + { + "key": "panelE8037BA1BAFE4840", + "structure": "{\"height\":1,\"width\":12,\"x\":12,\"y\":6}" + }, + { + "key": "panel11E5E924B7E46B4D", + "structure": "{\"height\":1,\"width\":12,\"x\":0,\"y\":19}" + }, + { + "key": "panelPANE-31F3A4E7852C484F", + "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":0}" + }, + { + "key": "panel8D3D1B68A68C1B49", + "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":7}" + }, + { + "key": "panelA52CD401A29F7942", + "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":20}" + }, + { + "key": "panelDF364B0988414A44", + "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":20}" + }, + { + "key": "panelPANE-2A2CE58CB024284B", + "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":13}" + }, + { + "key": "panelDCE3556190369A4B", + "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":13}" + }, + { + "key": "panel74660D2CA5358B47", + "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":26}" + }, + { + "key": "panelA5A5D6698A94CB4F", + "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":26}" + }, + { + "key": "panel13B1911EADE35944", + "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":7}" + } + ] + }, + "panels": [ + { + "id": null, + "key": "panelPANE-EFB93C23B0ABA948", + "title": "5xx", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"textColor\":\"#222d3b\",\"backgroundColor\":\"#f36644\",\"showTitle\":false},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "Backend 5XX Response Codes" + }, + { + "id": null, + "key": "panel05DD969FA8F84846", + "title": "2XX", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"textColor\":\"#222d3b\",\"backgroundColor\":\"#75bf00\",\"showTitle\":false}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "Target Group 2XX Response Codes" + }, + { + "id": null, + "key": "panelE8037BA1BAFE4840", + "title": "4xx", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"textColor\":\"#222d3b\",\"backgroundColor\":\"#f4a866\",\"showTitle\":false},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "Backend 4XX Response Codes" + }, + { + "id": null, + "key": "panel11E5E924B7E46B4D", + "title": "3XX", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"textColor\":\"#222d3b\",\"backgroundColor\":\"#f6c851\",\"showTitle\":false}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "Target Group 3XX Response Codes" + }, + { + "id": null, + "key": "panelPANE-31F3A4E7852C484F", + "title": "Response Codes Distribution by Domain and URI", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| parse field=client \"*:*\" as clientIP, port nodrop\n| parse field=backend \"*:*\" as backendIP, backend_port nodrop\n| fields - request, client, backend\n//| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| if (BackendStatusCode matches \"5*\",1,0) as Backend_5XX\n| if (BackendStatusCode matches \"4*\",1,0) as Backend_4XX\n| if (BackendStatusCode matches \"3*\",1,0) as Backend_3XX\n| if (BackendStatusCode matches \"2*\",1,0) as Backend_2XX\n| sum(Backend_5XX) as Backend_5XX, sum(Backend_4XX) as Backend_4XX, sum(Backend_3XX) as Backend_3XX, sum(Backend_2XX) as Backend_2XX by loadbalancername, Domain, URI\n| limit 20\n| sort by Backend_5XX, Backend_4XX, Backend_3XX, Backend_2XX ", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panel8D3D1B68A68C1B49", + "title": "4XX Response Codes", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} TargetGroup={{TargetGroup}} loadbalancer={{loadbalancer}}\"}}],\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HTTPCode_Backend_4XX Statistic=Sum | sum by account, region, namespace, loadbalancername , AvailabilityZone //AvailabilityZone=* | parse field= TargetGroup */* as Unused, TargetGroup", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelA52CD401A29F7942", + "title": "2XX Response Codes", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} TargetGroup={{TargetGroup}} loadbalancer={{loadbalancer}}\"}}],\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HTTPCode_Backend_2XX Statistic=Sum | sum by account, region, namespace, loadbalancername //AvailabilityZone=* TargetGroup=* <- not in metrics series, | parse field= TargetGroup */* as Unused, TargetGroup", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelDF364B0988414A44", + "title": "3XX Response Codes", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} TargetGroup={{TargetGroup}} loadbalancer={{loadbalancer}}\"}}],\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HTTPCode_Backend_3XX Statistic=Sum | sum by account, region, namespace, loadbalancername, //AvailabilityZone=* TargetGroup=* <- not in metrics, | parse field= TargetGroup */* as Unused, TargetGroup", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-2A2CE58CB024284B", + "title": "Events - 5XX Response Codes", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n//The field TargetGroupARN does not show up in Classic ELB Logs\n//| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| where !isEmpty(BackendStatusCode)\n| if(BackendStatusCode matches \"5*\", 1, 0) as BackendErrors\n| timeslice 1m\n| sum(BackendErrors) as BackendErrors by _timeslice, Loadbalancername\n| transpose row _timeslice column Loadbalancername", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelDCE3556190369A4B", + "title": "Events - 4XX Response Codes", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n//The field TargetGroupARN does not show up in Classic ELB Logs\n//| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| where !isEmpty(BackendStatusCode)\n| if(BackendStatusCode matches \"4*\", 1, 0) as BackendErrors\n| timeslice 1m\n| sum(BackendErrors) as BackendErrors by _timeslice, Loadbalancername\n| transpose row _timeslice column Loadbalancername\n", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panel74660D2CA5358B47", + "title": "Events - 3XX Response Codes", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n//The field TargetGroupARN does not show up in Classic ELB Logs\n//| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| where !isEmpty(BackendStatusCode)\n| if(BackendStatusCode matches \"3*\", 1, 0) as BackendErrors\n| timeslice 1m\n| sum(BackendErrors) as BackendErrors by _timeslice, Loadbalancername\n| transpose row _timeslice column Loadbalancername\n", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelA5A5D6698A94CB4F", + "title": "Events - 2XX Response Codes", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n//The field TargetGroupARN does not show up in Classic ELB Logs\n//| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| where !isEmpty(BackendStatusCode)\n| if(BackendStatusCode matches \"2*\", 1, 0) as BackendErrors\n| timeslice 1m\n| sum(BackendErrors) as BackendErrors by _timeslice, Loadbalancername\n| transpose row _timeslice column Loadbalancername\n", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panel13B1911EADE35944", + "title": "5XX Backend Response Codes", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} TargetGroup={{TargetGroup}} loadbalancer={{loadbalancer}}\"}}],\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HTTPCode_Backend_5XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone //AvailabilityZone=* | parse field= TargetGroup */* as Unused, TargetGroup", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + } + ], + "variables": [ + { + "id": null, + "name": "account", + "displayName": null, + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "", + "key": "account" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "region", + "displayName": null, + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}}", + "key": "region" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "namespace", + "displayName": "namespace", + "defaultValue": "aws/elb", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}}", + "key": "namespace" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "loadbalancername", + "displayName": "loadbalancername", + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}} namespace={{namespace}}", + "key": "loadbalancername" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + } + ], + "coloringRules": [] + }, + { + "type": "DashboardV2SyncDefinition", + "name": "3. AWS Classic Load Balancer - Latency Overview (DONE)", + "description": "See the details of latency in your application load balancer by target group, availability zone, and load balancer.", + "title": "3. AWS Classic Load Balancer - Latency Overview (DONE)", + "rootPanel": null, + "theme": "Light", + "topologyLabelMap": { + "data": { + "loadbalancername": [ + "*" + ], + "namespace": [ + "aws/elb" + ], + "region": [ + "*" + ], + "account": [ + "*" + ] + } + }, + "refreshInterval": 0, + "timeRange": { + "type": "BeginBoundedTimeRange", + "from": { + "type": "RelativeTimeRangeBoundary", + "relativeTime": "-1d" + }, + "to": null + }, + "layout": { + "layoutType": "Grid", + "layoutStructures": [ + { + "key": "panelpane-8fb7ac20b210584f", + "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":1}" + }, + { + "key": "panelpane-46aba672bb08b846", + "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":8}" + }, + { + "key": "panelpane-3ebb85e685bf1b4f", + "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":8}" + }, + { + "key": "panelpane-c1ca3098892bea40", + "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":14}" + }, + { + "key": "panelpane-c301d958990e694d", + "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":14}" + }, + { + "key": "panelPANE-42811CC2ADA89846", + "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":0}" + }, + { + "key": "panelPANE-BAF589A28E007840", + "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":7}" + } + ] + }, + "panels": [ + { + "id": null, + "key": "panelpane-8fb7ac20b210584f", + "title": "Latency", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Seconds\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} TargetGroup={{TargetGroup}} loadbalancer={{loadbalancer}}\"}}],\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=Latency Statistic=Average | sum by account, region, namespace, loadbalancername3 //targetgroup=* AvailabilityZone=* | parse field= TargetGroup */* as Unused, TargetGroup", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-46aba672bb08b846", + "title": "Max and Average Total Client Latency by Loadbalancername", + "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"column\",\"fontSize\":12,\"paginationPageSize\":100,\"displayType\":\"default\",\"fillOpacity\":1},\"color\":{\"family\":\"scheme1\"},\"hiddenQueryKeys\":[],\"legend\":{\"enabled\":false},\"axes\":{\"axisY\":{\"title\":\"Latency\"}},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and BackendProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| (RequestProcessingTime+BackendProcessingTime+ResponseProcessingTime) as ClientLatency\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| avg(ClientLatency) as AverageClientLatency, max(ClientLatency) as MaximumClientLatency by loadbalancername\n| order by MaximumClientLatency", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-3ebb85e685bf1b4f", + "title": "Max and Average Target Processing Time by Loadbalancername", + "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"column\"},\"legend\":{\"enabled\":false},\"axes\":{\"axisY\":{\"title\":\"Latency\"}},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and BackendProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// ^Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| avg(BackendProcessingTime) as AverageBackendProcessingTime, max(BackendProcessingTime) as MaximumBackendProcessingTime by loadbalancername\n| order by MaximumBackendProcessingTime\n\n\n", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-c1ca3098892bea40", + "title": "Average Total Client Latency Over Time by Loadbalancername", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"area\"},\"axes\":{\"axisY\":{\"title\":\"Latency\"}},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and BackendProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// ^Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| (RequestProcessingTime+BackendProcessingTime+ResponseProcessingTime) as ClientLatency\n| timeslice 1m\n| avg(ClientLatency) as AverageClientLatency by loadbalancername ,_timeslice\n| transpose row _timeslice column loadbalancername\n", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-c301d958990e694d", + "title": "Average Response Processing Time Over Time by Loadbalancername", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"area\"},\"axes\":{\"axisY\":{\"title\":\"Latency\"}},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and BackendProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// ^Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| (RequestProcessingTime+BackendProcessingTime+ResponseProcessingTime) as ClientLatency\n| timeslice by 1m\n| avg(ResponseProcessingTime) as AverageResponseProcessingTime by _timeslice, loadbalancername\n| transpose row _timeslice column loadbalancername", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-42811CC2ADA89846", + "title": "Response", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"backgroundColor\":\"#dfe5e9\",\"showTitle\":false},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "Overall Latency" + }, + { + "id": null, + "key": "panelPANE-BAF589A28E007840", + "title": "Latency", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"backgroundColor\":\"#dfe5e9\",\"showTitle\":false}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "Events - Backend Latency" + } + ], + "variables": [ + { + "id": null, + "name": "account", + "displayName": null, + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "", + "key": "account" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "region", + "displayName": null, + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}}", + "key": "region" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "namespace", + "displayName": "namespace", + "defaultValue": "aws/elb", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}}", + "key": "namespace" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "loadbalancername", + "displayName": "loadbalancername", + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}} namespace={{namespace}}", + "key": "loadbalancer" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + } + ], + "coloringRules": [] + }, + { + "type": "DashboardV2SyncDefinition", + "name": "4. AWS Classic Load Balancer - Latency Details (DONE)", + "description": "See the details of latency in your application load balancer including the average and maximum request and response processing time, by target group and ELB server.", + "title": "4. AWS Classic Load Balancer - Latency Details (DONE)", + "rootPanel": null, + "theme": "Light", + "topologyLabelMap": { + "data": { + "loadbalancername": [ + "*" + ], + "namespace": [ + "aws/elb" + ], + "region": [ + "*" + ], + "account": [ + "*" + ] + } + }, + "refreshInterval": 0, + "timeRange": { + "type": "BeginBoundedTimeRange", + "from": { + "type": "RelativeTimeRangeBoundary", + "relativeTime": "-1d" + }, + "to": null + }, + "layout": { + "layoutType": "Grid", + "layoutStructures": [ + { + "key": "panelpane-e21d1869af8bbb43", + "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":0}" + }, + { + "key": "panelpane-50edccbfa1cd8b4f", + "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":6}" + }, + { + "key": "panelpane-39d07f8699151b42", + "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":6}" + }, + { + "key": "panelpane-9ce61eae9fc92848", + "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":12}" + }, + { + "key": "panelpane-6fda9ea0b259db4f", + "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":12}" + }, + { + "key": "panelpane-256726aaafcdba4d", + "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":24}" + }, + { + "key": "panelpane-d9489b8ebd5daa4c", + "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":18}" + }, + { + "key": "panelpane-fee25a48afe96841", + "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":18}" + }, + { + "key": "panelpane-9fa04ab689a4594a", + "structure": "{\"height\":5,\"width\":24,\"x\":0,\"y\":30}" + }, + { + "key": "panelPANE-BCC4A01F93DBD84C", + "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":24}" + } + ] + }, + "panels": [ + { + "id": null, + "key": "panelpane-e21d1869af8bbb43", + "title": "Defintions", + "visualSettings": "{\"text\":{\"format\":\"markdown\",\"backgroundColor\":\"#ffffff\"}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "#### All Time units are in Seconds\n\n#### **Client Latency** = ( RequestProcessingTime + TargetProcessingTime + ResponseProcessingTime)\n\n#### **RequestProcessingTime** = The total time elapsed from the time the load balancer received the request until the time it sent it to a registered instance.\n\n#### **ResponseProcessingTime** = The total time elapsed from the time the load balancer received the response header from the registered instance until it started to send the response to the client. This includes both the queuing time at the load balancer and the connection acquisition time from the load balancer to the back end.\n\n#### **TargetProcessingTime** = The total time elapsed from the time the load balancer sent the request to a registered instance until the instance started to send the response headers." + }, + { + "id": null, + "key": "panelpane-50edccbfa1cd8b4f", + "title": "Events - Client Latency by Domain", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme3\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and BackendProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| avg(RequestProcessingTime) as a1, avg(BackendProcessingTime) as a2,avg(ResponseProcessingTime) as a3 by _timeslice, Domain \n| (a1+a2+a3) as TotalProcessTime\n| fields _timeslice, Domain, TotalProcessTime \n| transpose row _timeslice column Domain\n", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-39d07f8699151b42", + "title": "Events - Client Latency by ELB Server", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme3\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and BackendProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| avg(RequestProcessingTime) as a1, avg(BackendProcessingTime) as a2,avg(ResponseProcessingTime) as a3 by _timeslice, loadbalancername\n| (a1+a2+a3) as TotalProcessTime\n| fields _timeslice, loadbalancername, TotalProcessTime \n| transpose row _timeslice column loadbalancername\n", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-9ce61eae9fc92848", + "title": "Events - Average Request Processing Time by ELB Server", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and BackendProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| avg(RequestProcessingTime) as AverageRequestProcessingTime by _timeslice, loadbalancername\n| transpose row _timeslice column loadbalancername", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-6fda9ea0b259db4f", + "title": "Events - Average Response Processing Time by ELB Server", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and BackendProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| avg(ResponseProcessingTime) as AverageResponseProcessingTime by _timeslice, loadbalancername\n| transpose row _timeslice column loadbalancername\n", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-256726aaafcdba4d", + "title": "Events - Average Request Processing Time by URI", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and BackendProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| avg(RequestProcessingTime) as AverageRequestProcessingTime by _timeslice, URI\n| transpose row _timeslice column URI\n", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-d9489b8ebd5daa4c", + "title": "Events - Max Request Processing Time by ELB Server", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and BackendProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| max(RequestProcessingTime) as MaximumRequestProcessingTime by _timeslice, loadbalancername\n| transpose row _timeslice column loadbalancername\n", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-fee25a48afe96841", + "title": "Events - Max Response Processing Time by ELB Server", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and BackendProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| timeslice by 1m\n| max(ResponseProcessingTime) as MaximumResponseProcessingTime by _timeslice, loadbalancername\n| transpose row _timeslice column loadbalancername\n", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-9fa04ab689a4594a", + "title": "Events - Top 20 Client Latency by Paths", + "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"table\"},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and BackendProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| avg(RequestProcessingTime) as a1, avg(BackendProcessingTime) as a2,avg(ResponseProcessingTime) as a3 by URI\n| (a1+a2+a3) as TotalProcessTime\n| fields URI, TotalProcessTime \n| sort by TotalProcessTime \n| limit 20\n\n", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-BCC4A01F93DBD84C", + "title": "Events - Average Response Processing Time by URI", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Time\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and BackendProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| avg(ResponseProcessingTime) as AverageResponseProcessingTime by _timeslice, URI\n| transpose row _timeslice column URI\n", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + } + ], + "variables": [ + { + "id": null, + "name": "account", + "displayName": null, + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "", + "key": "account" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "region", + "displayName": null, + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}}", + "key": "region" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "namespace", + "displayName": "namespace", + "defaultValue": "aws/elb", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}}", + "key": "namespace" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "loadbalancername", + "displayName": "loadbalancername", + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}} namespace={{namespace}}", + "key": "loadbalancername" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + } + ], + "coloringRules": [] + }, + { + "type": "DashboardV2SyncDefinition", + "name": "5. AWS Classic Load Balancer - Connections and Host Status (DONE)", + "description": "See the details of request and host status including the average unhealthy host count, and healthy host count by target group, availability zone, and load balancer, and request count, outliers in requests by backend, and requests by target.", + "title": "5. AWS Classic Load Balancer - Connections and Host Status (DONE)", + "rootPanel": null, + "theme": "Light", + "topologyLabelMap": { + "data": { + "loadbalancername": [ + "*" + ], + "namespace": [ + "aws/elb" + ], + "region": [ + "*" + ], + "account": [ + "*" + ] + } + }, + "refreshInterval": 0, + "timeRange": { + "type": "BeginBoundedTimeRange", + "from": { + "type": "RelativeTimeRangeBoundary", + "relativeTime": "-1d" + }, + "to": null + }, + "layout": { + "layoutType": "Grid", + "layoutStructures": [ + { + "key": "panelpane-72162e80bf98794a", + "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":20}" + }, + { + "key": "panelpane-3f69e9d8acb63944", + "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":13}" + }, + { + "key": "panelpane-b0dcb7ce9acff84d", + "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":6}" + }, + { + "key": "panelpane-0a6b3b1a8e6f2a4d", + "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":6}" + }, + { + "key": "panelpane-256d7e9895990b46", + "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":6}" + }, + { + "key": "panelPANE-AC8CEF56B14A3B49", + "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":5}" + }, + { + "key": "panelA50246B29A29584D", + "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":12}" + }, + { + "key": "panel248E85BAAAC3FA49", + "structure": "{\"height\":1,\"width\":12,\"x\":0,\"y\":19}" + }, + { + "key": "panel93A07615B0C15B44", + "structure": "{\"height\":1,\"width\":12,\"x\":12,\"y\":19}" + }, + { + "key": "panelF582E76F8F681B46", + "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":13}" + }, + { + "key": "panelDCF2F2A88E731942", + "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":13}" + }, + { + "key": "panel15B701BABC802B4F", + "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":20}" + }, + { + "key": "panelPANE-9EB0E883B1BAB84B", + "structure": "{\"height\":5,\"width\":24,\"x\":0,\"y\":0}" + } + ] + }, + "panels": [ + { + "id": null, + "key": "panelpane-72162e80bf98794a", + "title": "Unhealthy Hosts", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} TargetGroup={{TargetGroup}} loadbalancer={{loadbalancer}}\"}}],\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=UnHealthyHostCount Statistic=Average | sum by account, region, namespace, loadbalancername //AvailabilityZone=* TargetGroup=* , AvailabilityZone, TargetGroup ", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-3f69e9d8acb63944", + "title": "Target Connections Errors", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} TargetGroup={{TargetGroup}} loadbalancer={{loadbalancer}}\"}}],\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HTTPCode_Backend_5XX Statistic=Sum | sum by account, region, namespace, loadbalancername //AvailabilityZone=* TargetGroup=*, AvailabilityZone, TargetGroup", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-b0dcb7ce9acff84d", + "title": "Active Connections", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{loadbalancer}}\"}}],\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=EstimatedALBActiveConnectionCount Statistic=Sum | sum by account, region, namespace, loadbalancername", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-0a6b3b1a8e6f2a4d", + "title": "New Connections", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{loadbalancer}}\"}}],\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=EstimatedALBNewConnectionCount Statistic=Sum | sum by account, region, namespace, loadbalancername", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-256d7e9895990b46", + "title": "Rejected Connections (Using Spillover Count)", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancer={{loadbalancer}}\"}}],\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=SpilloverCount Statistic=Sum | sum by account, region, namespace, loadbalancername //AvailabilityZone, AvailabilityZone=*", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-AC8CEF56B14A3B49", + "title": "Connections", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"backgroundColor\":\"#dfe5e9\",\"showTitle\":false}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "Connections" + }, + { + "id": null, + "key": "panelA50246B29A29584D", + "title": "Connections", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"backgroundColor\":\"#dfe5e9\",\"showTitle\":false}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "Connections Errors" + }, + { + "id": null, + "key": "panel248E85BAAAC3FA49", + "title": "Hosts", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"backgroundColor\":\"#dfe5e9\",\"showTitle\":false}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "Unhealthy Hosts" + }, + { + "id": null, + "key": "panel93A07615B0C15B44", + "title": "Hosts", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"backgroundColor\":\"#dfe5e9\",\"showTitle\":false}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "Healthy Hosts" + }, + { + "id": null, + "key": "panelF582E76F8F681B46", + "title": "3XX Backend Error Count", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancer={{loadbalancer}}\"}}],\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HTTPCode_Backend_3XX Statistic=Sum | sum by account, region, namespace, loadbalancername //AvailabilityZone=* AvailabilityZone", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelDCF2F2A88E731942", + "title": "4XX Backend Error Count", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} TargetGroup={{TargetGroup}} loadbalancer={{loadbalancer}}\"}}],\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HTTPCode_Backend_4XX Statistic=Sum | sum by account, region, namespace, loadbalancername //AvailabilityZone=*, TargetGroup=* AvailabilityZone, TargetGroup", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panel15B701BABC802B4F", + "title": "Healthy Hosts", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} TargetGroup={{TargetGroup}} loadbalancer={{loadbalancer}}\"}}],\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HealthyHostCount Statistic=Average | sum by account, region, namespace, loadbalancername //AvailabilityZone=* TargetGroup=*, AvailabilityZone, TargetGroup ", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-9EB0E883B1BAB84B", + "title": "Classic ELB Metrics", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"text\":{\"format\":\"markdownV2\",\"fontSize\":12},\"series\":{},\"legend\":{\"enabled\":false}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "**SpilloverCount** - When requests exceed the maximum SurgeQueueLength, the SpilloverCount metric starts to measure rejected requests. The maximum SurgeQueueLength is 1024.\n\n**SurgeQueueLegnth** - The total number of requests (HTTP listener) or connections (TCP listener) that are pending routing to a healthy instance. The maximum size of the queue is 1,024. Additional requests or connections are rejected when the queue is full.\n\n**EstimatedALBActiveConnectionCount** - The estimated number of concurrent TCP connections active from clients to the load balancer and from the load balancer to targets.\n\n**EstimatedALBConsumedLCUs** - The estimated number of load balancer capacity units (LCU) used by an Application Load Balancer. You pay for the number of LCUs that you use per hour. For more information, see Elastic Load Balancing Pricing for more info https://aws.amazon.com/elasticloadbalancing/pricing/\n\n**EstimatedALBNewConnectionCount** - The estimated number of new TCP connections established from clients to the load balancer and from the load balancer to targets.\n\n**EstimatedProcessedBytes** The estimated number of bytes processed by an Application Load Balancer." + } + ], + "variables": [ + { + "id": null, + "name": "account", + "displayName": null, + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "", + "key": "account" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "region", + "displayName": null, + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}}", + "key": "region" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "namespace", + "displayName": "namespace", + "defaultValue": "aws/elb", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}}", + "key": "namespace" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "loadbalancername", + "displayName": "loadbalancername", + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}} namespace={{namespace}}", + "key": "loadbalancername" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + } + ], + "coloringRules": [] + }, + { + "type": "DashboardV2SyncDefinition", + "name": "6. AWS Classic Load Balancer - Requests and Processed Bytes (DONE)", + "description": "See the details of requests and Processed bytes for your application load balancer.", + "title": "6. AWS Classic Load Balancer - Requests and Processed Bytes (DONE)", + "rootPanel": null, + "theme": "Light", + "topologyLabelMap": { + "data": { + "loadbalancername": [ + "*" + ], + "namespace": [ + "aws/elb" + ], + "region": [ + "*" + ], + "account": [ + "*" + ] + } + }, + "refreshInterval": 0, + "timeRange": { + "type": "BeginBoundedTimeRange", + "from": { + "type": "RelativeTimeRangeBoundary", + "relativeTime": "-1d" + }, + "to": null + }, + "layout": { + "layoutType": "Grid", + "layoutStructures": [ + { + "key": "panelpane-2fb20d99840ff849", + "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":13}" + }, + { + "key": "panelpane-7836817bb708584c", + "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":13}" + }, + { + "key": "panelpane-9b153d55a89e9849", + "structure": "{\"height\":6,\"width\":6,\"x\":6,\"y\":13}" + }, + { + "key": "panelpane-0a893b479b02184f", + "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":13}" + }, + { + "key": "panelPANE-EFE34823AB0FD841", + "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":0}" + }, + { + "key": "panel9C8F307FA318284A", + "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":0}" + }, + { + "key": "panelPANE-B00C3708A858994E", + "structure": "{\"height\":1,\"width\":12,\"x\":12,\"y\":12}" + }, + { + "key": "panel15C0E6E0A725A84E", + "structure": "{\"height\":1,\"width\":12,\"x\":0,\"y\":12}" + }, + { + "key": "panel506081A3919ACA4A", + "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":6}" + }, + { + "key": "panel6A37B8FBA033EB4D", + "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":6}" + } + ] + }, + "panels": [ + { + "id": null, + "key": "panelpane-2fb20d99840ff849", + "title": "Events - Outlier (Decrease) Requests by Backend", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"color\":{\"family\":\"scheme4\"},\"axes\":{\"axisY\":{\"title\":\"Requests\"}},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n// Parse all fields above, then aggregate\n| timeslice 1m \n| count by _timeslice, backend\n| outlier _count by backend threshold=2, direction=- \n| where (_count_violation=1) and (_count_indicator=1)\n| fields _timeslice, backend, _count \n| transpose row _timeslice column backend", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-7836817bb708584c", + "title": "Events - Outlier (Increase) Requests by Backend", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\",\"fillOpacity\":1},\"color\":{\"family\":\"scheme4\"},\"axes\":{\"axisY\":{\"title\":\"Requests\"}},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n// Parse all fields above, then aggregate\n| timeslice 1m \n| count by _timeslice, backend\n| outlier _count by backend threshold=2, direction=+ \n| where (_count_violation=1) and (_count_indicator=1) and !isEmpty(backend)\n| fields _timeslice, backend, _count \n| transpose row _timeslice column backend", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-9b153d55a89e9849", + "title": "Events - Outlier (Decrease) Requests by Loadbalancername", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"axes\":{\"axisY\":{\"title\":\"Requests\"}},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n// Parse all fields above, then aggregate\n| timeslice 1m \n| count by _timeslice, loadbalancername\n| outlier _count by loadbalancername threshold=2, direction=+ \n| where (_count_violation=1) and (_count_indicator=1)\n| fields _timeslice, loadbalancername, _count \n| transpose row _timeslice column loadbalancername", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-0a893b479b02184f", + "title": "Events - Outlier (Increase) Requests by Loadbalancername", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"axes\":{\"axisY\":{\"title\":\"Requests\"}},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n// Parse all fields above, then aggregate\n| timeslice 1m \n| count by _timeslice, loadbalancername\n| outlier _count by loadbalancername threshold=2, direction=+ \n| where (_count_violation=1) and (_count_indicator=1)\n| fields _timeslice, loadbalancername, _count \n| transpose row _timeslice column loadbalancername", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-EFE34823AB0FD841", + "title": "Request Counts (does request count show up in the metrics?)", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"TargetGroup={{TargetGroup}} loadbalancer={{loadbalancer}} \"}}],\"series\":{},\"hiddenQueryKeys\":[\"B\"]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=RequestCount | sum by account, region, namespace, loadbalancername", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panel9C8F307FA318284A", + "title": "Estimated Processed Bytes", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{loadbalancer}} \"}}],\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=EstimatedProcessedBytes Statistic=Sum | sum by account, region, namespace, loadbalancername", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-B00C3708A858994E", + "title": "Untitled", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"backgroundColor\":\"#dfe5e9\",\"showTitle\":false}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "Requests to Backend Servers" + }, + { + "id": null, + "key": "panel15C0E6E0A725A84E", + "title": "Untitled", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"backgroundColor\":\"#dfe5e9\",\"showTitle\":false},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "Requests by URI" + }, + { + "id": null, + "key": "panel506081A3919ACA4A", + "title": "Received Bytes", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Bytes\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n// Parse all fields above, then aggregate\n| timeslice 1m \n| sum(ReceivedBytes) as ReceivedBytes by _timeslice", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panel6A37B8FBA033EB4D", + "title": "Sent Bytes", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Bytes\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n// Parse all fields above, then aggregate\n| timeslice 1m \n| sum(SentBytes) as SentBytes by _timeslice", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + } + ], + "variables": [ + { + "id": null, + "name": "account", + "displayName": null, + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "", + "key": "account" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "region", + "displayName": null, + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}}", + "key": "region" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "namespace", + "displayName": "namespace", + "defaultValue": "aws/elb", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}}", + "key": "namespace" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "loadbalancername", + "displayName": "loadbalancername", + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}} namespace={{namespace}}", + "key": "loadbalancername" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + } + ], + "coloringRules": [] + }, + { + "type": "DashboardV2SyncDefinition", + "name": "7. AWS Classic Load Balancer - Threat Intel (DONE)", + "description": "See the details of IP threats including the count, location, and highly malicious IP threats.", + "title": "7. AWS Classic Load Balancer - Threat Intel (DONE)", + "rootPanel": null, + "theme": "Light", + "topologyLabelMap": { + "data": { + "loadbalancername": [ + "*" + ], + "namespace": [ + "aws/elb" + ], + "region": [ + "*" + ], + "account": [ + "*" + ] + } + }, + "refreshInterval": 0, + "timeRange": { + "type": "BeginBoundedTimeRange", + "from": { + "type": "RelativeTimeRangeBoundary", + "relativeTime": "-1d" + }, + "to": null + }, + "layout": { + "layoutType": "Grid", + "layoutStructures": [ + { + "key": "panelpane-3b762241ac0aba4d", + "structure": "{\"height\":6,\"width\":5,\"x\":8,\"y\":0}" + }, + { + "key": "panelpane-c08479a8a0390b4d", + "structure": "{\"height\":6,\"width\":16,\"x\":8,\"y\":6}" + }, + { + "key": "panelpane-b8ffc92b8b722a41", + "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":20}" + }, + { + "key": "panelpane-c605d948852ffb48", + "structure": "{\"height\":6,\"width\":11,\"x\":13,\"y\":0}" + }, + { + "key": "panelPANE-642147F890E0F848", + "structure": "{\"height\":12,\"width\":8,\"x\":0,\"y\":0}" + }, + { + "key": "panelPANE-3AA22D409203F942", + "structure": "{\"height\":8,\"width\":24,\"x\":0,\"y\":12}" + } + ] + }, + "panels": [ + { + "id": null, + "key": "panelpane-3b762241ac0aba4d", + "title": "All IP Threat Count", + "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Sum\",\"label\":\"Threats\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"valueFontSize\":20,\"labelFontSize\":8,\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100}},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request,user_agent,ssl_cipher,ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as threat_count", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-c08479a8a0390b4d", + "title": "Highly Malicious IP Threats Table", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"table\"},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request,user_agent,ssl_cipher,ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by ClientIp, MaliciousConfidence, Actor, LabelName\n| sort by ThreatCount", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-b8ffc92b8b722a41", + "title": "All IP Threats Table", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"table\"},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request,user_agent,ssl_cipher,ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by ClientIp, MaliciousConfidence, Actor, LabelName\n| sort by MaliciousConfidence", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-c605d948852ffb48", + "title": "Malicious Confidence", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"bar\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request,user_agent,ssl_cipher,ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp\n| count as Count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count by MaliciousConfidence\n| sort by _count", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-642147F890E0F848", + "title": "Threat Locations", + "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request,user_agent,ssl_cipher,ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as Count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count by ClientIp\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIp\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-3AA22D409203F942", + "title": "Top URI's Accessed by Highly Malicious Threat IPs", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request,user_agent,ssl_cipher,ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| parse regex \"(?\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp, URI\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count(ip_count) as UniqueThreatIPs by URI\n| top 20 URI by UniqueThreatIPs, URI asc", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + } + ], + "variables": [ + { + "id": null, + "name": "account", + "displayName": null, + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "", + "key": "account" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "region", + "displayName": null, + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}}", + "key": "region" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "namespace", + "displayName": "namespace", + "defaultValue": "aws/elb", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}}", + "key": "namespace" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "loadbalancername", + "displayName": "loadbalancername", + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}} namespace={{namespace}}", + "key": "loadbalancername" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + } + ], + "coloringRules": [] + } + ] +} \ No newline at end of file From e50b849664fa0138ab88d3987eaab21d668d3fcf Mon Sep 17 00:00:00 2001 From: Himanshu Sharma Date: Fri, 10 Dec 2021 13:40:57 +0530 Subject: [PATCH 06/44] updating hierarchy --- .../app-modules/main.tf | 74 +++++++++++++++++++ .../app-modules/overview/app.tf | 48 ++++++------ 2 files changed, 98 insertions(+), 24 deletions(-) diff --git a/aws-observability-terraform/app-modules/main.tf b/aws-observability-terraform/app-modules/main.tf index cfa3ebb6..201735ea 100644 --- a/aws-observability-terraform/app-modules/main.tf +++ b/aws-observability-terraform/app-modules/main.tf @@ -210,3 +210,77 @@ module "nlb_app" { email_notifications = var.email_notifications group_notifications = var.group_notifications } + +# ********************** Create Explore Hierarchy ********************** # +resource "sumologic_hierarchy" "awso_hierarchy" { + name = "AWS Observability-1" + level { + entity_type = "account" + next_level { + entity_type = "region" + next_level { + entity_type = "namespace" + next_levels_with_conditions { + condition = "AWS/ApplicationElb" + level { + entity_type = "loadbalancer" + } + } + next_levels_with_conditions { + condition = "AWS/ApiGateway" + level { + entity_type = "apiname" + } + } + next_levels_with_conditions { + condition = "AWS/DynamoDB" + level { + entity_type = "tablename" + } + } + next_levels_with_conditions { + condition = "AWS/EC2" + level { + entity_type = "instanceid" + } + } + next_levels_with_conditions { + condition = "AWS/RDS" + level { + entity_type = "dbidentifier" + } + } + next_levels_with_conditions { + condition = "AWS/Lambda" + level { + entity_type = "functionname" + } + } + next_levels_with_conditions { + condition = "AWS/ECS" + level { + entity_type = "clustername" + } + } + next_levels_with_conditions { + condition = "AWS/ElastiCache" + level { + entity_type = "cacheclusterid" + } + } + next_levels_with_conditions { + condition = "AWS/ELB" + level { + entity_type = "loadbalancername" + } + } + next_levels_with_conditions { + condition = "AWS/NetworkELB" + level { + entity_type = "networkloadbalancer" + } + } + } + } + } +} \ No newline at end of file diff --git a/aws-observability-terraform/app-modules/overview/app.tf b/aws-observability-terraform/app-modules/overview/app.tf index 55866f81..e441b53d 100644 --- a/aws-observability-terraform/app-modules/overview/app.tf +++ b/aws-observability-terraform/app-modules/overview/app.tf @@ -45,28 +45,28 @@ module "overview_module" { } # ********************** Create Explore Hierarchy ********************** # -locals { - api_endpoint = var.environment == "us1" ? "https://api.sumologic.com/api" : "https://api.${var.environment}.sumologic.com/api" - hierarchy_name = "AWS Observability" - hierarchy_level = jsonencode({ "entityType": "account","nextLevelsWithConditions": [ ],"nextLevel": { "entityType": "region","nextLevelsWithConditions": [ ],"nextLevel": { "entityType": "namespace","nextLevelsWithConditions": [ { "condition": "AWS/ApplicationElb","level": { "entityType": "loadbalancer","nextLevelsWithConditions": [ ] } },{ "condition": "AWS/ApiGateway","level": { "entityType": "apiname","nextLevelsWithConditions": [ ] } },{ "condition": "AWS/DynamoDB","level": { "entityType": "tablename","nextLevelsWithConditions": [ ] } },{ "condition": "AWS/EC2","level": { "entityType": "instanceid","nextLevelsWithConditions": [ ] } },{ "condition": "AWS/RDS","level": { "entityType": "dbidentifier","nextLevelsWithConditions": [ ] } },{ "condition": "AWS/Lambda","level": { "entityType": "functionname","nextLevelsWithConditions": [ ] } },{ "condition": "AWS/ECS","level": { "entityType": "clustername","nextLevelsWithConditions": [ ] } },{ "condition": "AWS/ElastiCache","level": { "entityType": "cacheclusterid","nextLevelsWithConditions": [ ] } },{ "condition": "AWS/NetworkELB","level": { "entityType": "networkloadbalancer","nextLevelsWithConditions": [ ] } } ] } } }) -} -resource "null_resource" "SumoLogicExploreHierarchy" { - triggers = { - api_endpoint = local.api_endpoint - hierarchy_name = local.hierarchy_name - hierarchy_level = local.hierarchy_level - access_id = var.access_id - access_key = var.access_key - } +# locals { +# api_endpoint = var.environment == "us1" ? "https://api.sumologic.com/api" : "https://api.${var.environment}.sumologic.com/api" +# hierarchy_name = "AWS Observability" +# hierarchy_level = jsonencode({ "entityType": "account","nextLevelsWithConditions": [ ],"nextLevel": { "entityType": "region","nextLevelsWithConditions": [ ],"nextLevel": { "entityType": "namespace","nextLevelsWithConditions": [ { "condition": "AWS/ApplicationElb","level": { "entityType": "loadbalancer","nextLevelsWithConditions": [ ] } },{ "condition": "AWS/ApiGateway","level": { "entityType": "apiname","nextLevelsWithConditions": [ ] } },{ "condition": "AWS/DynamoDB","level": { "entityType": "tablename","nextLevelsWithConditions": [ ] } },{ "condition": "AWS/EC2","level": { "entityType": "instanceid","nextLevelsWithConditions": [ ] } },{ "condition": "AWS/RDS","level": { "entityType": "dbidentifier","nextLevelsWithConditions": [ ] } },{ "condition": "AWS/Lambda","level": { "entityType": "functionname","nextLevelsWithConditions": [ ] } },{ "condition": "AWS/ECS","level": { "entityType": "clustername","nextLevelsWithConditions": [ ] } },{ "condition": "AWS/ElastiCache","level": { "entityType": "cacheclusterid","nextLevelsWithConditions": [ ] } },{ "condition": "AWS/NetworkELB","level": { "entityType": "networkloadbalancer","nextLevelsWithConditions": [ ] } } ] } } }) +# } +# resource "null_resource" "SumoLogicExploreHierarchy" { +# triggers = { +# api_endpoint = local.api_endpoint +# hierarchy_name = local.hierarchy_name +# hierarchy_level = local.hierarchy_level +# access_id = var.access_id +# access_key = var.access_key +# } - provisioner "local-exec" { - when = create - command = < Date: Fri, 10 Dec 2021 13:47:55 +0530 Subject: [PATCH 07/44] Updating Readme --- .../app-modules/README.md | 5 ++++- .../source-module/README.md | 19 ++++++++++++++----- .../source-module/main.tf | 2 ++ .../source-module/variables.tf | 4 ++-- 4 files changed, 22 insertions(+), 8 deletions(-) diff --git a/aws-observability-terraform/app-modules/README.md b/aws-observability-terraform/app-modules/README.md index 04555c39..f510b627 100644 --- a/aws-observability-terraform/app-modules/README.md +++ b/aws-observability-terraform/app-modules/README.md @@ -10,7 +10,7 @@ | Name | Version | |------|---------| -| [sumologic](#provider\_sumologic) | 2.6.3 | +| [sumologic](#provider\_sumologic) | >= 2.6.2 | | [time](#provider\_time) | n/a | ## Modules @@ -23,6 +23,7 @@ | [ec2metrics\_app](#module\_ec2metrics\_app) | ./ec2metrics | n/a | | [ecs\_app](#module\_ecs\_app) | ./ecs | n/a | | [elasticache\_app](#module\_elasticache\_app) | ./elasticache | n/a | +| [elb\_app](#module\_elb\_app) | ./elb | n/a | | [lambda\_app](#module\_lambda\_app) | ./lambda | n/a | | [nlb\_app](#module\_nlb\_app) | ./nlb | n/a | | [overview\_app](#module\_overview\_app) | ./overview | n/a | @@ -34,6 +35,7 @@ | Name | Type | |------|------| | [sumologic_folder.apps_folder](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/folder) | resource | +| [sumologic_hierarchy.awso_hierarchy](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/hierarchy) | resource | | [sumologic_monitor_folder.monitor_folder](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/resources/monitor_folder) | resource | | [time_sleep.wait_for_5_minutes](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource | | [sumologic_personal_folder.personalFolder](https://registry.terraform.io/providers/SumoLogic/sumologic/latest/docs/data-sources/personal_folder) | data source | @@ -52,6 +54,7 @@ | [ec2metrics\_monitors\_disabled](#input\_ec2metrics\_monitors\_disabled) | Indicates if EC2 Metrics Apps monitors should be enabled. true to disable; false to enable. | `bool` | `true` | no | | [ecs\_monitors\_disabled](#input\_ecs\_monitors\_disabled) | Indicates if ECS Apps monitors should be enabled. true to disable; false to enable. | `bool` | `true` | no | | [elasticache\_monitors\_disabled](#input\_elasticache\_monitors\_disabled) | Indicates if Elasticache Apps monitors should be enabled. true to disable; false to enable. | `bool` | `true` | no | +| [elb\_monitors\_disabled](#input\_elb\_monitors\_disabled) | Indicates if the ALB Apps monitors should be enabled. true to disable; false to enable. | `bool` | `true` | no | | [email\_notifications](#input\_email\_notifications) | Email Notifications to be sent by the alert. | 
list(object(
    {
      connection_type       = string,
      recipients            = list(string),
      subject               = string,
      time_zone             = string,
      message_body          = string,
      run_for_trigger_types = list(string)
    }
  ))
| `[]` | no | | [environment](#input\_environment) | Enter au, ca, de, eu, jp, us2, in, fed or us1. For more information on Sumo Logic deployments visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security | `string` | n/a | yes | | [group\_notifications](#input\_group\_notifications) | Whether or not to group notifications for individual items that meet the trigger condition. Defaults to true. | `bool` | `true` | no | diff --git a/aws-observability-terraform/source-module/README.md b/aws-observability-terraform/source-module/README.md index 487ab280..c97e14ba 100644 --- a/aws-observability-terraform/source-module/README.md +++ b/aws-observability-terraform/source-module/README.md @@ -12,16 +12,17 @@ | Name | Version | |------|---------| -| [aws](#provider\_aws) | 3.57.0 | -| [null](#provider\_null) | 3.1.0 | -| [random](#provider\_random) | 3.1.0 | -| [sumologic](#provider\_sumologic) | 2.9.10 | -| [time](#provider\_time) | 0.7.2 | +| [aws](#provider\_aws) | >= 3.42.0 | +| [null](#provider\_null) | n/a | +| [random](#provider\_random) | >= 3.1.0 | +| [sumologic](#provider\_sumologic) | >= 2.9.0 | +| [time](#provider\_time) | >= 0.7.1 | ## Modules | Name | Source | Version | |------|--------|---------| +| [classic\_lb\_module](#module\_classic\_lb\_module) | SumoLogic/sumo-logic-integrations/sumologic//aws/elb | n/a | | [cloudtrail\_module](#module\_cloudtrail\_module) | SumoLogic/sumo-logic-integrations/sumologic//aws/cloudtrail | n/a | | [cloudwatch\_logs\_lambda\_log\_forwarder\_module](#module\_cloudwatch\_logs\_lambda\_log\_forwarder\_module) | SumoLogic/sumo-logic-integrations/sumologic//aws/cloudwatchlogsforwarder | n/a | | [cloudwatch\_metrics\_source\_module](#module\_cloudwatch\_metrics\_source\_module) | SumoLogic/sumo-logic-integrations/sumologic//aws/cloudwatchmetrics | n/a | @@ -46,6 +47,7 @@ | [aws_s3_bucket.s3_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | | [aws_s3_bucket_notification.bucket_notification](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_notification) | resource | | [aws_sns_topic.sns_topic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource | +| [null_resource.AddFieldsToCLBSource](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | | [null_resource.AddFieldsToCloudTrailSource](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | | [null_resource.AddFieldsToELBSource](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | | [null_resource.AddFieldsToLogSource](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | @@ -67,12 +69,15 @@ | [auto\_enable\_logs\_subscription](#input\_auto\_enable\_logs\_subscription) | Subscribe log groups to Sumo Logic Lambda Forwarder.
You have the following options:
New - Automatically subscribes new log groups to send logs to Sumo Logic.
Existing - Automatically subscribes existing log groups to send logs to Sumo Logic.
Both - Automatically subscribes new and existing log groups.
None - Skips Automatic subscription. | `string` | `"Both"` | no | | [auto\_enable\_logs\_subscription\_options](#input\_auto\_enable\_logs\_subscription\_options) | filter - Enter regex for matching logGroups. Regex will check for the name. Visit https://help.sumologic.com/03Send-Data/Collect-from-Other-Data-Sources/Auto-Subscribe_AWS_Log_Groups_to_a_Lambda_Function#Configuring_parameters | 
object({
    filter = string
  })
| 
{
  "filter": "lambda"
}
| no | | [aws\_account\_alias](#input\_aws\_account\_alias) | Provide the Name/Alias for the AWS environment from which you are collecting data. This name will appear in the Sumo Logic Explorer View, metrics, and logs.
Please leave this blank if you are going to deploy the solution in multiple AWS accounts.
Do not include special characters in the alias. | `string` | n/a | yes | +| [classic\_lb\_log\_source\_url](#input\_classic\_lb\_log\_source\_url) | Required if you are already collecting Classic LB logs. Provide the existing Sumo Logic Classic LB Source API URL. The account, accountid, region and namespace fields will be added to the Source. For information on how to determine the URL, see [View or Download Source JSON Configuration](https://help.sumologic.com/03Send-Data/Sources/03Use-JSON-to-Configure-Sources/Local-Configuration-File-Management/View-or-Download-Source-JSON-Configuration). | `string` | `""` | no | +| [classic\_lb\_source\_details](#input\_classic\_lb\_source\_details) | Provide details for the Sumo Logic Classic Load Balancer source. If not provided, then defaults will be used.
To enable collection of classic load balancer logs, set collect\_classic\_lb\_logs to true and provide configuration information for the bucket.
If create\_bucket is false, provide a name of an existing S3 bucket where you would like to store loadbalancer logs. If this is empty, a new bucket will be created in the region.
If create\_bucket is true, the script creates a bucket, the name of the bucket has to be unique; this is achieved internally by generating a random-id and then post-fixing it to the “aws-observability-” string.
path\_expression - This is required in case the above existing bucket is already configured to receive ALB access logs. If this is blank, Sumo Logic will store logs in the path expression: *AWSLogs/*/classicloadbalancing/*/* | 
object({
    source_name     = string
    source_category = string
    description     = string
    bucket_details = object({
      create_bucket        = bool
      bucket_name          = string
      path_expression      = string
      force_destroy_bucket = bool
    })
    fields = map(string)
  })
| 
{
  "bucket_details": {
    "bucket_name": "aws-observability-random-id",
    "create_bucket": true,
    "force_destroy_bucket": true,
    "path_expression": "*AWSLogs//classicloadbalancing//*"
  },
  "description": "This source is created using Sumo Logic terraform AWS Observability module to collect AWS Classic LoadBalancer logs.",
  "fields": {},
  "source_category": "aws/observability/clb/logs",
  "source_name": "Classic lb Logs (Region)"
}
| no | | [cloudtrail\_source\_details](#input\_cloudtrail\_source\_details) | Provide details for the Sumo Logic CloudTrail source. If not provided, then defaults will be used.
To enable, set collect\_cloudtrail\_logs to true and provide configuration information for the bucket at bucket\_details.
If create\_bucket is false, provide a name of an existing S3 bucket where you would like to store CloudTrail logs. If this is empty, a new bucket will be created in the region.
If create\_bucket is true, the script creates a bucket, the name of the bucket has to be unique; this is achieved internally by generating a random-id and then post-fixing it to the “aws-observability-” string.
path\_expression - This is required in case the above existing bucket is already configured to receive CloudTrail logs. If this is blank, Sumo Logic will store logs in the path expression AWSLogs/*/CloudTrail/*/*. | 
object({
    source_name     = string
    source_category = string
    description     = string
    bucket_details = object({
      create_bucket        = bool
      bucket_name          = string
      path_expression      = string
      force_destroy_bucket = bool
    })
    fields = map(string)
  })
| 
{
  "bucket_details": {
    "bucket_name": "aws-observability-random-id",
    "create_bucket": true,
    "force_destroy_bucket": true,
    "path_expression": "AWSLogs//CloudTrail//*"
  },
  "description": "This source is created using Sumo Logic terraform AWS Observability module to collect AWS cloudtrail logs.",
  "fields": {},
  "source_category": "aws/observability/cloudtrail/logs",
  "source_name": "CloudTrail Logs (Region)"
}
| no | | [cloudtrail\_source\_url](#input\_cloudtrail\_source\_url) | Required if you are already collecting CloudTrail logs. Provide the existing Sumo Logic CloudTrail Source API URL. The account field will be added to the Source. For information on how to determine the URL, see [View or Download Source JSON Configuration](https://help.sumologic.com/03Send-Data/Sources/03Use-JSON-to-Configure-Sources/Local-Configuration-File-Management/View-or-Download-Source-JSON-Configuration). | `string` | `""` | no | | [cloudwatch\_logs\_source\_details](#input\_cloudwatch\_logs\_source\_details) | Provide details for the Sumo Logic Cloudwatch Logs source. If not provided, then defaults will be used.

Use bucket\_details section with Kinesis Firehose Log Source:
If create\_bucket is false, provide a name of an existing S3 bucket where you would like to store cloudwatch logs. If this is empty, a new bucket will be created.
If create\_bucket is true, the script creates a bucket, the name of the bucket has to be unique; this is achieved internally by generating a random-id and then post-fixing it to the “aws-observability-” string.

Use lambda\_log\_forwarder\_config section with Lambda Log Forwarder:
Provide your email\_id to receive alerts. You will receive a confirmation email after the deployment is complete. Follow the instructions in this email to validate the address.
IncludeLogGroupInfo: Set to true to include loggroup/logstream values in logs. For AWS Lambda logs, IncludeLogGroupInfo must be set to true
logformat: For Lambda, the value should be set to “Others”.
log\_stream\_prefix: Enter a comma-separated list of logStream name prefixes to filter by logStream. Please note this is separate from a logGroup. This is used to only send certain logStreams within a CloudWatch logGroup(s). LogGroup(s) still need to be subscribed to the created Lambda function.
workers: Number of lambda function invocations for Cloudwatch logs source Dead Letter Queue processing. | 
object({
    source_name     = string
    source_category = string
    description     = string
    fields          = map(string)
    bucket_details = object({
      create_bucket        = bool
      bucket_name          = string
      force_destroy_bucket = bool
    })
    lambda_log_forwarder_config = object({
      email_id               = string
      workers                = number
      log_format             = string
      include_log_group_info = bool
      log_stream_prefix      = list(string)
    })
  })
| 
{
  "bucket_details": {
    "bucket_name": "aws-observability-random-id",
    "create_bucket": true,
    "force_destroy_bucket": true
  },
  "description": "This source is created using Sumo Logic terraform AWS Observability module to collect AWS Cloudwatch Logs.",
  "fields": {},
  "lambda_log_forwarder_config": {
    "email_id": "test@gmail.com",
    "include_log_group_info": true,
    "log_format": "Others",
    "log_stream_prefix": [],
    "workers": 4
  },
  "source_category": "aws/observability/cloudwatch/logs",
  "source_name": "CloudWatch Logs (Region)"
}
| no | | [cloudwatch\_logs\_source\_url](#input\_cloudwatch\_logs\_source\_url) | Required if you are already collecting AWS Lambda CloudWatch logs. Provide the existing Sumo Logic AWS Lambda CloudWatch Source API URL. The account, accountid, region and namespace fields will be added to the Source. For information on how to determine the URL, see [View or Download Source JSON Configuration](https://help.sumologic.com/03Send-Data/Sources/03Use-JSON-to-Configure-Sources/Local-Configuration-File-Management/View-or-Download-Source-JSON-Configuration). | `string` | `""` | no | | [cloudwatch\_metrics\_source\_details](#input\_cloudwatch\_metrics\_source\_details) | Provide details for the Sumo Logic Cloudwatch Metrics source. If not provided, then defaults will be used.
limit\_to\_namespaces - Enter a comma-delimited list of the namespaces which will be used for both AWS CloudWatch Metrics Source.
See this list of AWS services that publish CloudWatch metrics: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/aws-services-cloudwatch-metrics.html | 
object({
    source_name         = string
    source_category     = string
    description         = string
    limit_to_namespaces = list(string)
    fields              = map(string)
    bucket_details = object({
      create_bucket        = bool
      bucket_name          = string
      force_destroy_bucket = bool
    })
  })
| 
{
  "bucket_details": {
    "bucket_name": "aws-observability-random-id",
    "create_bucket": true,
    "force_destroy_bucket": true
  },
  "description": "This source is created using Sumo Logic terraform AWS Observability module to collect AWS Cloudwatch metrics.",
  "fields": {},
  "limit_to_namespaces": [
    "AWS/ApplicationELB",
    "AWS/ApiGateway",
    "AWS/DynamoDB",
    "AWS/Lambda",
    "AWS/RDS",
    "AWS/ECS",
    "AWS/ElastiCache",
    "AWS/ELB",
    "AWS/NetworkELB",
    "AWS/SQS",
    "AWS/SNS"
  ],
  "source_category": "aws/observability/cloudwatch/metrics",
  "source_name": "CloudWatch Metrics (Region)"
}
| no | | [cloudwatch\_metrics\_source\_url](#input\_cloudwatch\_metrics\_source\_url) | Required if you are already collecting CloudWatch Metrics. Provide the existing Sumo Logic Metrics Source API URL. If the URL is of “CloudWatch Metric source” - account and accountID fields will be added to the Source. If the URL is of “Kinesis Firehose Metrics source” - account field will be added to the Source. For information on how to determine the URL, see [View or Download Source JSON Configuration](https://help.sumologic.com/03Send-Data/Sources/03Use-JSON-to-Configure-Sources/Local-Configuration-File-Management/View-or-Download-Source-JSON-Configuration). | `string` | `""` | no | +| [collect\_classic\_lb\_logs](#input\_collect\_classic\_lb\_logs) | Create a Sumo Logic Classic LB Logs Source.
You have the following options:
true - to ingest load balancer logs into Sumo Logic. Creates a Sumo Logic Log Source that collects classic load balancer logs from an existing bucket or a new bucket.
If true, please configure \"classic\_lb\_source\_details\" with configuration information including the bucket name and path expression to ingest load balancer logs.
false - you are already ingesting load balancer logs into Sumo Logic. | `bool` | `true` | no | | [collect\_cloudtrail\_logs](#input\_collect\_cloudtrail\_logs) | Create a Sumo Logic CloudTrail Logs Source.
You have the following options:
true - to ingest cloudtrail logs into Sumo Logic. Creates a Sumo Logic CloudTrail Log Source that collects CloudTrail logs from an existing bucket or new bucket.
If true, please configure \"cloudtrail\_source\_details\" with configuration information to ingest cloudtrail logs.
false - you are already ingesting cloudtrail logs into Sumo Logic. | `bool` | `true` | no | | [collect\_cloudwatch\_logs](#input\_collect\_cloudwatch\_logs) | Select the kind of Sumo Logic CloudWatch Logs Sources to create
You have the following options:
"Lambda Log Forwarder" - Creates a Sumo Logic CloudWatch Log Source that collects CloudWatch logs via a Lambda function.
"Kinesis Firehose Log Source" - Creates a Sumo Logic Kinesis Firehose Log Source to collect CloudWatch logs.
"None" - Skips installation of both sources. | `string` | `"Kinesis Firehose Log Source"` | no | | [collect\_cloudwatch\_metrics](#input\_collect\_cloudwatch\_metrics) | Select the kind of CloudWatch Metrics Source to create
You have the following options:
"CloudWatch Metrics Source" - Creates Sumo Logic AWS CloudWatch Metrics Sources.
"Kinesis Firehose Metrics Source" (Recommended) - Creates a Sumo Logic AWS Kinesis Firehose for Metrics Source. Note: This new source has cost and performance benefits over the CloudWatch Metrics Source and is therefore recommended.
"None" - Skips the Installation of both the Sumo Logic Metric Sources | `string` | `"Kinesis Firehose Metrics Source"` | no | @@ -100,6 +105,10 @@ | [aws\_kinesis\_firehose\_metrics\_delivery\_stream](#output\_aws\_kinesis\_firehose\_metrics\_delivery\_stream) | AWS Kinesis firehose delivery stream to send metrics to Sumo Logic. | | [aws\_s3\_bucket](#output\_aws\_s3\_bucket) | Common S3 Bucket to store CloudTrail, ELB and Failed Kinesis data. | | [aws\_sns\_topic](#output\_aws\_sns\_topic) | Common SNS topic attached to the S3 bucket. | +| [clasic\_lb\_auto\_enable\_stack](#output\_clasic\_lb\_auto\_enable\_stack) | AWS CloudFormation stack for ALB Auto Enable access logs. | +| [clasic\_lb\_sns\_subscription](#output\_clasic\_lb\_sns\_subscription) | AWS SNS subscription to Sumo Logic AWS ELB source. | +| [clasic\_lb\_sns\_topic](#output\_clasic\_lb\_sns\_topic) | SNS topic created to be attached to an existing elb logs bucket. | +| [clasic\_lb\_source](#output\_clasic\_lb\_source) | Sumo Logic AWS ELB source. | | [cloudtrail\_sns\_subscription](#output\_cloudtrail\_sns\_subscription) | AWS SNS subscription to Sumo Logic AWS CloudTrail source. | | [cloudtrail\_sns\_topic](#output\_cloudtrail\_sns\_topic) | SNS topic created to be attached to an existing cloudtrail bucket. | | [cloudtrail\_source](#output\_cloudtrail\_source) | Sumo Logic AWS CloudTrail source. | diff --git a/aws-observability-terraform/source-module/main.tf b/aws-observability-terraform/source-module/main.tf index 58481ea5..5f79878e 100644 --- a/aws-observability-terraform/source-module/main.tf +++ b/aws-observability-terraform/source-module/main.tf @@ -60,6 +60,7 @@ module "cloudtrail_module" { } } +#ALB module module "elb_module" { depends_on = [time_sleep.wait_for_minutes] for_each = toset(local.create_elb_source ? ["elb_module"] : []) @@ -103,6 +104,7 @@ module "elb_module" { } } +#CLB module module "classic_lb_module" { depends_on = [time_sleep.wait_for_minutes] for_each = toset(local.create_classic_lb_source ? ["classic_lb_module"] : []) diff --git a/aws-observability-terraform/source-module/variables.tf b/aws-observability-terraform/source-module/variables.tf index 3b21ba90..646af763 100644 --- a/aws-observability-terraform/source-module/variables.tf +++ b/aws-observability-terraform/source-module/variables.tf @@ -216,10 +216,10 @@ variable "collect_elb_logs" { variable "collect_classic_lb_logs" { type = bool description = < Date: Fri, 10 Dec 2021 18:48:19 +0530 Subject: [PATCH 08/44] updating names --- .../app-modules/outputs.tf | 15 +++++++++++++++ .../source-module/local.tf | 4 ++-- aws-observability-terraform/source-module/main.tf | 10 +++++----- .../source-module/variables.tf | 2 +- 4 files changed, 23 insertions(+), 8 deletions(-) diff --git a/aws-observability-terraform/app-modules/outputs.tf b/aws-observability-terraform/app-modules/outputs.tf index 7ab2e9af..fcd69d37 100644 --- a/aws-observability-terraform/app-modules/outputs.tf +++ b/aws-observability-terraform/app-modules/outputs.tf @@ -23,6 +23,21 @@ output "sumologic_content_alb" { description = "This output contains alb App." } +output "sumologic_field_elb" { + value = module.elb_app.sumologic_field + description = "This output contains fields required for overview app." +} + +output "sumologic_field_extraction_rule_elb" { + value = module.elb_app.sumologic_field_extraction_rule + description = "This output contains Field Extraction rules required for alb app." +} + +output "sumologic_content_elb" { + value = module.elb_app.sumologic_content + description = "This output contains alb App." +} + output "sumologic_field_dynamodb" { value = module.dynamodb_app.sumologic_field description = "This output contains fields required for dynamodb app." diff --git a/aws-observability-terraform/source-module/local.tf b/aws-observability-terraform/source-module/local.tf index bc8d1791..5baa448f 100644 --- a/aws-observability-terraform/source-module/local.tf +++ b/aws-observability-terraform/source-module/local.tf @@ -12,10 +12,10 @@ locals { cloudtrail_path_exp = var.cloudtrail_source_details.bucket_details.create_bucket ? "AWSLogs/${local.aws_account_id}/CloudTrail/${local.aws_region}/*" : var.cloudtrail_source_details.bucket_details.path_expression cloudtrail_fields = merge(var.cloudtrail_source_details.fields, { account = var.aws_account_alias }) - # ELB Source updated Details + # ALB Source updated Details create_elb_source = var.collect_elb_logs && var.elb_log_source_url == "" update_elb_source = var.collect_elb_logs ? (var.elb_log_source_url == "" ? false : true) : false - elb_source_name = var.elb_source_details.source_name == "Elb Logs (Region)" ? "Elb Logs ${local.aws_region}" : var.elb_source_details.source_name + elb_source_name = var.elb_source_details.source_name == "Alb Logs (Region)" ? "Alb Logs ${local.aws_region}" : var.elb_source_details.source_name elb_path_exp = var.elb_source_details.bucket_details.create_bucket ? "*AWSLogs/${local.aws_account_id}/elasticloadbalancing/${local.aws_region}/*" : var.elb_source_details.bucket_details.path_expression elb_fields = merge(var.elb_source_details.fields, { account = var.aws_account_alias, region = local.aws_region, namespace = "aws/applicationelb", accountid = local.aws_account_id }) diff --git a/aws-observability-terraform/source-module/main.tf b/aws-observability-terraform/source-module/main.tf index 5f79878e..b26b832a 100644 --- a/aws-observability-terraform/source-module/main.tf +++ b/aws-observability-terraform/source-module/main.tf @@ -141,11 +141,11 @@ module "classic_lb_module" { } } #check with nitin to intro new var or not, I think no need - auto_enable_access_logs = var.auto_enable_access_logs - auto_enable_access_logs_options = { - filter = "'Type': 'application'|'type': 'application'" - remove_on_delete_stack = true - } + # auto_enable_access_logs = var.auto_enable_access_logs + # auto_enable_access_logs_options = { + # filter = "'Type': 'application'|'type': 'application'" + # remove_on_delete_stack = true + # } } module "cloudwatch_metrics_source_module" { diff --git a/aws-observability-terraform/source-module/variables.tf b/aws-observability-terraform/source-module/variables.tf index 646af763..e28c2f4a 100644 --- a/aws-observability-terraform/source-module/variables.tf +++ b/aws-observability-terraform/source-module/variables.tf @@ -246,7 +246,7 @@ variable "elb_source_details" { path_expression - This is required in case the above existing bucket is already configured to receive ALB access logs. If this is blank, Sumo Logic will store logs in the path expression: *AWSLogs/*/elasticloadbalancing/*/* EOT default = { - source_name = "Elb Logs (Region)" + source_name = "Alb Logs (Region)" source_category = "aws/observability/alb/logs" description = "This source is created using Sumo Logic terraform AWS Observability module to collect AWS Application LoadBalancer logs." bucket_details = { From e4654da8f76ecc0a050f8908519d6fc45cc938a2 Mon Sep 17 00:00:00 2001 From: sumoanema Date: Thu, 6 Jan 2022 18:08:57 +0530 Subject: [PATCH 09/44] AWSO | changes for introducing ELB-Classic load balancer in AWSO for CF templates --- .../apps/alb/alb_app.template.yaml | 2 +- .../apigateway/api_gateway_app.template.yaml | 2 +- .../apps/autoenable/auto_enable.template.yaml | 46 +- .../cloudwatchmetrics.template.yaml | 2 +- .../apps/common/resources.template.yaml | 160 +- .../controltower/controltower.template.yaml | 4 +- .../apps/dynamodb/dynamodb_app.template.yaml | 2 +- .../ec2metrics/ec2_metrics_app.template.yaml | 2 +- .../apps/ecs/ecs_app.template.yaml | 2 +- .../elasticache/elasticache_app.template.yaml | 2 +- .../apps/elb/elb_app.template.yaml | 337 ++ .../apps/elb/test/TestTemplate.yaml | 124 + .../host_metrics_add_fields.template.yaml | 2 +- .../apps/lambda/lambda_app.template.yaml | 2 +- .../apps/nlb/nlb_app.template.yaml | 2 +- .../permissioncheck.nested.template.yaml | 2 +- .../permissioncheck.template.yaml | 4 +- .../apps/rds/rds_app.template.yaml | 2 +- .../rootcause/rootcauseexplorer.template.yaml | 2 +- aws-observability/json/Alb-App.json | 116 +- aws-observability/json/Alerts-App.json | 809 +++-- aws-observability/json/Classic-lb-App.json | 3039 +++++++++++++++++ aws-observability/json/EC2-Metrics-App.json | 757 +++- .../scripts/DeployTemplate/DeployTemplate.sh | 2 +- aws-observability/scripts/JsonToS3.sh | 2 +- aws-observability/scripts/TestTemplate.sh | 2 +- aws-observability/scripts/YamlToS3.sh | 2 +- ...mologic_observability.master.template.yaml | 104 +- .../templates/test/TestTemplate.yaml | 664 ++++ 29 files changed, 5818 insertions(+), 380 deletions(-) create mode 100755 aws-observability/apps/elb/elb_app.template.yaml create mode 100644 aws-observability/apps/elb/test/TestTemplate.yaml create mode 100644 aws-observability/json/Classic-lb-App.json diff --git a/aws-observability/apps/alb/alb_app.template.yaml b/aws-observability/apps/alb/alb_app.template.yaml index 8046c349..eeeebf49 100755 --- a/aws-observability/apps/alb/alb_app.template.yaml +++ b/aws-observability/apps/alb/alb_app.template.yaml @@ -1,6 +1,6 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' -Description: "Version - v2.3.0: Template to setup the ALB app with AWS and Sumo Logic resources for AWS Observability Solution." +Description: "Version - v2.3.1: Template to setup the ALB app with AWS and Sumo Logic resources for AWS Observability Solution." Metadata: 'AWS::CloudFormation::Interface': diff --git a/aws-observability/apps/apigateway/api_gateway_app.template.yaml b/aws-observability/apps/apigateway/api_gateway_app.template.yaml index e6db1431..1abe9e1a 100755 --- a/aws-observability/apps/apigateway/api_gateway_app.template.yaml +++ b/aws-observability/apps/apigateway/api_gateway_app.template.yaml @@ -1,6 +1,6 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' -Description: "Version - v2.3.0: Template to setup the API Gateway app with AWS and Sumo Logic resources for AWS Observability Solution." +Description: "Version - v2.3.1: Template to setup the API Gateway app with AWS and Sumo Logic resources for AWS Observability Solution." Metadata: 'AWS::CloudFormation::Interface': diff --git a/aws-observability/apps/autoenable/auto_enable.template.yaml b/aws-observability/apps/autoenable/auto_enable.template.yaml index 17347c32..74cbb4b1 100644 --- a/aws-observability/apps/autoenable/auto_enable.template.yaml +++ b/aws-observability/apps/autoenable/auto_enable.template.yaml @@ -1,6 +1,6 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' -Description: "Version - v2.3.0: Template to setup Auto Enable ALB Access Logging and Lambda Auto Subscribe Log Groups for AWS Observability Solution." +Description: "Version - v2.3.1: Template to setup Auto Enable ALB Access Logging and Lambda Auto Subscribe Log Groups for AWS Observability Solution." Parameters: SumoLogicResourceRemoveOnDeleteStack: @@ -75,8 +75,35 @@ Parameters: Default: "" Description: "Enter AWS IAM Role arn in case the destination is Kinesis Firehose stream." + ELBAutoEnableS3Logs: + AllowedValues: + - 'Yes' + - 'No' + Default: 'Yes' + Description: "Enable ELB S3 Access Logging" + Type: String + + ELBAutoEnableS3LogsOptions: + Type: String + Description: "New - Automatically enables S3 logging for newly created ELB resources to collect logs for ELB resources. This does not affect ELB resources already collecting logs. + Existing - Automatically enables S3 logging for existing ELB resources to collect logs for ELB resources. + Both - Automatically enables S3 logging for new and existing ELB resources. + None - Skips Automatic S3 Logging enable for ELB resources." + Default: 'Both' + AllowedValues: + - 'New' + - 'Existing' + - 'Both' + - 'None' + + ELBS3LogsBucketName: + Type: String + Description: "Provide a name of existing S3 bucket name where you would like to store ELB logs. If this is empty, a new bucket will be created in the region." + Default: "" + Conditions: auto_enable_s3_logs: !Equals [ !Ref ALBAutoEnableS3Logs, 'Yes' ] + auto_enable_s3_logs_elb: !Equals [ !Ref ELBAutoEnableS3Logs, 'Yes' ] auto_subscribe_new_lambda_log_groups: !Equals [ !Ref AutoSubscribeLogGroups, 'Yes' ] # Condition for Auto Subscribe Lambda @@ -92,7 +119,7 @@ Resources: Properties: Location: ApplicationId: arn:aws:serverlessrepo:us-east-1:956882708938:applications/sumologic-s3-logging-auto-enable - SemanticVersion: 1.0.2 + SemanticVersion: 1.0.3 Parameters: BucketName: !Ref ALBS3LogsBucketName BucketPrefix: "elasticloadbalancing" @@ -100,6 +127,21 @@ Resources: AutoEnableResourceOptions: !Ref ALBAutoEnableS3LogsOptions FilterExpression: "'Type': 'application'|'type': 'application'" RemoveOnDeleteStack: !Ref SumoLogicResourceRemoveOnDeleteStack + + AutoEnableS3LogsElbAWSResources: + Type: AWS::Serverless::Application + Condition: auto_enable_s3_logs_elb + Properties: + Location: + ApplicationId: arn:aws:serverlessrepo:us-east-1:956882708938:applications/sumologic-s3-logging-auto-enable + SemanticVersion: 1.0.3 + Parameters: + BucketName: !Ref ELBS3LogsBucketName + BucketPrefix: "classicloadbalancing" + AutoEnableLogging: "ELB" + AutoEnableResourceOptions: !Ref ELBAutoEnableS3LogsOptions + FilterExpression: "'apiVersion': '2012-06-01'" + RemoveOnDeleteStack: !Ref SumoLogicResourceRemoveOnDeleteStack AutoSubscribeLambdaLogGroupsAWSResources: Type: AWS::Serverless::Application diff --git a/aws-observability/apps/cloudwatchmetrics/cloudwatchmetrics.template.yaml b/aws-observability/apps/cloudwatchmetrics/cloudwatchmetrics.template.yaml index cd5d9547..2e081f5d 100644 --- a/aws-observability/apps/cloudwatchmetrics/cloudwatchmetrics.template.yaml +++ b/aws-observability/apps/cloudwatchmetrics/cloudwatchmetrics.template.yaml @@ -1,6 +1,6 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' -Description: "Version - v2.3.0: Template to Setup Sumo Logic CloudWatch Metric Source. The template setup CW Metrics Sources for Namespaces." +Description: "Version - v2.3.1: Template to Setup Sumo Logic CloudWatch Metric Source. The template setup CW Metrics Sources for Namespaces." Parameters: SumoLogicDeployment: diff --git a/aws-observability/apps/common/resources.template.yaml b/aws-observability/apps/common/resources.template.yaml index 43909e6b..aee3ddb2 100755 --- a/aws-observability/apps/common/resources.template.yaml +++ b/aws-observability/apps/common/resources.template.yaml @@ -1,6 +1,6 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' -Description: "Version - v2.3.0: Template to Setup Sumo Logic Sources and supporting AWS Resources for CloudTrail, ALB, Lambda CloudWatch Logs and CloudWatch Metrics." +Description: "Version - v2.3.1: Template to Setup Sumo Logic Sources and supporting AWS Resources for CloudTrail, ALB, Lambda CloudWatch Logs and CloudWatch Metrics." Parameters: SumoLogicDeployment: @@ -212,12 +212,45 @@ Parameters: Type: String Description: "Provide the version for the nested templates. Default is the latest version." AllowedPattern: ".+" + + CreateELBLogSource: + Type: String + Description: "Choose Yes to create Sumo Logic ELB Log Source with provided bucket Name." + Default: 'No' + AllowedValues: + - 'Yes' + - 'No' + CreateELBS3Bucket: + Type: String + Description: "Yes - Create a new S3 bucket in AWS S3. + No - Use an existing S3 bucket from AWS S3 which has ELB Logs." + Default: 'No' + AllowedValues: + - 'Yes' + - 'No' + ELBS3LogsBucketName: + Type: String + Description: "Required when Bucket creation Flag = No. Provide an existing bucket name that has ELB logs." + Default: "" + ELBS3BucketPathExpression: + Type: String + Description: Path expression to match one or more S3 objects. For example, ABC*.log or ABC.log + Default: "*" + ELBLogsSourceName: + Type: String + Description: "Provide a ELB Logs Source Name" + Default: "" + ELBLogsSourceCategory: + Type: String + Description: "Provide a source Category for the ELB Logs Source." + Default: "" Conditions: # Sources Conditions install_metadata_source: !Equals [ !Ref CreateMetaDataSource, 'Yes' ] install_cloud_watch_metric_source: !Equals [ !Ref CreateCloudWatchMetricsSource, 'Yes' ] install_alb_logs_source: !Equals [ !Ref CreateALBLogSource, 'Yes' ] + install_elb_logs_source: !Equals [ !Ref CreateELBLogSource, 'Yes'] install_cloudtrail_logs_source: !Equals [ !Ref CreateCloudTrailLogSource, 'Yes' ] install_cloudwatch_logs_source: !Equals [ !Ref CreateCloudWatchLogSource, 'Yes' ] install_kf_metric_source: !Equals [ !Ref CreateKinesisFirehoseMetricsSource, 'Yes' ] @@ -227,6 +260,7 @@ Conditions: - !Condition install_metadata_source - !Condition install_cloud_watch_metric_source - !Condition install_alb_logs_source + - !Condition install_elb_logs_source - !Condition install_cloudtrail_logs_source - !Condition install_cloudwatch_logs_source - !Condition install_kf_metric_source @@ -234,10 +268,12 @@ Conditions: # Bucket Condition and Trail create_alb_bucket: !Equals [ !Ref CreateALBS3Bucket, 'Yes' ] + create_elb_bucket: !Equals [ !Ref CreateELBS3Bucket, 'Yes' ] create_cloudtrail_bucket: !Equals [ !Ref CreateCloudTrailBucket, 'Yes' ] create_target_s3_bucket: !Or - !Condition create_alb_bucket - !Condition create_cloudtrail_bucket + - !Condition create_elb_bucket # SNS create_cloudtrail_sns_topic: !And @@ -246,12 +282,16 @@ Conditions: create_alb_sns_topic: !And - !Not [ !Condition create_alb_bucket ] - !Condition install_alb_logs_source + create_elb_sns_topic: !And + - !Not [ !Condition create_elb_bucket ] + - !Condition install_elb_logs_source # Sumo Logic Role install_sumo_logic_role: !Or - !Condition install_metadata_source - !Condition install_cloud_watch_metric_source - !Condition install_alb_logs_source + - !Condition install_elb_logs_source - !Condition install_cloudtrail_logs_source - !Condition install_kf_metric_source @@ -412,6 +452,12 @@ Resources: - !Sub - "arn:aws:s3:::${S3Bucket}/*" - S3Bucket: !If [install_cloudtrail_logs_source, !If [ create_cloudtrail_bucket, !Ref CommonS3Bucket, !Ref CloudTrailLogsBucketName ], ""] + - !Sub + - "arn:aws:s3:::${S3Bucket}" + - S3Bucket: !If [install_elb_logs_source, !If [ create_elb_bucket, !Ref CommonS3Bucket, !Ref ELBS3LogsBucketName ], ""] + - !Sub + - "arn:aws:s3:::${S3Bucket}/*" + - S3Bucket: !If [install_elb_logs_source, !If [ create_elb_bucket, !Ref CommonS3Bucket, !Ref ELBS3LogsBucketName ], ""] LambdaHelper: Type: 'AWS::Serverless::Function' @@ -654,7 +700,7 @@ Resources: ServiceToken: !GetAtt LambdaHelper.Arn RemoveOnDeleteStack: false HierarchyName: "AWS Observability" - HierarchyLevel: { "entityType": "account","nextLevelsWithConditions": [ ],"nextLevel": { "entityType": "region","nextLevelsWithConditions": [ ],"nextLevel": { "entityType": "namespace","nextLevelsWithConditions": [ { "condition": "AWS/ApplicationElb","level": { "entityType": "loadbalancer","nextLevelsWithConditions": [ ] } },{ "condition": "AWS/ApiGateway","level": { "entityType": "apiname","nextLevelsWithConditions": [ ] } },{ "condition": "AWS/DynamoDB","level": { "entityType": "tablename","nextLevelsWithConditions": [ ] } },{ "condition": "AWS/EC2","level": { "entityType": "instanceid","nextLevelsWithConditions": [ ] } },{ "condition": "AWS/RDS","level": { "entityType": "dbidentifier","nextLevelsWithConditions": [ ] } },{ "condition": "AWS/Lambda","level": { "entityType": "functionname","nextLevelsWithConditions": [ ] } },{ "condition": "AWS/ECS","level": { "entityType": "clustername","nextLevelsWithConditions": [ ] } },{ "condition": "AWS/ElastiCache","level": { "entityType": "cacheclusterid","nextLevelsWithConditions": [ ] } },{ "condition": "AWS/NetworkELB","level": { "entityType": "networkloadbalancer","nextLevelsWithConditions": [ ] } } ] } } } + HierarchyLevel: {"entityType":"account","nextLevelsWithConditions":[],"nextLevel":{"entityType":"region","nextLevelsWithConditions":[],"nextLevel":{"entityType":"namespace","nextLevelsWithConditions":[{"condition":"AWS/ApplicationElb","level":{"entityType":"loadbalancer","nextLevelsWithConditions":[]}},{"condition":"AWS/ApiGateway","level":{"entityType":"apiname","nextLevelsWithConditions":[]}},{"condition":"AWS/DynamoDB","level":{"entityType":"tablename","nextLevelsWithConditions":[]}},{"condition":"AWS/EC2","level":{"entityType":"instanceid","nextLevelsWithConditions":[]}},{"condition":"AWS/RDS","level":{"entityType":"dbidentifier","nextLevelsWithConditions":[]}},{"condition":"AWS/Lambda","level":{"entityType":"functionname","nextLevelsWithConditions":[]}},{"condition":"AWS/ECS","level":{"entityType":"clustername","nextLevelsWithConditions":[]}},{"condition":"AWS/ElastiCache","level":{"entityType":"cacheclusterid","nextLevelsWithConditions":[]}},{"condition":"AWS/NetworkELB","level":{"entityType":"networkloadbalancer","nextLevelsWithConditions":[]}},{"condition":"AWS/ELB","level":{"entityType":"loadbalancername","nextLevelsWithConditions":[]}}]}}} SumoAccessID: !Ref SumoLogicAccessID SumoAccessKey: !Ref SumoLogicAccessKey SumoDeployment: !Ref SumoLogicDeployment @@ -682,6 +728,30 @@ Resources: - !Sub - "arn:aws:s3:::${S3Bucket}/*" - S3Bucket: !If [ create_alb_bucket, !Ref CommonS3Bucket, !Ref ALBS3LogsBucketName ] + + SumoLogicELBS3Policy: + Type: AWS::IAM::Policy + Condition: install_elb_logs_source + Properties: + PolicyName: SumoLogicAwsSourcesPoliciesS3ELB + Roles: + - !Ref SumoLogicSourceRole + PolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Action: + - s3:GetObject + - s3:GetObjectVersion + - s3:ListBucketVersions + - s3:ListBucket + Resource: + - !Sub + - "arn:aws:s3:::${S3Bucket}" + - S3Bucket: !If [ create_elb_bucket, !Ref CommonS3Bucket, !Ref ELBS3LogsBucketName ] + - !Sub + - "arn:aws:s3:::${S3Bucket}/*" + - S3Bucket: !If [ create_elb_bucket, !Ref CommonS3Bucket, !Ref ELBS3LogsBucketName ] SumoLogicCloudTrailS3Policy: Type: AWS::IAM::Policy @@ -1080,6 +1150,92 @@ Resources: Topics: - Ref: ALBSNSTopic + ############# START - RESOURCES FOR ELB SOURCE ################# + + ELBSource: + Condition: install_elb_logs_source + Type: Custom::AWSSource + DependsOn: SumoLogicELBS3Policy + Properties: + SourceType: AwsElbBucket # ?? + ServiceToken: !GetAtt LambdaHelper.Arn + Region: !Ref "AWS::Region" + SourceName: !Ref ELBLogsSourceName + RemoveOnDeleteStack: !Ref RemoveSumoLogicResourcesOnDeleteStack + SourceCategory: !Ref ELBLogsSourceCategory + CollectorId: !GetAtt SumoLogicHostedCollector.COLLECTOR_ID + SumoAccessID: !Ref SumoLogicAccessID + SumoAccessKey: !Ref SumoLogicAccessKey + SumoDeployment: !Ref SumoLogicDeployment + TargetBucketName: !If [ create_elb_bucket, !Ref CommonS3Bucket, !Ref ELBS3LogsBucketName ] + PathExpression: !Ref ELBS3BucketPathExpression + Fields: + account: !GetAtt AccountAliasValue.ACCOUNT_ALIAS + namespace: "aws/elb" + region: !Ref "AWS::Region" + accountid: !Ref "AWS::AccountId" + RoleArn: !GetAtt SumoLogicSourceRole.Arn + + ELBSNSTopic: + Type: 'AWS::SNS::Topic' + Condition: create_elb_sns_topic + Metadata: + cfn_nag: + rules_to_suppress: + - id: W47 + reason: "KmsMasterKeyId not required for SNS topic." + Properties: + TopicName: !Join + - "" + - - "elb-sumo-sns-" + - !GetAtt AccountAliasValue.ACCOUNT_ALIAS + - !Select + - 0 + - !Split + - "-" + - !Select + - 2 + - !Split [ "/", !Ref "AWS::StackId" ] + + ELBSNSSubscription: + Condition: install_elb_logs_source + Type: "AWS::SNS::Subscription" + Properties: + TopicArn: !If [ create_elb_bucket, !Ref CommonBucketSNSTopic, !Ref ELBSNSTopic ] + Endpoint: !GetAtt ELBSource.SUMO_ENDPOINT # ?? + Protocol: https + DeliveryPolicy: + healthyRetryPolicy: + numRetries: 40 + minDelayTarget: 10 + maxDelayTarget: 300 + numMinDelayRetries: 3 + numMaxDelayRetries: 5 + numNoDelayRetries: 0 + backoffFunction: exponential + + ELBSNSpolicy: + Condition: create_elb_sns_topic + Type: "AWS::SNS::TopicPolicy" + Properties: + PolicyDocument: + Id: ELBSNSpolicy + Statement: + - Action: + - sns:Publish + Condition: + StringEquals: + aws:SourceAccount: !Ref "AWS::AccountId" + ArnLike: + aws:SourceArn: !Sub "arn:aws:s3:::${ELBS3LogsBucketName}" + Effect: Allow + Principal: + "Service": "s3.amazonaws.com" + Resource: + - !Ref ELBSNSTopic + Topics: + - Ref: ELBSNSTopic + ############# START - RESOURCES FOR CLOUD TRAIL SOURCE ################# CloudTrailSource: diff --git a/aws-observability/apps/controltower/controltower.template.yaml b/aws-observability/apps/controltower/controltower.template.yaml index d3bc0f6f..a4ca4758 100644 --- a/aws-observability/apps/controltower/controltower.template.yaml +++ b/aws-observability/apps/controltower/controltower.template.yaml @@ -1,6 +1,6 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 -Description: "Version - v2.3.0: The Template should be deployed in Master account. This template setup the Lambda trigger for new account created using AWS Control Tower Account Factory process. The Lambda install the AWS Observability CF template on the regions of new AWS account using stack Sets. (MPCT-ibieokba)" +Description: "Version - v2.3.1: The Template should be deployed in Master account. This template setup the Lambda trigger for new account created using AWS Control Tower Account Factory process. The Lambda install the AWS Observability CF template on the regions of new AWS account using stack Sets. (MPCT-ibieokba)" Globals: Function: @@ -212,7 +212,7 @@ Resources: from botocore.exceptions import ClientError name = 'SUMO-LOGIC-AWS-OBSERVABILITY' - templateURL = "https://sumologic-appdev-aws-sam-apps.s3.amazonaws.com/aws-observability-versions/v2.3.0/sumologic_observability.master.template.yaml" + templateURL = "https://sumologic-appdev-aws-sam-apps.s3.amazonaws.com/aws-observability-versions/v2.3.1/sumologic_observability.master.template.yaml" ALL = ["CAPABILITY_IAM", "CAPABILITY_NAMED_IAM", "CAPABILITY_AUTO_EXPAND"] diff --git a/aws-observability/apps/dynamodb/dynamodb_app.template.yaml b/aws-observability/apps/dynamodb/dynamodb_app.template.yaml index 959858fd..214b9e2d 100755 --- a/aws-observability/apps/dynamodb/dynamodb_app.template.yaml +++ b/aws-observability/apps/dynamodb/dynamodb_app.template.yaml @@ -1,6 +1,6 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' -Description: "Version - v2.3.0: Template to setup the DynamoDB app with AWS and Sumo Logic resources for AWS Observability Solution." +Description: "Version - v2.3.1: Template to setup the DynamoDB app with AWS and Sumo Logic resources for AWS Observability Solution." Metadata: 'AWS::CloudFormation::Interface': diff --git a/aws-observability/apps/ec2metrics/ec2_metrics_app.template.yaml b/aws-observability/apps/ec2metrics/ec2_metrics_app.template.yaml index 35a94a4a..1c4f1971 100755 --- a/aws-observability/apps/ec2metrics/ec2_metrics_app.template.yaml +++ b/aws-observability/apps/ec2metrics/ec2_metrics_app.template.yaml @@ -1,6 +1,6 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' -Description: "Version - v2.3.0: Template to setup the EC2 Metrics app with AWS and Sumo Logic resources for AWS Observability Solution." +Description: "Version - v2.3.1: Template to setup the EC2 Metrics app with AWS and Sumo Logic resources for AWS Observability Solution." Metadata: AWS::CloudFormation::Interface: diff --git a/aws-observability/apps/ecs/ecs_app.template.yaml b/aws-observability/apps/ecs/ecs_app.template.yaml index ca310205..6b131532 100755 --- a/aws-observability/apps/ecs/ecs_app.template.yaml +++ b/aws-observability/apps/ecs/ecs_app.template.yaml @@ -1,6 +1,6 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' -Description: "Version - v2.3.0: Template to setup the ECS app with AWS and Sumo Logic resources for AWS Observability Solution." +Description: "Version - v2.3.1: Template to setup the ECS app with AWS and Sumo Logic resources for AWS Observability Solution." Metadata: 'AWS::CloudFormation::Interface': diff --git a/aws-observability/apps/elasticache/elasticache_app.template.yaml b/aws-observability/apps/elasticache/elasticache_app.template.yaml index fd607d1c..5a703661 100755 --- a/aws-observability/apps/elasticache/elasticache_app.template.yaml +++ b/aws-observability/apps/elasticache/elasticache_app.template.yaml @@ -1,6 +1,6 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' -Description: "Version - v2.3.0: Template to setup the ElastiCache app with AWS and Sumo Logic resources for AWS Observability Solution." +Description: "Version - v2.3.1: Template to setup the ElastiCache app with AWS and Sumo Logic resources for AWS Observability Solution." Metadata: 'AWS::CloudFormation::Interface': diff --git a/aws-observability/apps/elb/elb_app.template.yaml b/aws-observability/apps/elb/elb_app.template.yaml new file mode 100755 index 00000000..a161fcc6 --- /dev/null +++ b/aws-observability/apps/elb/elb_app.template.yaml @@ -0,0 +1,337 @@ +AWSTemplateFormatVersion: '2010-09-09' +Transform: 'AWS::Serverless-2016-10-31' +Description: "Version - v2.3.1: Template to setup the ELB classic app with AWS and Sumo Logic resources for AWS Observability Solution." + +Metadata: + 'AWS::CloudFormation::Interface': + ParameterGroups: + - Label: + default: "Sumo Logic Access Configuration (Required)" + Parameters: + - Section1aSumoDeployment + - Section1bSumoAccessID + - Section1cSumoAccessKey + - Section1dRemoveSumoResourcesOnDeleteStack + + - Label: + default: "Sumo Logic AWS Resources Tagging Configuration (Required)" + Parameters: + - Section2aAccountAlias + - Section2bAccountAliasMappingS3URL + + - Label: + default: "App Details - Sumo Logic App Configuration" + Parameters: + - Section3aInstallApp + + - Label: + default: "App Details - CloudWatch Metrics Source Configuration" + Parameters: + - Section4aCloudWatchExistingSourceAPIUrl + + - Label: + default: "App Details - ELB classic Source Log Source Configuration" + Parameters: + - Section5aELBLogsAPIUrl + - Section5bELBLogsSourceName + + - Label: + default: "Local Parameters. Do Not Edit the values." + Parameters: + - Section6aParentStackLambdaARN + - Section6bTemplatesBucketName + - Section6cNestedTemplateVersion + + ParameterLabels: + Section1aSumoDeployment: + default: "Sumo Logic Deployment Name" + Section1bSumoAccessID: + default: "Sumo Logic Access ID" + Section1cSumoAccessKey: + default: "Sumo Logic Access Key" + Section1dRemoveSumoResourcesOnDeleteStack: + default: "Delete Sumo Logic Resources when stack is deleted" + + Section2aAccountAlias: + default: "Alias for AWS Account Identification. Please leave this blank if you are using CloudFormation StackSets to deploy the solution in multiple AWS accounts." + + Section2bAccountAliasMappingS3URL: + default: "S3 URL of a CSV file that maps AWS Account IDs to an Account Alias" + + Section3aInstallApp: + default: "Install Sumo Logic App" + + Section4aCloudWatchExistingSourceAPIUrl: + default: "Existing Sumo Logic CloudWatch Metrics Source API URL" + + Section5aELBLogsAPIUrl: + default: "Existing Sumo Logic ELB Logs Source API URL" + Section5bELBLogsSourceName: + default: "Provide the ELB Logs Source Name for Field Extraction Rule" + + Section6aParentStackLambdaARN: + default: "If Any, Lambda ARN from parent Stack" + Section6bTemplatesBucketName: + default: "Nested Templates Bucket Name" + Section6cNestedTemplateVersion: + default: "Nested Templates Version" + +Parameters: + Section1aSumoDeployment: + Type: String + Description: "Enter au, ca, de, eu, jp, us2, in, fed or us1." + Default: "" + Section1bSumoAccessID: + Type: String + Description: "Sumo Logic Access ID. Used for Sumo Logic API calls." + AllowedPattern: ".+" + ConstraintDescription: "Sumo Logic Access ID can not be empty." + Section1cSumoAccessKey: + Type: String + Description: "Sumo Logic Access Key. Used for Sumo Logic API calls." + AllowedPattern: ".+" + ConstraintDescription: "Sumo Logic Access Key can not be empty." + NoEcho: true + Section1dRemoveSumoResourcesOnDeleteStack: + AllowedValues: + - true + - false + Default: true + Description: "To delete collectors, sources and apps when the stack is deleted, set this parameter to True. Default is True. + Deletes the resources created by the stack. Deletion of updated resources will be skipped." + Type: String + + Section2aAccountAlias: + Type: String + Description: "Provide an Alias for AWS account for identification in Sumo Logic Explorer View, metrics and logs. Please do not include special characters." + AllowedPattern: "[a-z0-9]*" + ConstraintDescription: "Alias must only contain lowercase letters, number and length less than or equal to 30 characters." + MaxLength: 30 + + Section2bAccountAliasMappingS3URL: + Type: String + Description: "Required only if you are using CloudFormation StackSets to deploy the solution in multiple AWS accounts." + Default: "" + + Section3aInstallApp: + Type: String + Description: "Yes - Installs the ELB classic App for the Sumo Logic AWS Observability Solution. + No - Skips the installation of this app." + Default: 'Yes' + AllowedValues: + - 'Yes' + - 'No' + + Section4aCloudWatchExistingSourceAPIUrl: + Type: String + Description: "Required when already collecting ELB Metrics. Provide the existing Sumo Logic ALB Metrics Source API URL. Account Field will be added to the Source. For Source API URL, visit https://help.sumologic.com/03Send-Data/Sources/03Use-JSON-to-Configure-Sources/Local-Configuration-File-Management/View-or-Download-Source-JSON-Configuration" + Default: "" + + Section5aELBLogsAPIUrl: + Type: String + Description: "Required when already collecting ELB logs. Provide the existing Sumo Logic ELB Source API URL. Account, region and namespace Fields will be added to the Source. For Source API URL, visit https://help.sumologic.com/03Send-Data/Sources/03Use-JSON-to-Configure-Sources/Local-Configuration-File-Management/View-or-Download-Source-JSON-Configuration" + Default: "" + Section5bELBLogsSourceName: + Type: String + Description: "Provide a ELB Logs Source Name for Field Extraction Rule." + Default: "" + + Section6aParentStackLambdaARN: + Type: String + Default: "ParentStackLambdaARN" + Description: Parent Stack Lambda ARN. Do Not Edit the value. + Section6bTemplatesBucketName: + Type: String + AllowedPattern: ".+" + Description: Bucket Name for all the nested templates. + Section6cNestedTemplateVersion: + Type: String + Description: "Provide the version for the nested templates. Default is the latest version." + AllowedPattern: ".+" + +Conditions: + install_app: !Equals [!Ref Section3aInstallApp, 'Yes'] + + update_elb_logs_source: !Not [!Equals [!Ref Section5aELBLogsAPIUrl, '']] + + update_elb_metrics_source: !Not [!Equals [!Ref Section4aCloudWatchExistingSourceAPIUrl, '']] + + create_fer: !Or + - !Condition update_elb_logs_source + - !Not [!Equals [!Ref Section5bELBLogsSourceName, '']] + +Mappings: + # Bucket names where the Lambda Zip and Nested Templates are kept. Buckets are present in region, with region as suffix. + # Some buckets names have 's' in the region suffix. It is kept intentional as bucket names were not available. + # Buckets names which are intentional - + # 1. appdevzipfiles-eu-north-1s + # 2. appdevzipfiles-ap-east-1s + # 3. appdevzipfiles-af-south-1s + # 4. appdevzipfiles-me-south-1s + RegionMap: + us-east-1: + bucketname: appdevzipfiles-us-east-1 + us-east-2: + bucketname: appdevzipfiles-us-east-2 + us-west-1: + bucketname: appdevzipfiles-us-west-1 + us-west-2: + bucketname: appdevzipfiles-us-west-2 + ap-south-1: + bucketname: appdevzipfiles-ap-south-1 + ap-northeast-2: + bucketname: appdevzipfiles-ap-northeast-2 + ap-southeast-1: + bucketname: appdevzipfiles-ap-southeast-1 + ap-southeast-2: + bucketname: appdevzipfiles-ap-southeast-2 + ap-northeast-1: + bucketname: appdevzipfiles-ap-northeast-1 + ca-central-1: + bucketname: appdevzipfiles-ca-central-1 + eu-central-1: + bucketname: appdevzipfiles-eu-central-1 + eu-west-1: + bucketname: appdevzipfiles-eu-west-1 + eu-west-2: + bucketname: appdevzipfiles-eu-west-2 + eu-west-3: + bucketname: appdevzipfiles-eu-west-3 + eu-north-1: + bucketname: appdevzipfiles-eu-north-1s + sa-east-1: + bucketname: appdevzipfiles-sa-east-1 + ap-east-1: + bucketname: appdevzipfiles-ap-east-1s + af-south-1: + bucketname: appdevzipfiles-af-south-1s + eu-south-1: + bucketname: appdevzipfiles-eu-south-1 + me-south-1: + bucketname: appdevzipfiles-me-south-1s + +Resources: + + LambdaRole: + Type: AWS::IAM::Role + Metadata: + cfn_nag: + rules_to_suppress: + - id: W11 + reason: "Operations are performed across resources." + Properties: + AssumeRolePolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Principal: + Service: lambda.amazonaws.com + Action: sts:AssumeRole + Path: / + Policies: + - PolicyName: LambdaExecutePolicies + PolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Action: + - logs:CreateLogGroup + - logs:CreateLogStream + - logs:PutLogEvents + Resource: '*' + + LambdaHelper: + Type: 'AWS::Serverless::Function' + Properties: + Handler: main.handler + Runtime: python3.7 + CodeUri: + Bucket: !FindInMap [ RegionMap, !Ref 'AWS::Region', bucketname ] + Key: "sumologic-aws-observability/apps/SumoLogicAWSObservabilityHelper/SumoLogicAWSObservabilityHelperv2.0.13.zip" + MemorySize: 128 + Timeout: 900 + Role: + Fn::GetAtt: + - LambdaRole + - Arn + + AccountAliasValue: + Type: Custom::AccountAlias + Properties: + ServiceToken: !GetAtt LambdaHelper.Arn + Region: !Ref "AWS::Region" + AccountID: !Ref "AWS::AccountId" + AccountAlias: !Ref Section2aAccountAlias + AccountAliasMappingS3Url: !Ref Section2bAccountAliasMappingS3URL + SumoAccessID: !Ref Section1bSumoAccessID + SumoAccessKey: !Ref Section1cSumoAccessKey + SumoDeployment: !Ref Section1aSumoDeployment + + sumoApp: + Condition: install_app + Type: Custom::App + Properties: + ServiceToken: !Ref Section6aParentStackLambdaARN + Region: !Ref "AWS::Region" + AppName: "AWS Observability Classic Load Balancer App" + RemoveOnDeleteStack: !Ref Section1dRemoveSumoResourcesOnDeleteStack + FolderName: !Sub "AWS Observability ${Section6cNestedTemplateVersion} " + RetainOldAppOnUpdate: true + SumoAccessID: !Ref Section1bSumoAccessID + SumoAccessKey: !Ref Section1cSumoAccessKey + SumoDeployment: !Ref Section1aSumoDeployment + AppJsonS3Url: !Sub "https://${Section6bTemplatesBucketName}.s3.amazonaws.com/aws-observability-versions/${Section6cNestedTemplateVersion}/appjson/Classic-lb-App.json" + + SumoELBLogsUpdateSource: + Type: Custom::SumoLogicUpdateFields + Condition: update_elb_logs_source + Properties: + ServiceToken: !Ref Section6aParentStackLambdaARN + Region: !Ref "AWS::Region" + RemoveOnDeleteStack: !Ref Section1dRemoveSumoResourcesOnDeleteStack + SourceApiUrl: !Ref Section5aELBLogsAPIUrl + SumoAccessID: !Ref Section1bSumoAccessID + SumoAccessKey: !Ref Section1cSumoAccessKey + SumoDeployment: !Ref Section1aSumoDeployment + Fields: + account: !GetAtt AccountAliasValue.ACCOUNT_ALIAS + namespace: "AWS/ELB" + region: !Ref "AWS::Region" + accountid: !Ref "AWS::AccountId" + + ElbLogsFieldExtractionRule: + Type: Custom::SumoLogicFieldExtractionRule + Condition: create_fer + DependsOn: AddLoadBalancerField + Properties: + ServiceToken: !Ref Section6aParentStackLambdaARN + RemoveOnDeleteStack: false + FieldExtractionRuleName: "AwsObservabilityElbAccessLogsFER" + FieldExtractionRuleScope: !Join + - "" + - - "(_source=" + - !If [update_elb_logs_source, !Sub "\"${SumoELBLogsUpdateSource.source_name}\"", !Ref Section5bELBLogsSourceName] + - ")" + FieldExtractionRuleParseExpression: '| parse "* * * * * * * * * * * \"*\" \"*\" * *" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request,user_agent,ssl_cipher,ssl_protocol + | tolowercase(loadbalancername) as loadbalancername + | fields loadbalancername' + FieldExtractionRuleParseEnabled: true + SumoAccessID: !Ref Section1bSumoAccessID + SumoAccessKey: !Ref Section1cSumoAccessKey + SumoDeployment: !Ref Section1aSumoDeployment + + AddLoadBalancerField: + Type: Custom::SumoLogicFieldsSchema + Properties: + ServiceToken: !Ref Section6aParentStackLambdaARN + FieldName: "loadbalancername" + RemoveOnDeleteStack: false + SumoAccessID: !Ref Section1bSumoAccessID + SumoAccessKey: !Ref Section1cSumoAccessKey + SumoDeployment: !Ref Section1aSumoDeployment + +Outputs: + ExistingLogSourceName: + Description: "Existing ELB Logs Source Name" + Condition: update_elb_logs_source + Value: !GetAtt SumoELBLogsUpdateSource.source_name \ No newline at end of file diff --git a/aws-observability/apps/elb/test/TestTemplate.yaml b/aws-observability/apps/elb/test/TestTemplate.yaml new file mode 100644 index 00000000..05c074b0 --- /dev/null +++ b/aws-observability/apps/elb/test/TestTemplate.yaml @@ -0,0 +1,124 @@ +--- +Global: + TemplatePath: "../elb_app.template.yaml" + TestProjectName: BasicTestProject + ParallelTestsRun: 6 + GlobalParameters: + Section1aSumoDeployment: us1 + Section1bSumoAccessID: 'suVJqqRLpQ6w2d' + Section1cSumoAccessKey: 'ypC5R6VJwGahwJmQ01mgjguBEVgR2GJF6NaPAdvWThty0cEkdNXiwRiR4AjJt8wT' + Section1dRemoveSumoResourcesOnDeleteStack: 'true' + Section2aAccountAlias: 'testenv' + Section3aInstallApp: 'No' + Section6aParentStackLambdaARN: '${lambda_arn}' # ? + Section6bTemplatesBucketName: '${template_bucket}' # ? + Section6cNestedTemplateVersion: '${template_version}' # ? +Tests: + - TestName: appferandmetricupdate + Regions: + - us-east-1 # ? + Parameters: + Values: + Section3aInstallApp: 'Yes' + Section4aCloudWatchExistingSourceAPIUrl: 'https://api.sumologic.com/api/v1/collectors/187445783/sources/952768626' # ? + Section9bELBLogsSourceName: 'ElbTests' + Skip: false + Assertions: + - AssertType: ResourceExistence + Assert: + Resources: + - sumoApp + - ElbLogsFieldExtractionRule + - SumoELBMetricsUpdateSource + - AddLoadBalancerField + - AssertType: OutputsCheck + Assert: + Outputs: + - ExistingMetricSourceName + - TestName: installnothing + Regions: + - us-east-1 # ? + Parameters: + Values: + Section3aInstallApp: 'No' + Skip: false + Assertions: + - AssertType: ResourceExistence + Assert: + Resources: + - AddLoadBalancerField + - AssertType: OutputsCheck + Assert: + Outputs: + - TestName: onlyappinstall + Regions: + - us-east-1 # ? + Parameters: + Values: + Section3aInstallApp: 'Yes' + Skip: false + Assertions: + - AssertType: ResourceExistence + Assert: + Resources: + - sumoApp + - AddLoadBalancerField + - AssertType: OutputsCheck + Assert: + Outputs: + - TestName: updatecwmetrics + Regions: + - us-east-1 # ? + Parameters: + Values: + Section4aCloudWatchExistingSourceAPIUrl: 'https://api.sumologic.com/api/v1/collectors/187445783/sources/952768626' # ? + Skip: false + Assertions: + - AssertType: ResourceExistence + Assert: + Resources: + - SumoELBMetricsUpdateSource + - AddLoadBalancerField + - AssertType: OutputsCheck + Assert: + Outputs: + - ExistingMetricSourceName + - TestName: updatelogssource + Regions: + - us-east-1 # ? + Parameters: + Values: + Section9aELBLogsAPIUrl: 'https://api.sumologic.com/api/v1/collectors/187445783/sources/951309199' # ? + Skip: false + Assertions: + - AssertType: ResourceExistence + Assert: + Resources: + - SumoELBLogsUpdateSource + - ElbLogsFieldExtractionRule + - AddLoadBalancerField + - AssertType: OutputsCheck + Assert: + Outputs: + - ExistingLogSourceName + - TestName: updatebothsources + Regions: + - us-east-1 # ? + Parameters: + Values: + Section9aELBLogsAPIUrl: 'https://api.sumologic.com/api/v1/collectors/187445783/sources/951309199' # ? + Section4aCloudWatchExistingSourceAPIUrl: "https://api.sumologic.com/api/v1/collectors/187445783/sources/952768626" # ? + Skip: false + Assertions: + - AssertType: ResourceExistence + Assert: + Resources: + - SumoELBLogsUpdateSource + - ElbLogsFieldExtractionRule + - SumoELBMetricsUpdateSource + - AddLoadBalancerField + - AssertType: OutputsCheck + Assert: + Outputs: + - ExistingLogSourceName + - ExistingMetricSourceName \ No newline at end of file diff --git a/aws-observability/apps/hostmetricsfields/host_metrics_add_fields.template.yaml b/aws-observability/apps/hostmetricsfields/host_metrics_add_fields.template.yaml index c33610f1..c870ee02 100644 --- a/aws-observability/apps/hostmetricsfields/host_metrics_add_fields.template.yaml +++ b/aws-observability/apps/hostmetricsfields/host_metrics_add_fields.template.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: '2010-09-09' -Description: "Version - v2.3.0: Lambda Function to add fields to host metrics sources based on the available instances in all regions of the current AWS account." +Description: "Version - v2.3.1: Lambda Function to add fields to host metrics sources based on the available instances in all regions of the current AWS account." Metadata: 'AWS::CloudFormation::Interface': diff --git a/aws-observability/apps/lambda/lambda_app.template.yaml b/aws-observability/apps/lambda/lambda_app.template.yaml index 2815fef8..9cc89deb 100755 --- a/aws-observability/apps/lambda/lambda_app.template.yaml +++ b/aws-observability/apps/lambda/lambda_app.template.yaml @@ -1,6 +1,6 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' -Description: "Version - v2.3.0: Template to setup the Lambda app with AWS and Sumo Logic resources for AWS Observability Solution." +Description: "Version - v2.3.1: Template to setup the Lambda app with AWS and Sumo Logic resources for AWS Observability Solution." Metadata: 'AWS::CloudFormation::Interface': diff --git a/aws-observability/apps/nlb/nlb_app.template.yaml b/aws-observability/apps/nlb/nlb_app.template.yaml index 37df09bb..c852a8b3 100755 --- a/aws-observability/apps/nlb/nlb_app.template.yaml +++ b/aws-observability/apps/nlb/nlb_app.template.yaml @@ -1,6 +1,6 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' -Description: "Version - v2.3.0: Template to setup the NLB app with AWS and Sumo Logic resources for AWS Observability Solution." +Description: "Version - v2.3.1: Template to setup the NLB app with AWS and Sumo Logic resources for AWS Observability Solution." Metadata: 'AWS::CloudFormation::Interface': diff --git a/aws-observability/apps/permissionchecker/permissioncheck.nested.template.yaml b/aws-observability/apps/permissionchecker/permissioncheck.nested.template.yaml index dd22b595..83e0a744 100644 --- a/aws-observability/apps/permissionchecker/permissioncheck.nested.template.yaml +++ b/aws-observability/apps/permissionchecker/permissioncheck.nested.template.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: '2010-09-09' -Description: "Version - v2.3.0: This CloudFormation template will check for the permission required to deploy the AWS Observability CF template. Based on various error received, please provide the specific permissions to Sumo Logic role or AWS IAM Role used to deploy the template." +Description: "Version - v2.3.1: This CloudFormation template will check for the permission required to deploy the AWS Observability CF template. Based on various error received, please provide the specific permissions to Sumo Logic role or AWS IAM Role used to deploy the template." Transform: 'AWS::Serverless-2016-10-31' Metadata: diff --git a/aws-observability/apps/permissionchecker/permissioncheck.template.yaml b/aws-observability/apps/permissionchecker/permissioncheck.template.yaml index 7c6e3bf2..0d46ad8d 100644 --- a/aws-observability/apps/permissionchecker/permissioncheck.template.yaml +++ b/aws-observability/apps/permissionchecker/permissioncheck.template.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: '2010-09-09' -Description: "Version - v2.3.0. Note: Before deploying this template, please select the appropriate region. This CloudFormation template will check for the permission required to deploy the AWS Observability CF template. Based on various error received, please provide the specific permissions to Sumo Logic role or AWS IAM Role used to deploy the template." +Description: "Version - v2.3.1. Note: Before deploying this template, please select the appropriate region. This CloudFormation template will check for the permission required to deploy the AWS Observability CF template. Based on various error received, please provide the specific permissions to Sumo Logic role or AWS IAM Role used to deploy the template." Transform: 'AWS::Serverless-2016-10-31' Metadata: @@ -58,7 +58,7 @@ Mappings: CommonData: NestedTemplate: BucketName: "sumologic-appdev-aws-sam-apps" - Version: "v2.3.0" + Version: "v2.3.1" Resources: diff --git a/aws-observability/apps/rds/rds_app.template.yaml b/aws-observability/apps/rds/rds_app.template.yaml index c1caf08a..9def809c 100755 --- a/aws-observability/apps/rds/rds_app.template.yaml +++ b/aws-observability/apps/rds/rds_app.template.yaml @@ -1,6 +1,6 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' -Description: "Version - v2.3.0: Template to setup the RDS app with AWS and Sumo Logic resources for AWS Observability Solution." +Description: "Version - v2.3.1: Template to setup the RDS app with AWS and Sumo Logic resources for AWS Observability Solution." Metadata: 'AWS::CloudFormation::Interface': diff --git a/aws-observability/apps/rootcause/rootcauseexplorer.template.yaml b/aws-observability/apps/rootcause/rootcauseexplorer.template.yaml index c1583d29..157a8e8b 100755 --- a/aws-observability/apps/rootcause/rootcauseexplorer.template.yaml +++ b/aws-observability/apps/rootcause/rootcauseexplorer.template.yaml @@ -1,6 +1,6 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' -Description: "Version - v2.3.0: Template to setup the Sumo Logic AWS Inventory Source and Root Cause Explorer app." +Description: "Version - v2.3.1: Template to setup the Sumo Logic AWS Inventory Source and Root Cause Explorer app." Metadata: 'AWS::CloudFormation::Interface': diff --git a/aws-observability/json/Alb-App.json b/aws-observability/json/Alb-App.json index 10138cbc..df9d0f55 100644 --- a/aws-observability/json/Alb-App.json +++ b/aws-observability/json/Alb-App.json @@ -484,7 +484,7 @@ "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse regex \"(?\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| timeslice 5m\n| count as ip_count by ClientIp, loadbalancer\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by loadbalancer\n| sort by ThreatCount", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancer) matches tolowercase(\"{{loadbalancer}}\")\n| parse regex \"(?\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| timeslice 5m\n| count as ip_count by ClientIp, loadbalancer, account, region, namespace\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by loadbalancer, account, region, namespace\n| sort by ThreatCount", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -513,7 +513,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -527,7 +528,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -541,7 +543,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -555,7 +558,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" } ], "coloringRules": [] @@ -931,7 +935,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -945,7 +950,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -959,7 +965,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -973,7 +980,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" } ], "coloringRules": [] @@ -1334,7 +1342,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -1348,7 +1357,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -1362,7 +1372,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -1376,7 +1387,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" } ], "coloringRules": [] @@ -1599,7 +1611,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -1613,7 +1626,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -1627,7 +1641,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -1641,7 +1656,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" } ], "coloringRules": [] @@ -1963,7 +1979,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -1977,7 +1994,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -1991,7 +2009,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -2005,7 +2024,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" } ], "coloringRules": [] @@ -2338,7 +2358,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -2352,7 +2373,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -2366,7 +2388,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -2380,7 +2403,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" } ], "coloringRules": [] @@ -2467,7 +2491,7 @@ "id": null, "key": "panelpane-2fb20d99840ff849", "title": "Events - Outlier (Decrease) Requests by Backend", - "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"color\":{\"family\":\"scheme4\"},\"axes\":{\"axisY\":{\"title\":\"Requests\"}},\"series\":{}}", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"color\":{\"family\":\"scheme4\"},\"axes\":{\"axisY\":{\"title\":\"Requests\"}},\"series\":{},\"overrides\":[]}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ @@ -2491,7 +2515,7 @@ "id": null, "key": "panelpane-7836817bb708584c", "title": "Events - Outlier (Increase) Requests by Backend", - "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\",\"fillOpacity\":1},\"color\":{\"family\":\"scheme4\"},\"axes\":{\"axisY\":{\"title\":\"Requests\"}},\"series\":{}}", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\",\"fillOpacity\":1},\"color\":{\"family\":\"scheme4\"},\"axes\":{\"axisY\":{\"title\":\"Requests\"}},\"series\":{},\"overrides\":[]}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ @@ -2515,7 +2539,7 @@ "id": null, "key": "panelpane-9b153d55a89e9849", "title": "Events - Outlier (Decrease) Requests by Target Group", - "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"axes\":{\"axisY\":{\"title\":\"Requests\"}},\"series\":{}}", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"axes\":{\"axisY\":{\"title\":\"Requests\"}},\"series\":{},\"overrides\":[]}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ @@ -2539,7 +2563,7 @@ "id": null, "key": "panelpane-0a893b479b02184f", "title": "Events - Outlier (Increase) Requests by Target Group", - "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"axes\":{\"axisY\":{\"title\":\"Requests\"}},\"series\":{}}", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"axes\":{\"axisY\":{\"title\":\"Requests\"}},\"series\":{},\"overrides\":[]}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ @@ -2563,18 +2587,18 @@ "id": null, "key": "panelPANE-EFE34823AB0FD841", "title": "Request Counts", - "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"TargetGroup={{TargetGroup}} loadbalancer={{loadbalancer}} \"}}]}", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"TargetGroup={{TargetGroup}} loadbalancer={{loadbalancer}} \"}}],\"series\":{}}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric= RequestCount TargetGroup=* | sum by account, region, namespace, loadbalancer, TargetGroup", + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancer={{loadbalancer}} metric= RequestCount TargetGroup=* statistic=sum | sum by account, region, namespace, loadbalancer, TargetGroup", "queryType": "Metrics", "queryKey": "A", "metricsQueryMode": "Advanced", "metricsQueryData": null, "tracesQueryData": null, - "parseMode": "Manual", + "parseMode": "Auto", "timeSource": "Message" } ], @@ -2629,7 +2653,7 @@ "id": null, "key": "panel506081A3919ACA4A", "title": "Received Bytes", - "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Bytes\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{}}", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Bytes\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ @@ -2653,7 +2677,7 @@ "id": null, "key": "panel6A37B8FBA033EB4D", "title": "Sent Bytes", - "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Bytes\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{}}", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Bytes\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ @@ -2687,7 +2711,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -2701,7 +2726,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -2715,7 +2741,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -2729,7 +2756,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" } ], "coloringRules": [] @@ -2954,7 +2982,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -2968,7 +2997,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -2982,7 +3012,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -2996,7 +3027,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" } ], "coloringRules": [] diff --git a/aws-observability/json/Alerts-App.json b/aws-observability/json/Alerts-App.json index b4c5e622..2ecae908 100644 --- a/aws-observability/json/Alerts-App.json +++ b/aws-observability/json/Alerts-App.json @@ -4,23 +4,18 @@ "type": "MonitorsLibraryFolderExport", "children": [ { - "name": "AWS API Gateway - High 5XX Errors", - "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 5xx within an interval of 5 minutes.", + "name": "AWS API Gateway - High Latency", + "description": "This alert fires when we detect that the average latency for a given API Gateway is greater than or equal to one second for 5 minutes.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/apigateway metric=5xxError Statistic=Sum account=* region=* apiname=* | sum by apiname, account, region, namespace" - }, - { - "rowId": "B", - "query": "Namespace=aws/apigateway metric=count Statistic=Sum account=* region=* apiname=* | sum by apiname, account, region, namespace" - }, - { - "rowId": "C", - "query": "#A * 100 / #B along account, region, namespace" + "query": "Namespace=aws/apigateway metric=Latency statistic=Average account=* region=* apiname=* | avg by apiname, namespace, region, account" } ], "triggers": [ @@ -28,7 +23,7 @@ "detectionMethod": "StaticCondition", "triggerType": "Critical", "timeRange": "-5m", - "threshold": 5, + "threshold": 1000, "thresholdType": "GreaterThanOrEqual", "field": null, "occurrenceType": "Always", @@ -38,7 +33,7 @@ "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "timeRange": "-5m", - "threshold": 5, + "threshold": 1000, "thresholdType": "LessThan", "field": null, "occurrenceType": "Always", @@ -51,54 +46,60 @@ "playbook": "" }, { - "name": "AWS DynamoDB - Multiple Tables deleted", - "description": "This alert fires when we detect multiple failed operations for Elasticache service within 15 minutes", + "name": "Amazon Elasticache - High Engine CPU Utilization", + "description": "This alert fires when the average CPU utilization for the Redis engine process within a 5 minute interval is high (>=90%). For larger node types with four vCPUs or more, use the EngineCPUUtilization metric to monitor and set thresholds for scaling.", "type": "MonitorsLibraryMonitorExport", - "monitorType": "Logs", + "monitorType": "Metrics", "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "account=* region=* namespace=aws/dynamodb eventSource \"dynamodb.amazonaws.com\"\n| json \"eventSource\", \"eventName\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as event_source, event_name, tablename, SourceIp, UserName, ContextUserName nodrop\n| where event_source = \"dynamodb.amazonaws.com\" and event_name = \"DeleteTable\"\n| if (isEmpty(UserName), ContextUserName, UserName) as user\n| count by _messageTime, account, region, namespace, event_name, user, tablename\n| formatDate(_messageTime, \"MM/dd/yyyy HH:mm:ss:SSS Z\") as message_date\n| fields message_date, account, region, namespace, event_name, user, tablename\n| fields -_messageTime" + "query": "Namespace=aws/elasticache metric=EngineCPUUtilization statistic=Average account=* region=* CacheClusterId=* CacheNodeId=* | avg by CacheClusterId, CacheNodeId, account, region, namespace" } ], "triggers": [ { "detectionMethod": "StaticCondition", "triggerType": "Critical", - "timeRange": "-15m", - "threshold": 5, + "timeRange": "-5m", + "threshold": 90, "thresholdType": "GreaterThanOrEqual", "field": null, - "occurrenceType": "ResultCount", - "triggerSource": "AllResults" + "occurrenceType": "Always", + "triggerSource": "AnyTimeSeries" }, { "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", - "timeRange": "-15m", - "threshold": 5, + "timeRange": "-5m", + "threshold": 90, "thresholdType": "LessThan", "field": null, - "occurrenceType": "ResultCount", - "triggerSource": "AllResults" + "occurrenceType": "Always", + "triggerSource": "AnyTimeSeries" } ], "notifications": [], "isDisabled": true, - "groupNotifications": true, + "groupNotifications": false, "playbook": "" }, { - "name": "Amazon RDS - High Disk Queue Depth", - "description": "This alert fires when the average disk queue depth for a database is high (>=5) for an interval of 5 minutes. Higher this value, higher will be the number of outstanding I/Os (read/write requests) waiting to access the disk, which will impact the performance of your application.", + "name": "AWS EC2 - High Memory Utilization", + "description": "This alert fires when the average memory utilization within a 5 minute interval for an EC2 instance is high (>=85%).", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/rds metric=DiskQueueDepth statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account" + "query": "Namespace=aws/ec2 metric=Mem_UsedPercent account=* region=* instanceid=* | avg by account, region, namespace, instanceid" } ], "triggers": [ @@ -106,7 +107,7 @@ "detectionMethod": "StaticCondition", "triggerType": "Critical", "timeRange": "-5m", - "threshold": 5, + "threshold": 85, "thresholdType": "GreaterThanOrEqual", "field": null, "occurrenceType": "Always", @@ -116,7 +117,7 @@ "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "timeRange": "-5m", - "threshold": 5, + "threshold": 85, "thresholdType": "LessThan", "field": null, "occurrenceType": "Always", @@ -129,15 +130,18 @@ "playbook": "" }, { - "name": "AWS DynamoDB - High Account Provisioned Read Capacity", - "description": "This alert fires when we detect that the average read capacity provisioned for an account for a time interval of 5 minutes is greater than or equal to 80%. High values indicate requests to the database are being throttled, which could further indicate that your application may not be working as intended.", + "name": "Amazon Elasticache - Low Redis Cache Hit Rate", + "description": "This alert fires when the average cache hit rate for Redis within a 5 minute interval is low (<= 80%). This indicates low efficiency of the Redis instance. If cache ratio is lower than 80%, that indicates a significant amount of keys are either evicted, expired, or don't exist.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/dynamodb metric=AccountProvisionedReadCapacityUtilization statistic=Average account=* region=* | avg by namespace, region, account" + "query": "Namespace=aws/elasticache metric=CacheHitRate statistic=Average account=* region=* CacheClusterId=* CacheNodeId=* | avg by account, region, namespace, CacheClusterId, CacheNodeId" } ], "triggers": [ @@ -146,7 +150,7 @@ "triggerType": "Critical", "timeRange": "-5m", "threshold": 80, - "thresholdType": "GreaterThanOrEqual", + "thresholdType": "LessThanOrEqual", "field": null, "occurrenceType": "Always", "triggerSource": "AnyTimeSeries" @@ -156,7 +160,7 @@ "triggerType": "ResolvedCritical", "timeRange": "-5m", "threshold": 80, - "thresholdType": "LessThan", + "thresholdType": "GreaterThan", "field": null, "occurrenceType": "Always", "triggerSource": "AnyTimeSeries" @@ -168,15 +172,26 @@ "playbook": "" }, { - "name": "Amazon ECS - High Memory Utilization", - "description": "This alert fires when the average memory utilization within a 5 minute interval for a service within a cluster is high (>=85%).", + "name": "AWS API Gateway - High 5XX Errors", + "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 5xx within an interval of 5 minutes.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/ecs metric=MemoryUtilization statistic=Average account=* region=* ClusterName=* ServiceName=* | avg by ClusterName, ServiceName, account, region, namespace" + "query": "Namespace=aws/apigateway metric=5xxError Statistic=Sum account=* region=* apiname=* | sum by apiname, account, region, namespace" + }, + { + "rowId": "B", + "query": "Namespace=aws/apigateway metric=count Statistic=Sum account=* region=* apiname=* | sum by apiname, account, region, namespace" + }, + { + "rowId": "C", + "query": "#A * 100 / #B along account, region, namespace" } ], "triggers": [ @@ -184,7 +199,7 @@ "detectionMethod": "StaticCondition", "triggerType": "Critical", "timeRange": "-5m", - "threshold": 85, + "threshold": 5, "thresholdType": "GreaterThanOrEqual", "field": null, "occurrenceType": "Always", @@ -194,7 +209,7 @@ "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "timeRange": "-5m", - "threshold": 85, + "threshold": 5, "thresholdType": "LessThan", "field": null, "occurrenceType": "Always", @@ -207,15 +222,18 @@ "playbook": "" }, { - "name": "AWS EC2 - High Memory Utilization", - "description": "This alert fires when the average memory utilization within a 5 minute interval for an EC2 instance is high (>=85%).", + "name": "AWS Application Load Balancer - High Latency", + "description": "This alert fires when we detect that the average latency for a given Application load balancer within a time interval of 5 minutes is greater than or equal to three seconds.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/ec2 metric=Mem_UsedPercent account=* region=* instanceid=* | avg by account, region, namespace, instanceid" + "query": "Namespace=aws/applicationelb metric=TargetResponseTime Statistic=Average account=* region=* loadbalancer=* | eval(_value*1000) | sum by account, region, namespace, loadbalancer" } ], "triggers": [ @@ -223,7 +241,7 @@ "detectionMethod": "StaticCondition", "triggerType": "Critical", "timeRange": "-5m", - "threshold": 85, + "threshold": 3000, "thresholdType": "GreaterThanOrEqual", "field": null, "occurrenceType": "Always", @@ -233,7 +251,7 @@ "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "timeRange": "-5m", - "threshold": 85, + "threshold": 3000, "thresholdType": "LessThan", "field": null, "occurrenceType": "Always", @@ -246,15 +264,18 @@ "playbook": "" }, { - "name": "Amazon RDS - Low Aurora Buffer Cache Hit Ratio", - "description": "This alert fires when the average RDS Aurora buffer cache hit ratio within a 5 minute interval is low (<= 50%). This indicates that a lower percentage of requests were are served by the buffer cache, which could further indicate a degradation in application performance.", + "name": "Amazon ECS - High Memory Utilization", + "description": "This alert fires when the average memory utilization within a 5 minute interval for a service within a cluster is high (>=85%).", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/rds metric=BufferCacheHitRatio statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account" + "query": "Namespace=aws/ecs metric=MemoryUtilization statistic=Average account=* region=* ClusterName=* ServiceName=* | avg by ClusterName, ServiceName, account, region, namespace" } ], "triggers": [ @@ -262,8 +283,8 @@ "detectionMethod": "StaticCondition", "triggerType": "Critical", "timeRange": "-5m", - "threshold": 50, - "thresholdType": "LessThanOrEqual", + "threshold": 85, + "thresholdType": "GreaterThanOrEqual", "field": null, "occurrenceType": "Always", "triggerSource": "AnyTimeSeries" @@ -272,8 +293,8 @@ "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "timeRange": "-5m", - "threshold": 50, - "thresholdType": "GreaterThan", + "threshold": 85, + "thresholdType": "LessThan", "field": null, "occurrenceType": "Always", "triggerSource": "AnyTimeSeries" @@ -285,15 +306,18 @@ "playbook": "" }, { - "name": "Amazon Elasticache - High Redis Database Memory Usage", - "description": "This alert fires when the average database memory usage within a 5 minute interval for the Redis engine is high (>=95%). When the value reaches 100%, eviction may happen or write operations may fail based on ElastiCache policies thereby impacting application performance.", + "name": "Amazon RDS - High Write Latency", + "description": "This alert fires when the average write latency of a database within a 5 minute interval is high (>=5 seconds) . High write latencies will affect the performance of your application.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/elasticache metric=DatabaseMemoryUsagePercentage statistic=Average account=* region=* CacheClusterId=* CacheNodeId=* | avg by account, region, namespace, CacheClusterId, CacheNodeId" + "query": "Namespace=aws/rds metric=WriteLatency statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account" } ], "triggers": [ @@ -301,7 +325,7 @@ "detectionMethod": "StaticCondition", "triggerType": "Critical", "timeRange": "-5m", - "threshold": 95, + "threshold": 5, "thresholdType": "GreaterThanOrEqual", "field": null, "occurrenceType": "Always", @@ -311,7 +335,7 @@ "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "timeRange": "-5m", - "threshold": 95, + "threshold": 5, "thresholdType": "LessThan", "field": null, "occurrenceType": "Always", @@ -324,15 +348,26 @@ "playbook": "" }, { - "name": "AWS Application Load Balancer - Access from Highly Malicious Sources", - "description": "This alert fires when an Application load balancer is accessed from highly malicious IP addresses within last 5 minutes", + "name": "AWS Application Load Balancer - High 4XX Errors", + "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 4xx within an interval of 5 minutes.", "type": "MonitorsLibraryMonitorExport", - "monitorType": "Logs", + "monitorType": "Metrics", "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "account=* region=* namespace=aws/applicationelb\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| parse regex \"(?\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp, loadbalancer, account, region, namespace\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by ClientIp, loadbalancer, account, region, namespace, MaliciousConfidence, Actor, LabelName" + "query": "Namespace=aws/applicationelb metric=HTTPCode_ELB_4XX_Count Statistic=Sum account=* region=* loadbalancer=* | sum by loadbalancer, account, region, namespace" + }, + { + "rowId": "B", + "query": "Namespace=aws/applicationelb metric=RequestCount Statistic=Sum account=* region=* loadbalancer=* | sum by loadbalancer, account, region, namespace" + }, + { + "rowId": "C", + "query": "#A * 100 / #B along loadbalancer, account, region, namespace" } ], "triggers": [ @@ -340,38 +375,41 @@ "detectionMethod": "StaticCondition", "triggerType": "Critical", "timeRange": "-5m", - "threshold": 0, - "thresholdType": "GreaterThan", + "threshold": 5, + "thresholdType": "GreaterThanOrEqual", "field": null, - "occurrenceType": "ResultCount", - "triggerSource": "AllResults" + "occurrenceType": "Always", + "triggerSource": "AnyTimeSeries" }, { "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "timeRange": "-5m", - "threshold": 0, - "thresholdType": "LessThanOrEqual", + "threshold": 5, + "thresholdType": "LessThan", "field": null, - "occurrenceType": "ResultCount", - "triggerSource": "AllResults" + "occurrenceType": "Always", + "triggerSource": "AnyTimeSeries" } ], "notifications": [], "isDisabled": true, - "groupNotifications": true, + "groupNotifications": false, "playbook": "" }, { - "name": "Amazon RDS - High Read Latency", - "description": "This alert fires when the average read latency of a database within a 5 minutes time inerval is high (>=5 seconds). High read latency will affect the performance of your application.", + "name": "Amazon RDS - Low Burst Balance", + "description": "This alert fires when we observe a low burst balance (<= 50%) for a given database. A low burst balance indicates you won't be able to scale up as fast for burstable database workloads on gp2 volumes.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/rds metric=ReadLatency statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account" + "query": "Namespace=aws/rds metric=BurstBalance statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account" } ], "triggers": [ @@ -379,8 +417,8 @@ "detectionMethod": "StaticCondition", "triggerType": "Critical", "timeRange": "-5m", - "threshold": 5, - "thresholdType": "GreaterThanOrEqual", + "threshold": 50, + "thresholdType": "LessThanOrEqual", "field": null, "occurrenceType": "Always", "triggerSource": "AnyTimeSeries" @@ -389,8 +427,8 @@ "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "timeRange": "-5m", - "threshold": 5, - "thresholdType": "LessThan", + "threshold": 50, + "thresholdType": "GreaterThan", "field": null, "occurrenceType": "Always", "triggerSource": "AnyTimeSeries" @@ -402,37 +440,82 @@ "playbook": "" }, { - "name": "AWS DynamoDB - High Max Provisioned Table Read Capacity", - "description": "This alert fires when we detect that the average percentage of read provisioned capacity used by the highest read provisioned table of an account for a time interval of 5 minutes is great than or equal to 80%. High values indicate requests to the database are being throttled, which could further indicate that your application may not be working as intended.", + "name": "AWS Classic Load Balancer - Access from Highly Malicious Sources", + "description": "This alert fires when the Classic load balancer is accessed from highly malicious IP addresses within last 5 minutes.", + "type": "MonitorsLibraryMonitorExport", + "monitorType": "Logs", + "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], + "queries": [ + { + "rowId": "A", + "query": "account=* region=* namespace=aws/elb\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| parse regex \"(?\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp, loadbalancername, account, region, namespace\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by ClientIp, loadbalancername, account, region, namespace, MaliciousConfidence, Actor, LabelName" + } + ], + "triggers": [ + { + "detectionMethod": "LogsStaticCondition", + "triggerType": "Critical", + "timeRange": "-5m", + "threshold": 0, + "thresholdType": "GreaterThan", + "field": "" + }, + { + "detectionMethod": "LogsStaticCondition", + "triggerType": "ResolvedCritical", + "timeRange": "-5m", + "threshold": 0, + "thresholdType": "LessThanOrEqual", + "field": "" + } + ], + "notifications": [], + "isDisabled": true, + "groupNotifications": true, + "playbook": "" + }, + { + "name": "AWS Classic Load Balancer - High 5XX Errors", + "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 5xx within an interval of 5 minutes.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/dynamodb metric=MaxProvisionedTableReadCapacityUtilization statistic=Average account=* region=* | avg by namespace, region, account" + "query": "Namespace=aws/elb metric=HTTPCode_ELB_5XX Statistic=Sum account=* region=* loadbalancername=* | sum by loadbalancername, account, region, namespace" + }, + { + "rowId": "B", + "query": "Namespace=aws/elb metric=RequestCount Statistic=Sum account=* region=* loadbalancername=* | sum by loadbalancername, account, region, namespace" + }, + { + "rowId": "C", + "query": "#A * 100 / #B along loadbalancername, account, region, namespace" } ], "triggers": [ { - "detectionMethod": "StaticCondition", + "detectionMethod": "MetricsStaticCondition", "triggerType": "Critical", "timeRange": "-5m", - "threshold": 80, + "threshold": 5, "thresholdType": "GreaterThanOrEqual", - "field": null, - "occurrenceType": "Always", - "triggerSource": "AnyTimeSeries" + "occurrenceType": "Always" }, { - "detectionMethod": "StaticCondition", + "detectionMethod": "MetricsStaticCondition", "triggerType": "ResolvedCritical", "timeRange": "-5m", - "threshold": 80, + "threshold": 5, "thresholdType": "LessThan", - "field": null, - "occurrenceType": "Always", - "triggerSource": "AnyTimeSeries" + "occurrenceType": "Always" } ], "notifications": [], @@ -441,15 +524,26 @@ "playbook": "" }, { - "name": "Amazon Elasticache - High Redis Memory Fragmentation Ratio", - "description": "This alert fires when the average Redis memory fragmentation ratio for within a 5 minute interval is high (>=1.5). Value equal to or greater than 1.5 Indicate significant memory fragmentation.", + "name": "AWS Network Load Balancer - High Unhealthy Hosts", + "description": "This alert fires when we detect that are there are too many unhealthy hosts (>=10%) within an interval of 5 minutes for a given network load balancer", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/elasticache metric=MemoryFragmentationRatio statistic=Average account=* region=* CacheClusterId=* CacheNodeId=* | avg by account, region, namespace, CacheClusterId, CacheNodeId" + "query": "Namespace=aws/NetworkELB metric=UnHealthyHostCount Statistic=sum account=* region=* LoadBalancer=* AvailabilityZone=* | sum by LoadBalancer, AvailabilityZone, account, region, namespace" + }, + { + "rowId": "B", + "query": "Namespace=aws/NetworkELB metric=HealthyHostCount Statistic=sum account=* region=* LoadBalancer=* AvailabilityZone=* | sum by LoadBalancer, AvailabilityZone, account, region, namespace" + }, + { + "rowId": "C", + "query": "#A * 100 / (#A + #B) along LoadBalancer, AvailabilityZone, account, region, namespace" } ], "triggers": [ @@ -457,7 +551,7 @@ "detectionMethod": "StaticCondition", "triggerType": "Critical", "timeRange": "-5m", - "threshold": 1.5, + "threshold": 10, "thresholdType": "GreaterThanOrEqual", "field": null, "occurrenceType": "Always", @@ -467,7 +561,7 @@ "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "timeRange": "-5m", - "threshold": 1.5, + "threshold": 10, "thresholdType": "LessThan", "field": null, "occurrenceType": "Always", @@ -480,15 +574,18 @@ "playbook": "" }, { - "name": "Amazon RDS - High CPU Utilization", - "description": "This alert fires when we detect that the average CPU utilization for a database is high (>=85%) for an interval of 5 minutes.", + "name": "AWS API Gateway - High Integration Latency", + "description": "This alert fires when we detect that the average integration latency for a given API Gateway is greater than or equal to one second for 5 minutes.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/rds metric=CPUUtilization statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account" + "query": "Namespace=aws/apigateway metric=IntegrationLatency statistic=Average account=* region=* apiname=* | avg by apiname, namespace, region, account" } ], "triggers": [ @@ -496,7 +593,7 @@ "detectionMethod": "StaticCondition", "triggerType": "Critical", "timeRange": "-5m", - "threshold": 85, + "threshold": 1000, "thresholdType": "GreaterThanOrEqual", "field": null, "occurrenceType": "Always", @@ -506,7 +603,7 @@ "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "timeRange": "-5m", - "threshold": 85, + "threshold": 1000, "thresholdType": "LessThan", "field": null, "occurrenceType": "Always", @@ -519,23 +616,26 @@ "playbook": "" }, { - "name": "AWS Application Load Balancer - High 4XX Errors", - "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 4xx within an interval of 5 minutes.", + "name": "AWS Lambda - High Percentage of Failed Requests", + "description": "This alert fires when we detect a large number of failed Lambda requests (>5%) within an interval of 5 minutes.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/applicationelb metric=HTTPCode_ELB_4XX_Count Statistic=Sum account=* region=* loadbalancer=* | sum by loadbalancer, account, region, namespace" + "query": "Namespace=aws/lambda metric=Errors Statistic=Sum account=* region=* functionname=* | sum by functionname, account, region, namespace" }, { "rowId": "B", - "query": "Namespace=aws/applicationelb metric=RequestCount Statistic=Sum account=* region=* loadbalancer=* | sum by loadbalancer, account, region, namespace" + "query": "Namespace=aws/lambda metric=Invocations Statistic=Sum account=* region=* functionname=* | sum by functionname, account, region, namespace" }, { "rowId": "C", - "query": "#A * 100 / #B along loadbalancer, account, region, namespace" + "query": "#A * 100 / #B along functionname, account, region, namespace" } ], "triggers": [ @@ -566,15 +666,26 @@ "playbook": "" }, { - "name": "AWS Lambda - Low Provisioned Concurrency Utilization", - "description": "This alert fires when the average provisioned concurrency utilization for 5 minutes is low (<= 50%). This indicates low provisioned concurrency utilization efficiency.", + "name": "AWS Application Load Balancer - High 5XX Errors", + "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 5xx within an interval of 5 minutes.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/lambda metric=ProvisionedConcurrencyUtilization statistic=Average account=* region=* functionname=* | avg by functionname, namespace, region, account" + "query": "Namespace=aws/applicationelb metric=HTTPCode_ELB_5XX_Count Statistic=Sum account=* region=* loadbalancer=* | sum by loadbalancer, account, region, namespace" + }, + { + "rowId": "B", + "query": "Namespace=aws/applicationelb metric=RequestCount Statistic=Sum account=* region=* loadbalancer=* | sum by loadbalancer, account, region, namespace" + }, + { + "rowId": "C", + "query": "#A * 100 / #B along loadbalancer, account, region, namespace" } ], "triggers": [ @@ -582,8 +693,8 @@ "detectionMethod": "StaticCondition", "triggerType": "Critical", "timeRange": "-5m", - "threshold": 50, - "thresholdType": "LessThanOrEqual", + "threshold": 5, + "thresholdType": "GreaterThanOrEqual", "field": null, "occurrenceType": "Always", "triggerSource": "AnyTimeSeries" @@ -592,8 +703,8 @@ "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "timeRange": "-5m", - "threshold": 50, - "thresholdType": "GreaterThan", + "threshold": 5, + "thresholdType": "LessThan", "field": null, "occurrenceType": "Always", "triggerSource": "AnyTimeSeries" @@ -605,23 +716,18 @@ "playbook": "" }, { - "name": "AWS Network Load Balancer - High TLS Negotiation Errors", - "description": "This alert fires when we detect that there are too many TLS Negotiation Errors (>=10%) within an interval of 5 minutes for a given network load balancer", + "name": "Amazon Elasticache - High Redis Memory Fragmentation Ratio", + "description": "This alert fires when the average Redis memory fragmentation ratio for within a 5 minute interval is high (>=1.5). Value equal to or greater than 1.5 Indicate significant memory fragmentation.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/NetworkELB metric=ClientTLSNegotiationErrorCount Statistic=sum account=* region=* LoadBalancer=* | sum by LoadBalancer, account, region, namespace" - }, - { - "rowId": "B", - "query": "Namespace=aws/NetworkELB metric=TargetTLSNegotiationErrorCount Statistic=sum account=* region=* LoadBalancer=* | sum by LoadBalancer, account, region, namespace" - }, - { - "rowId": "C", - "query": "(#A + #B) along LoadBalancer, account, region, namespace" + "query": "Namespace=aws/elasticache metric=MemoryFragmentationRatio statistic=Average account=* region=* CacheClusterId=* CacheNodeId=* | avg by account, region, namespace, CacheClusterId, CacheNodeId" } ], "triggers": [ @@ -629,7 +735,7 @@ "detectionMethod": "StaticCondition", "triggerType": "Critical", "timeRange": "-5m", - "threshold": 10, + "threshold": 1.5, "thresholdType": "GreaterThanOrEqual", "field": null, "occurrenceType": "Always", @@ -639,7 +745,7 @@ "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "timeRange": "-5m", - "threshold": 10, + "threshold": 1.5, "thresholdType": "LessThan", "field": null, "occurrenceType": "Always", @@ -652,15 +758,18 @@ "playbook": "" }, { - "name": "AWS EC2 - High System CPU Utilization", - "description": "This alert fires when the average system CPU utilization within a 5 minute interval for an EC2 instance is high (>=85%).", + "name": "Amazon Elasticache - High CPU Utilization", + "description": "This alert fires when the average CPU utilization within a 5 minute interval for a host is high (>=90%). The CPUUtilization metric includes total CPU utilization across application, operating system and management processes. We highly recommend monitoring CPU utilization for hosts with two vCPUs or less.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/ec2 metric=CPU_Sys account=* region=* instanceid=* | avg by account, region, namespace, instanceid" + "query": "Namespace=aws/elasticache metric=CPUUtilization statistic=Average account=* region=* CacheClusterId=* CacheNodeId=* | avg by CacheClusterId, CacheNodeId, account, region, namespace" } ], "triggers": [ @@ -668,7 +777,7 @@ "detectionMethod": "StaticCondition", "triggerType": "Critical", "timeRange": "-5m", - "threshold": 85, + "threshold": 90, "thresholdType": "GreaterThanOrEqual", "field": null, "occurrenceType": "Always", @@ -678,7 +787,7 @@ "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "timeRange": "-5m", - "threshold": 85, + "threshold": 90, "thresholdType": "LessThan", "field": null, "occurrenceType": "Always", @@ -691,15 +800,18 @@ "playbook": "" }, { - "name": "AWS DynamoDB - High Account Provisioned Write Capacity", - "description": "This alert fires when we detect that the average write capacity provisioned for an account for a time interval of 5 minutes is greater than or equal to 80%. High values indicate requests to the database are being throttled, which could further indicate that your application may not be working as intended.", + "name": "Amazon RDS - Low Aurora Buffer Cache Hit Ratio", + "description": "This alert fires when the average RDS Aurora buffer cache hit ratio within a 5 minute interval is low (<= 50%). This indicates that a lower percentage of requests were are served by the buffer cache, which could further indicate a degradation in application performance.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/dynamodb metric=AccountProvisionedWriteCapacityUtilization statistic=Average account=* region=* | avg by namespace, region, account" + "query": "Namespace=aws/rds metric=BufferCacheHitRatio statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account" } ], "triggers": [ @@ -707,8 +819,8 @@ "detectionMethod": "StaticCondition", "triggerType": "Critical", "timeRange": "-5m", - "threshold": 80, - "thresholdType": "GreaterThanOrEqual", + "threshold": 50, + "thresholdType": "LessThanOrEqual", "field": null, "occurrenceType": "Always", "triggerSource": "AnyTimeSeries" @@ -717,8 +829,8 @@ "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "timeRange": "-5m", - "threshold": 80, - "thresholdType": "LessThan", + "threshold": 50, + "thresholdType": "GreaterThan", "field": null, "occurrenceType": "Always", "triggerSource": "AnyTimeSeries" @@ -730,15 +842,26 @@ "playbook": "" }, { - "name": "Amazon Elasticache - Low Redis Cache Hit Rate", - "description": "This alert fires when the average cache hit rate for Redis within a 5 minute interval is low (<= 80%). This indicates low efficiency of the Redis instance. If cache ratio is lower than 80%, that indicates a significant amount of keys are either evicted, expired, or don't exist.", + "name": "AWS API Gateway - High 4XX Errors", + "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 4xx within an interval of 5 minutes.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/elasticache metric=CacheHitRate statistic=Average account=* region=* CacheClusterId=* CacheNodeId=* | avg by account, region, namespace, CacheClusterId, CacheNodeId" + "query": "Namespace=aws/apigateway metric=4xxError Statistic=Sum account=* region=* apiname=* | sum by apiname, account, region, namespace" + }, + { + "rowId": "B", + "query": "Namespace=aws/apigateway metric=count Statistic=Sum account=* region=* apiname=* | sum by apiname, account, region, namespace" + }, + { + "rowId": "C", + "query": "#A * 100 / #B along apiname, account, region, namespace" } ], "triggers": [ @@ -746,8 +869,8 @@ "detectionMethod": "StaticCondition", "triggerType": "Critical", "timeRange": "-5m", - "threshold": 80, - "thresholdType": "LessThanOrEqual", + "threshold": 5, + "thresholdType": "GreaterThanOrEqual", "field": null, "occurrenceType": "Always", "triggerSource": "AnyTimeSeries" @@ -756,8 +879,8 @@ "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "timeRange": "-5m", - "threshold": 80, - "thresholdType": "GreaterThan", + "threshold": 5, + "thresholdType": "LessThan", "field": null, "occurrenceType": "Always", "triggerSource": "AnyTimeSeries" @@ -774,6 +897,9 @@ "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], "queries": [ { "rowId": "A", @@ -808,15 +934,56 @@ "playbook": "" }, { - "name": "Amazon Elasticache - High CPU Utilization", - "description": "This alert fires when the average CPU utilization within a 5 minute interval for a host is high (>=90%). The CPUUtilization metric includes total CPU utilization across application, operating system and management processes. We highly recommend monitoring CPU utilization for hosts with two vCPUs or less.", + "name": "AWS Classic Load Balancer - High Latency", + "description": "This alert fires when we detect that the average latency for a given Classic load balancer within a time interval of 5 minutes is greater than or equal to three seconds.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/elasticache metric=CPUUtilization statistic=Average account=* region=* CacheClusterId=* CacheNodeId=* | avg by CacheClusterId, CacheNodeId, account, region, namespace" + "query": "Namespace=aws/elb metric=Latency Statistic=Average account=* region=* loadbalancername=* | eval(_value*1000) | sum by account, region, namespace, loadbalancername" + } + ], + "triggers": [ + { + "detectionMethod": "MetricsStaticCondition", + "triggerType": "Critical", + "timeRange": "-5m", + "threshold": 3000, + "thresholdType": "GreaterThanOrEqual", + "occurrenceType": "Always" + }, + { + "detectionMethod": "MetricsStaticCondition", + "triggerType": "ResolvedCritical", + "timeRange": "-5m", + "threshold": 3000, + "thresholdType": "LessThan", + "occurrenceType": "Always" + } + ], + "notifications": [], + "isDisabled": true, + "groupNotifications": false, + "playbook": "" + }, + { + "name": "AWS EC2 - High Disk Utilization", + "description": "This alert fires when the average disk utilization within a 5 minute time interval for an EC2 instance is high (>=85%).", + "type": "MonitorsLibraryMonitorExport", + "monitorType": "Metrics", + "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], + "queries": [ + { + "rowId": "A", + "query": "Namespace=aws/ec2 metric=Disk_UsedPercent account=* region=* instanceid=* | avg by account, region, namespace, instanceid, devname" } ], "triggers": [ @@ -824,7 +991,7 @@ "detectionMethod": "StaticCondition", "triggerType": "Critical", "timeRange": "-5m", - "threshold": 90, + "threshold": 85, "thresholdType": "GreaterThanOrEqual", "field": null, "occurrenceType": "Always", @@ -834,7 +1001,7 @@ "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "timeRange": "-5m", - "threshold": 90, + "threshold": 85, "thresholdType": "LessThan", "field": null, "occurrenceType": "Always", @@ -847,15 +1014,18 @@ "playbook": "" }, { - "name": "Amazon RDS - High Write Latency", - "description": "This alert fires when the average write latency of a database within a 5 minute interval is high (>=5 seconds) . High write latencies will affect the performance of your application.", + "name": "Amazon ECS - High CPU Utilization", + "description": "This alert fires when the average CPU utilization within a 5 minute interval for a service within a cluster is high (>=85%).", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/rds metric=WriteLatency statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account" + "query": "Namespace=aws/ecs metric=CPUUtilization statistic=Average account=* region=* ClusterName=* ServiceName=* | avg by ClusterName, ServiceName, account, region, namespace" } ], "triggers": [ @@ -863,7 +1033,7 @@ "detectionMethod": "StaticCondition", "triggerType": "Critical", "timeRange": "-5m", - "threshold": 5, + "threshold": 85, "thresholdType": "GreaterThanOrEqual", "field": null, "occurrenceType": "Always", @@ -873,7 +1043,7 @@ "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "timeRange": "-5m", - "threshold": 5, + "threshold": 85, "thresholdType": "LessThan", "field": null, "occurrenceType": "Always", @@ -886,23 +1056,26 @@ "playbook": "" }, { - "name": "AWS Lambda - High Percentage of Failed Requests", - "description": "This alert fires when we detect a large number of failed Lambda requests (>5%) within an interval of 5 minutes.", + "name": "AWS Network Load Balancer - High TLS Negotiation Errors", + "description": "This alert fires when we detect that there are too many TLS Negotiation Errors (>=10%) within an interval of 5 minutes for a given network load balancer", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/lambda metric=Errors Statistic=Sum account=* region=* functionname=* | sum by functionname, account, region, namespace" + "query": "Namespace=aws/NetworkELB metric=ClientTLSNegotiationErrorCount Statistic=sum account=* region=* LoadBalancer=* | sum by LoadBalancer, account, region, namespace" }, { "rowId": "B", - "query": "Namespace=aws/lambda metric=Invocations Statistic=Sum account=* region=* functionname=* | sum by functionname, account, region, namespace" + "query": "Namespace=aws/NetworkELB metric=TargetTLSNegotiationErrorCount Statistic=sum account=* region=* LoadBalancer=* | sum by LoadBalancer, account, region, namespace" }, { "rowId": "C", - "query": "#A * 100 / #B along functionname, account, region, namespace" + "query": "(#A + #B) along LoadBalancer, account, region, namespace" } ], "triggers": [ @@ -910,7 +1083,7 @@ "detectionMethod": "StaticCondition", "triggerType": "Critical", "timeRange": "-5m", - "threshold": 5, + "threshold": 10, "thresholdType": "GreaterThanOrEqual", "field": null, "occurrenceType": "Always", @@ -920,7 +1093,7 @@ "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "timeRange": "-5m", - "threshold": 5, + "threshold": 10, "thresholdType": "LessThan", "field": null, "occurrenceType": "Always", @@ -933,54 +1106,60 @@ "playbook": "" }, { - "name": "Amazon ECS - High CPU Utilization", - "description": "This alert fires when the average CPU utilization within a 5 minute interval for a service within a cluster is high (>=85%).", + "name": "Amazon Elasticache - Multiple Failed Operations", + "description": "This alert fires when we detect multiple failed operations within a 15 minute interval for an ElastiCache service.", "type": "MonitorsLibraryMonitorExport", - "monitorType": "Metrics", + "monitorType": "Logs", "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/ecs metric=CPUUtilization statistic=Average account=* region=* ClusterName=* ServiceName=* | avg by ClusterName, ServiceName, account, region, namespace" + "query": "account=* region=* namespace=aws/elasticache \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" errorCode errorMessage\n| json \"eventSource\", \"errorCode\", \"errorMessage\", \"userIdentity\", \"requestParameters\", \"responseElements\" as event_source, error_code, error_message, user_identity, requestParameters, responseElements nodrop\n| json field=requestParameters \"cacheClusterId\" as req_cacheClusterId nodrop\n| json field=responseElements \"cacheClusterId\" as res_cacheClusterId nodrop\n| json field=user_identity \"arn\", \"userName\" nodrop \n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_cacheClusterId), res_cacheClusterId, req_cacheClusterId) as cacheclusterid\n| where event_source matches \"elasticache.amazonaws.com\" and !isEmpty(error_code) and !isEmpty(error_message) and !isEmpty(user)\n| count as event_count by _messageTime, account, region, event_source, error_code, error_message, user, cacheclusterid\n| formatDate(_messageTime, \"MM/dd/yyyy HH:mm:ss:SSS Z\") as message_date\n| fields message_date, account, region, event_source, error_code, error_message, user, cacheclusterid\n| fields -_messageTime" } ], "triggers": [ { "detectionMethod": "StaticCondition", "triggerType": "Critical", - "timeRange": "-5m", - "threshold": 85, + "timeRange": "-15m", + "threshold": 10, "thresholdType": "GreaterThanOrEqual", "field": null, - "occurrenceType": "Always", - "triggerSource": "AnyTimeSeries" + "occurrenceType": "ResultCount", + "triggerSource": "AllResults" }, { "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", - "timeRange": "-5m", - "threshold": 85, + "timeRange": "-15m", + "threshold": 10, "thresholdType": "LessThan", "field": null, - "occurrenceType": "Always", - "triggerSource": "AnyTimeSeries" + "occurrenceType": "ResultCount", + "triggerSource": "AllResults" } ], "notifications": [], "isDisabled": true, - "groupNotifications": false, + "groupNotifications": true, "playbook": "" }, { - "name": "AWS Application Load Balancer - High Latency", - "description": "This alert fires when we detect that the average latency for a given Application load balancer within a time interval of 5 minutes is greater than or equal to three seconds.", + "name": "Amazon Elasticache - High Redis Database Memory Usage", + "description": "This alert fires when the average database memory usage within a 5 minute interval for the Redis engine is high (>=95%). When the value reaches 100%, eviction may happen or write operations may fail based on ElastiCache policies thereby impacting application performance.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/applicationelb metric=TargetResponseTime Statistic=Average account=* region=* loadbalancer=* | eval(_value*1000) | sum by account, region, namespace, loadbalancer" + "query": "Namespace=aws/elasticache metric=DatabaseMemoryUsagePercentage statistic=Average account=* region=* CacheClusterId=* CacheNodeId=* | avg by account, region, namespace, CacheClusterId, CacheNodeId" } ], "triggers": [ @@ -988,7 +1167,7 @@ "detectionMethod": "StaticCondition", "triggerType": "Critical", "timeRange": "-5m", - "threshold": 3000, + "threshold": 95, "thresholdType": "GreaterThanOrEqual", "field": null, "occurrenceType": "Always", @@ -998,7 +1177,7 @@ "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "timeRange": "-5m", - "threshold": 3000, + "threshold": 95, "thresholdType": "LessThan", "field": null, "occurrenceType": "Always", @@ -1011,15 +1190,18 @@ "playbook": "" }, { - "name": "AWS EC2 - High Disk Utilization", - "description": "This alert fires when the average disk utilization within a 5 minute time interval for an EC2 instance is high (>=85%).", + "name": "AWS EC2 - High System CPU Utilization", + "description": "This alert fires when the average system CPU utilization within a 5 minute interval for an EC2 instance is high (>=85%).", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/ec2 metric=Disk_UsedPercent account=* region=* instanceid=* | avg by account, region, namespace, instanceid, devname" + "query": "Namespace=aws/ec2 metric=CPU_Sys account=* region=* instanceid=* | avg by account, region, namespace, instanceid" } ], "triggers": [ @@ -1050,23 +1232,18 @@ "playbook": "" }, { - "name": "AWS Application Load Balancer - High 5XX Errors", - "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 5xx within an interval of 5 minutes.", + "name": "AWS Lambda - Low Provisioned Concurrency Utilization", + "description": "This alert fires when the average provisioned concurrency utilization for 5 minutes is low (<= 50%). This indicates low provisioned concurrency utilization efficiency.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/applicationelb metric=HTTPCode_ELB_5XX_Count Statistic=Sum account=* region=* loadbalancer=* | sum by loadbalancer, account, region, namespace" - }, - { - "rowId": "B", - "query": "Namespace=aws/applicationelb metric=RequestCount Statistic=Sum account=* region=* loadbalancer=* | sum by loadbalancer, account, region, namespace" - }, - { - "rowId": "C", - "query": "#A * 100 / #B along loadbalancer, account, region, namespace" + "query": "Namespace=aws/lambda metric=ProvisionedConcurrencyUtilization statistic=Average account=* region=* functionname=* | avg by functionname, namespace, region, account" } ], "triggers": [ @@ -1074,8 +1251,8 @@ "detectionMethod": "StaticCondition", "triggerType": "Critical", "timeRange": "-5m", - "threshold": 5, - "thresholdType": "GreaterThanOrEqual", + "threshold": 50, + "thresholdType": "LessThanOrEqual", "field": null, "occurrenceType": "Always", "triggerSource": "AnyTimeSeries" @@ -1084,8 +1261,8 @@ "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "timeRange": "-5m", - "threshold": 5, - "thresholdType": "LessThan", + "threshold": 50, + "thresholdType": "GreaterThan", "field": null, "occurrenceType": "Always", "triggerSource": "AnyTimeSeries" @@ -1097,23 +1274,18 @@ "playbook": "" }, { - "name": "AWS API Gateway - High 4XX Errors", - "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 4xx within an interval of 5 minutes.", + "name": "AWS DynamoDB - High Max Provisioned Table Write Capacity", + "description": "This alert fires when we detect that the average percentage of write provisioned capacity used by the highest write provisioned table of an account for a time interval of 5 minutes is great than or equal to 80%. High values indicate requests to the database are being throttled, which could further indicate that your application may not be working as intended.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/apigateway metric=4xxError Statistic=Sum account=* region=* apiname=* | sum by apiname, account, region, namespace" - }, - { - "rowId": "B", - "query": "Namespace=aws/apigateway metric=count Statistic=Sum account=* region=* apiname=* | sum by apiname, account, region, namespace" - }, - { - "rowId": "C", - "query": "#A * 100 / #B along apiname, account, region, namespace" + "query": "Namespace=aws/dynamodb metric=MaxProvisionedTableWriteCapacityUtilization statistic=Average account=* region=* | avg by namespace, region, account" } ], "triggers": [ @@ -1121,7 +1293,7 @@ "detectionMethod": "StaticCondition", "triggerType": "Critical", "timeRange": "-5m", - "threshold": 5, + "threshold": 80, "thresholdType": "GreaterThanOrEqual", "field": null, "occurrenceType": "Always", @@ -1131,7 +1303,7 @@ "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "timeRange": "-5m", - "threshold": 5, + "threshold": 80, "thresholdType": "LessThan", "field": null, "occurrenceType": "Always", @@ -1144,15 +1316,18 @@ "playbook": "" }, { - "name": "AWS API Gateway - High Latency", - "description": "This alert fires when we detect that the average latency for a given API Gateway is greater than or equal to one second for 5 minutes.", + "name": "AWS DynamoDB - High Max Provisioned Table Read Capacity", + "description": "This alert fires when we detect that the average percentage of read provisioned capacity used by the highest read provisioned table of an account for a time interval of 5 minutes is great than or equal to 80%. High values indicate requests to the database are being throttled, which could further indicate that your application may not be working as intended.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/apigateway metric=Latency statistic=Average account=* region=* apiname=* | avg by apiname, namespace, region, account" + "query": "Namespace=aws/dynamodb metric=MaxProvisionedTableReadCapacityUtilization statistic=Average account=* region=* | avg by namespace, region, account" } ], "triggers": [ @@ -1160,7 +1335,7 @@ "detectionMethod": "StaticCondition", "triggerType": "Critical", "timeRange": "-5m", - "threshold": 1000, + "threshold": 80, "thresholdType": "GreaterThanOrEqual", "field": null, "occurrenceType": "Always", @@ -1170,7 +1345,7 @@ "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "timeRange": "-5m", - "threshold": 1000, + "threshold": 80, "thresholdType": "LessThan", "field": null, "occurrenceType": "Always", @@ -1183,23 +1358,60 @@ "playbook": "" }, { - "name": "AWS Network Load Balancer - High Unhealthy Hosts", - "description": "This alert fires when we detect that are there are too many unhealthy hosts (>=10%) within an interval of 5 minutes for a given network load balancer", + "name": "AWS DynamoDB - Multiple Tables deleted", + "description": "This alert fires when we detect multiple failed operations for Elasticache service within 15 minutes", "type": "MonitorsLibraryMonitorExport", - "monitorType": "Metrics", + "monitorType": "Logs", "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/NetworkELB metric=UnHealthyHostCount Statistic=sum account=* region=* LoadBalancer=* AvailabilityZone=* | sum by LoadBalancer, AvailabilityZone, account, region, namespace" - }, + "query": "account=* region=* namespace=aws/dynamodb eventSource \"dynamodb.amazonaws.com\"\n| json \"eventSource\", \"eventName\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as event_source, event_name, tablename, SourceIp, UserName, ContextUserName nodrop\n| where event_source = \"dynamodb.amazonaws.com\" and event_name = \"DeleteTable\"\n| if (isEmpty(UserName), ContextUserName, UserName) as user\n| count by _messageTime, account, region, namespace, event_name, user, tablename\n| formatDate(_messageTime, \"MM/dd/yyyy HH:mm:ss:SSS Z\") as message_date\n| fields message_date, account, region, namespace, event_name, user, tablename\n| fields -_messageTime" + } + ], + "triggers": [ { - "rowId": "B", - "query": "Namespace=aws/NetworkELB metric=HealthyHostCount Statistic=sum account=* region=* LoadBalancer=* AvailabilityZone=* | sum by LoadBalancer, AvailabilityZone, account, region, namespace" + "detectionMethod": "StaticCondition", + "triggerType": "Critical", + "timeRange": "-15m", + "threshold": 5, + "thresholdType": "GreaterThanOrEqual", + "field": null, + "occurrenceType": "ResultCount", + "triggerSource": "AllResults" }, { - "rowId": "C", - "query": "#A * 100 / (#A + #B) along LoadBalancer, AvailabilityZone, account, region, namespace" + "detectionMethod": "StaticCondition", + "triggerType": "ResolvedCritical", + "timeRange": "-15m", + "threshold": 5, + "thresholdType": "LessThan", + "field": null, + "occurrenceType": "ResultCount", + "triggerSource": "AllResults" + } + ], + "notifications": [], + "isDisabled": true, + "groupNotifications": true, + "playbook": "" + }, + { + "name": "AWS DynamoDB - High Account Provisioned Write Capacity", + "description": "This alert fires when we detect that the average write capacity provisioned for an account for a time interval of 5 minutes is greater than or equal to 80%. High values indicate requests to the database are being throttled, which could further indicate that your application may not be working as intended.", + "type": "MonitorsLibraryMonitorExport", + "monitorType": "Metrics", + "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], + "queries": [ + { + "rowId": "A", + "query": "Namespace=aws/dynamodb metric=AccountProvisionedWriteCapacityUtilization statistic=Average account=* region=* | avg by namespace, region, account" } ], "triggers": [ @@ -1207,7 +1419,7 @@ "detectionMethod": "StaticCondition", "triggerType": "Critical", "timeRange": "-5m", - "threshold": 10, + "threshold": 80, "thresholdType": "GreaterThanOrEqual", "field": null, "occurrenceType": "Always", @@ -1217,7 +1429,7 @@ "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "timeRange": "-5m", - "threshold": 10, + "threshold": 80, "thresholdType": "LessThan", "field": null, "occurrenceType": "Always", @@ -1230,15 +1442,18 @@ "playbook": "" }, { - "name": "AWS API Gateway - High Integration Latency", - "description": "This alert fires when we detect that the average integration latency for a given API Gateway is greater than or equal to one second for 5 minutes.", + "name": "Amazon RDS - High Read Latency", + "description": "This alert fires when the average read latency of a database within a 5 minutes time inerval is high (>=5 seconds). High read latency will affect the performance of your application.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/apigateway metric=IntegrationLatency statistic=Average account=* region=* apiname=* | avg by apiname, namespace, region, account" + "query": "Namespace=aws/rds metric=ReadLatency statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account" } ], "triggers": [ @@ -1246,7 +1461,7 @@ "detectionMethod": "StaticCondition", "triggerType": "Critical", "timeRange": "-5m", - "threshold": 1000, + "threshold": 5, "thresholdType": "GreaterThanOrEqual", "field": null, "occurrenceType": "Always", @@ -1256,7 +1471,7 @@ "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "timeRange": "-5m", - "threshold": 1000, + "threshold": 5, "thresholdType": "LessThan", "field": null, "occurrenceType": "Always", @@ -1269,15 +1484,18 @@ "playbook": "" }, { - "name": "Amazon Elasticache - High Engine CPU Utilization", - "description": "This alert fires when the average CPU utilization for the Redis engine process within a 5 minute interval is high (>=90%). For larger node types with four vCPUs or more, use the EngineCPUUtilization metric to monitor and set thresholds for scaling.", + "name": "AWS Application Load Balancer - Access from Highly Malicious Sources", + "description": "This alert fires when an Application load balancer is accessed from highly malicious IP addresses within last 5 minutes", "type": "MonitorsLibraryMonitorExport", - "monitorType": "Metrics", + "monitorType": "Logs", "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/elasticache metric=EngineCPUUtilization statistic=Average account=* region=* CacheClusterId=* CacheNodeId=* | avg by CacheClusterId, CacheNodeId, account, region, namespace" + "query": "account=* region=* namespace=aws/applicationelb\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| parse regex \"(?\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp, loadbalancer, account, region, namespace\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by ClientIp, loadbalancer, account, region, namespace, MaliciousConfidence, Actor, LabelName" } ], "triggers": [ @@ -1285,21 +1503,67 @@ "detectionMethod": "StaticCondition", "triggerType": "Critical", "timeRange": "-5m", - "threshold": 90, - "thresholdType": "GreaterThanOrEqual", + "threshold": 0, + "thresholdType": "GreaterThan", "field": null, - "occurrenceType": "Always", - "triggerSource": "AnyTimeSeries" + "occurrenceType": "ResultCount", + "triggerSource": "AllResults" }, { "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "timeRange": "-5m", - "threshold": 90, - "thresholdType": "LessThan", + "threshold": 0, + "thresholdType": "LessThanOrEqual", "field": null, - "occurrenceType": "Always", - "triggerSource": "AnyTimeSeries" + "occurrenceType": "ResultCount", + "triggerSource": "AllResults" + } + ], + "notifications": [], + "isDisabled": true, + "groupNotifications": true, + "playbook": "" + }, + { + "name": "AWS Classic Load Balancer - High 4XX Errors", + "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 4xx within an interval of 5 minutes.", + "type": "MonitorsLibraryMonitorExport", + "monitorType": "Metrics", + "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], + "queries": [ + { + "rowId": "A", + "query": "Namespace=aws/elb metric=HTTPCode_ELB_4XX Statistic=Sum account=* region=* loadbalancername=* | sum by loadbalancername, account, region, namespace" + }, + { + "rowId": "B", + "query": "Namespace=aws/elb metric=RequestCount Statistic=Sum account=* region=* loadbalancername=* | sum by loadbalancername, account, region, namespace" + }, + { + "rowId": "C", + "query": "#A * 100 / #B along loadbalancername, account, region, namespace" + } + ], + "triggers": [ + { + "detectionMethod": "MetricsStaticCondition", + "triggerType": "Critical", + "timeRange": "-5m", + "threshold": 5, + "thresholdType": "GreaterThanOrEqual", + "occurrenceType": "Always" + }, + { + "detectionMethod": "MetricsStaticCondition", + "triggerType": "ResolvedCritical", + "timeRange": "-5m", + "threshold": 5, + "thresholdType": "LessThan", + "occurrenceType": "Always" } ], "notifications": [], @@ -1308,15 +1572,18 @@ "playbook": "" }, { - "name": "Amazon RDS - Low Burst Balance", - "description": "This alert fires when we observe a low burst balance (<= 50%) for a given database. A low burst balance indicates you won't be able to scale up as fast for burstable database workloads on gp2 volumes.", + "name": "Amazon RDS - High CPU Utilization", + "description": "This alert fires when we detect that the average CPU utilization for a database is high (>=85%) for an interval of 5 minutes.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/rds metric=BurstBalance statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account" + "query": "Namespace=aws/rds metric=CPUUtilization statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account" } ], "triggers": [ @@ -1324,8 +1591,8 @@ "detectionMethod": "StaticCondition", "triggerType": "Critical", "timeRange": "-5m", - "threshold": 50, - "thresholdType": "LessThanOrEqual", + "threshold": 85, + "thresholdType": "GreaterThanOrEqual", "field": null, "occurrenceType": "Always", "triggerSource": "AnyTimeSeries" @@ -1334,8 +1601,8 @@ "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "timeRange": "-5m", - "threshold": 50, - "thresholdType": "GreaterThan", + "threshold": 85, + "thresholdType": "LessThan", "field": null, "occurrenceType": "Always", "triggerSource": "AnyTimeSeries" @@ -1347,54 +1614,60 @@ "playbook": "" }, { - "name": "Amazon Elasticache - Multiple Failed Operations", - "description": "This alert fires when we detect multiple failed operations within a 15 minute interval for an ElastiCache service.", + "name": "Amazon RDS - High Disk Queue Depth", + "description": "This alert fires when the average disk queue depth for a database is high (>=5) for an interval of 5 minutes. Higher this value, higher will be the number of outstanding I/Os (read/write requests) waiting to access the disk, which will impact the performance of your application.", "type": "MonitorsLibraryMonitorExport", - "monitorType": "Logs", + "monitorType": "Metrics", "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "account=* region=* namespace=aws/elasticache \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" errorCode errorMessage\n| json \"eventSource\", \"errorCode\", \"errorMessage\", \"userIdentity\", \"requestParameters\", \"responseElements\" as event_source, error_code, error_message, user_identity, requestParameters, responseElements nodrop\n| json field=requestParameters \"cacheClusterId\" as req_cacheClusterId nodrop\n| json field=responseElements \"cacheClusterId\" as res_cacheClusterId nodrop\n| json field=user_identity \"arn\", \"userName\" nodrop \n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_cacheClusterId), res_cacheClusterId, req_cacheClusterId) as cacheclusterid\n| where event_source matches \"elasticache.amazonaws.com\" and !isEmpty(error_code) and !isEmpty(error_message) and !isEmpty(user)\n| count as event_count by _messageTime, account, region, event_source, error_code, error_message, user, cacheclusterid\n| formatDate(_messageTime, \"MM/dd/yyyy HH:mm:ss:SSS Z\") as message_date\n| fields message_date, account, region, event_source, error_code, error_message, user, cacheclusterid\n| fields -_messageTime" + "query": "Namespace=aws/rds metric=DiskQueueDepth statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account" } ], "triggers": [ { "detectionMethod": "StaticCondition", "triggerType": "Critical", - "timeRange": "-15m", - "threshold": 10, + "timeRange": "-5m", + "threshold": 5, "thresholdType": "GreaterThanOrEqual", "field": null, - "occurrenceType": "ResultCount", - "triggerSource": "AllResults" + "occurrenceType": "Always", + "triggerSource": "AnyTimeSeries" }, { "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", - "timeRange": "-15m", - "threshold": 10, + "timeRange": "-5m", + "threshold": 5, "thresholdType": "LessThan", "field": null, - "occurrenceType": "ResultCount", - "triggerSource": "AllResults" + "occurrenceType": "Always", + "triggerSource": "AnyTimeSeries" } ], "notifications": [], "isDisabled": true, - "groupNotifications": true, + "groupNotifications": false, "playbook": "" }, { - "name": "AWS DynamoDB - High Max Provisioned Table Write Capacity", - "description": "This alert fires when we detect that the average percentage of write provisioned capacity used by the highest write provisioned table of an account for a time interval of 5 minutes is great than or equal to 80%. High values indicate requests to the database are being throttled, which could further indicate that your application may not be working as intended.", + "name": "AWS DynamoDB - High Account Provisioned Read Capacity", + "description": "This alert fires when we detect that the average read capacity provisioned for an account for a time interval of 5 minutes is greater than or equal to 80%. High values indicate requests to the database are being throttled, which could further indicate that your application may not be working as intended.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/dynamodb metric=MaxProvisionedTableWriteCapacityUtilization statistic=Average account=* region=* | avg by namespace, region, account" + "query": "Namespace=aws/dynamodb metric=AccountProvisionedReadCapacityUtilization statistic=Average account=* region=* | avg by namespace, region, account" } ], "triggers": [ @@ -1425,4 +1698,4 @@ "playbook": "" } ] -} \ No newline at end of file +} diff --git a/aws-observability/json/Classic-lb-App.json b/aws-observability/json/Classic-lb-App.json new file mode 100644 index 00000000..481b1fb6 --- /dev/null +++ b/aws-observability/json/Classic-lb-App.json @@ -0,0 +1,3039 @@ +{ + "type": "FolderSyncDefinition", + "name": "AWS Classic Load Balancer", + "description": "", + "children": [ + { + "type": "DashboardV2SyncDefinition", + "name": "1. AWS Classic Load Balancer - Overview", + "description": "See the overview of Classic load balancer including the requests, healthy and unhealthy host count, backend response time, and active connections.", + "title": "1. AWS Classic Load Balancer - Overview", + "rootPanel": null, + "theme": "Light", + "topologyLabelMap": { + "data": { + "namespace": [ + "aws/elb" + ], + "region": [ + "*" + ], + "account": [ + "*" + ] + } + }, + "refreshInterval": 0, + "timeRange": { + "type": "BeginBoundedTimeRange", + "from": { + "type": "RelativeTimeRangeBoundary", + "relativeTime": "-1d" + }, + "to": null + }, + "layout": { + "layoutType": "Grid", + "layoutStructures": [ + { + "key": "panelpane-1b6c3f98bd2fa94a", + "structure": "{\"height\":5,\"width\":4,\"x\":16,\"y\":12}" + }, + { + "key": "panelpane-b28e428595aa7841", + "structure": "{\"height\":5,\"width\":4,\"x\":20,\"y\":12}" + }, + { + "key": "panelpane-3c5686918c144a48", + "structure": "{\"height\":5,\"width\":4,\"x\":12,\"y\":12}" + }, + { + "key": "panelpane-01a4cebc9d796a44", + "structure": "{\"height\":5,\"width\":4,\"x\":0,\"y\":12}" + }, + { + "key": "panelpane-5d596c23a60d9b43", + "structure": "{\"height\":5,\"width\":4,\"x\":4,\"y\":12}" + }, + { + "key": "panelpane-5711200884094842", + "structure": "{\"height\":5,\"width\":4,\"x\":8,\"y\":12}" + }, + { + "key": "panelpane-3919c994a29d9b4a", + "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":36}" + }, + { + "key": "panelpane-ed2772e08225f840", + "structure": "{\"height\":7,\"width\":24,\"x\":0,\"y\":17}" + }, + { + "key": "panelpane-97c80ce1b96ed948", + "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":24}" + }, + { + "key": "panelPANE-84EA9744A2C6BB47", + "structure": "{\"height\":12,\"width\":12,\"x\":0,\"y\":0}" + }, + { + "key": "panelPANE-AEBA84C2BE464B40", + "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":0}" + }, + { + "key": "panelPANE-BFCE029B9E625B46", + "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":6}" + }, + { + "key": "panelPANE-C44F0671A5AFEA41", + "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":6}" + }, + { + "key": "panel4A7F28558036BA4D", + "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":24}" + }, + { + "key": "panelPANE-5AE57A6E80107B44", + "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":0}" + } + ] + }, + "panels": [ + { + "id": null, + "key": "panelpane-1b6c3f98bd2fa94a", + "title": "Healthy Hosts", + "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Latest\",\"valueFontSize\":24,\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"labelFontSize\":16,\"label\":\"Hosts\",\"rounding\":0,\"sparkline\":{\"show\":true,\"color\":\"\"}},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HealthyHostCount Statistic=Average | avg", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-b28e428595aa7841", + "title": "Unhealthy Hosts", + "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Latest\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"label\":\"Hosts\",\"valueFontSize\":24,\"labelFontSize\":16,\"sparkline\":{\"show\":true,\"color\":\"\"},\"rounding\":0},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=UnHealthyHostCount Statistic=Average | avg", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-3c5686918c144a48", + "title": "Backend Connection Errors", + "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Sum\",\"label\":\"Errors\",\"thresholds\":[{\"from\":0,\"to\":10,\"color\":\"#527b01\"},{\"from\":10,\"to\":20,\"color\":\"#b18209\"},{\"from\":20,\"to\":null,\"color\":\"#b63010\"}],\"valueFontSize\":24,\"labelFontSize\":16,\"noDataString\":\"0\",\"rounding\":0,\"sparkline\":{\"show\":true,\"color\":\"\"}},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=BackendConnectionErrors Statistic=Sum | sum", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-01a4cebc9d796a44", + "title": "Request Count", + "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Sum\",\"label\":\"Requests\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"valueFontSize\":24,\"labelFontSize\":16,\"noDataString\":\"0\",\"sparkline\":{\"show\":true,\"color\":\"\"},\"rounding\":0},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=RequestCount Statistic=Sum | sum", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-5d596c23a60d9b43", + "title": "Surge Queue Length", + "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Sum\",\"label\":\"Surge Queue Length\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"valueFontSize\":24,\"labelFontSize\":16,\"noDataString\":\"0\",\"sparkline\":{\"show\":true,\"color\":\"\"},\"rounding\":0},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=SurgeQueueLength Statistic=Sum | sum", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-5711200884094842", + "title": "Spillover Count", + "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Sum\",\"label\":\"Spillover Count\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"valueFontSize\":24,\"labelFontSize\":16,\"noDataString\":\"0\",\"sparkline\":{\"show\":true,\"color\":\"\"},\"rounding\":0},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=SpilloverCount Statistic=Sum | sum", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-3919c994a29d9b4a", + "title": "Overall Healthy vs Unhealthy Host Count", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Host Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Healthy Host - {{loadbalancername}}\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"UnHealthy Host - {{loadbalancername}}\"}}],\"color\":{\"family\":\"scheme7\"},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HealthyHostCount Statistic=Average | avg by account, region, namespace, loadbalancername", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + }, + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=UnHealthyHostCount Statistic=Average | avg by account, region, namespace, loadbalancername", + "queryType": "Metrics", + "queryKey": "B", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-ed2772e08225f840", + "title": "Requests Served by Load Balancer", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"column\",\"name\":\"{{loadbalancername}}\"}}],\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=RequestCount Statistic=Sum | sum by account, region, namespace, loadbalancername", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-97c80ce1b96ed948", + "title": "4XX by Load Balancer", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{loadbalancername}}\"}}],\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HTTPCode_ELB_4XX Statistic=Sum | sum by account, region, namespace, loadbalancername", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-84EA9744A2C6BB47", + "title": "Request Locations", + "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop \n| count by ClientIP\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIP\n| sum(_count) by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-AEBA84C2BE464B40", + "title": "Load Balancer Latency (ms)", + "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":1001,\"color\":\"#75bf00\"},{\"from\":1001,\"to\":3001,\"color\":\"#f6c851\"},{\"from\":3001,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=Latency Statistic=Average | eval(_value*1000) | avg by account, region, namespace, loadbalancername", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-BFCE029B9E625B46", + "title": "5xx Error Codes by Load Balancer", + "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":5,\"to\":50,\"color\":\"#f6c851\"},{\"from\":50,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HTTPCode_ELB_5XX Statistic=Sum | sum by account, region, namespace, loadbalancername", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-C44F0671A5AFEA41", + "title": "4xx Error Codes by Load Balancer", + "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":10,\"color\":\"#75bf00\"},{\"from\":10,\"to\":50,\"color\":\"#f6c851\"},{\"from\":50,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HTTPCode_ELB_4XX Statistic=Sum | sum by account, region, namespace, loadbalancername", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panel4A7F28558036BA4D", + "title": "5XX by Load Balancer", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{loadbalancername}}\"}}],\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HTTPCode_ELB_5XX Statistic=Sum | sum by account, region, namespace, loadbalancername", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-5AE57A6E80107B44", + "title": "Threat Intel Count", + "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":1,\"color\":\"#8ecc1b\"},{\"from\":1,\"to\":5,\"color\":\"#f6c851\"},{\"from\":5,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| parse field=request \"* *://*:*/* HTTP\" as method, protocol, domain, server_port, path nodrop\n| parse field=client \"*:*\" as ClientIP, Cport nodrop\n| parse field=backend \"*:*\" as BackendIP, Backend_port nodrop\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| timeslice 5m\n| count as ip_count by ClientIp, loadbalancername, account, region, namespace\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by loadbalancername, account, region, namespace\n| sort by ThreatCount", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + } + ], + "variables": [ + { + "id": null, + "name": "account", + "displayName": null, + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "", + "key": "account" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "region", + "displayName": null, + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}}", + "key": "region" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "namespace", + "displayName": "namespace", + "defaultValue": "aws/elb", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}} namespace=aws/elb", + "key": "namespace" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "loadbalancername", + "displayName": "loadbalancername", + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}} namespace={{namespace}}", + "key": "loadbalancername" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + } + ], + "coloringRules": [] + }, + { + "type": "DashboardV2SyncDefinition", + "name": "1. AWS Classic Load Balancer - Response Analysis", + "description": "See the details of the Classic Load Balancer HTTP codes 3XX, 4XX, and 5XX by availability zone, and load balancer.", + "title": "1. AWS Classic Load Balancer - Response Analysis", + "rootPanel": null, + "theme": "Light", + "topologyLabelMap": { + "data": { + "loadbalancername": [ + "*" + ], + "namespace": [ + "aws/elb" + ], + "region": [ + "*" + ], + "account": [ + "*" + ] + } + }, + "refreshInterval": 0, + "timeRange": { + "type": "BeginBoundedTimeRange", + "from": { + "type": "RelativeTimeRangeBoundary", + "relativeTime": "-1d" + }, + "to": null + }, + "layout": { + "layoutType": "Grid", + "layoutStructures": [ + { + "key": "panelPANE-6431EF94BE865945", + "structure": "{\"height\":1,\"width\":8,\"x\":0,\"y\":6}" + }, + { + "key": "panelPANE-9488B966ABC1E940", + "structure": "{\"height\":1,\"width\":8,\"x\":8,\"y\":6}" + }, + { + "key": "panel80A18A0EB225FB4B", + "structure": "{\"height\":1,\"width\":8,\"x\":16,\"y\":6}" + }, + { + "key": "panel373343E8B68AA846", + "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":20}" + }, + { + "key": "panelPANE-351E28339D1FDB40", + "structure": "{\"height\":7,\"width\":8,\"x\":8,\"y\":7}" + }, + { + "key": "panelAA81D9348A212B4B", + "structure": "{\"height\":7,\"width\":8,\"x\":0,\"y\":7}" + }, + { + "key": "panelFAD82336AEDD0B49", + "structure": "{\"height\":7,\"width\":8,\"x\":16,\"y\":7}" + }, + { + "key": "panelPANE-CCFCC1BB99CA3843", + "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":14}" + }, + { + "key": "panelE7BD64DF89B9B94E", + "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":20}" + }, + { + "key": "panel849F83B5B73CC844", + "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":20}" + }, + { + "key": "panel848E183B8031884D", + "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":14}" + }, + { + "key": "panel114E4560B4917A43", + "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":14}" + }, + { + "key": "panelPANE-4E589BF4AEA7D84B", + "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":0}" + } + ] + }, + "panels": [ + { + "id": null, + "key": "panelPANE-6431EF94BE865945", + "title": "Untitled", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"showTitle\":false,\"backgroundColor\":\"#f36644\",\"textColor\":\"#222d3b\"}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "Load Balancer 5XX Response Codes" + }, + { + "id": null, + "key": "panelPANE-9488B966ABC1E940", + "title": "Untitled", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"textColor\":\"#222d3b\",\"backgroundColor\":\"#f4a866\",\"showTitle\":false}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "Load Balancer 4XX Response Codes" + }, + { + "id": null, + "key": "panel80A18A0EB225FB4B", + "title": "Untitled", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"textColor\":\"#222d3b\",\"backgroundColor\":\"#f6c851\",\"showTitle\":false}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "Load Balancer 3XX Response Codes" + }, + { + "id": null, + "key": "panel373343E8B68AA846", + "title": "5XX ELB Response Codes", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"loadbalancername={{loadbalancername}} AvailabilityZone={{AvailabilityZone}}\"}}],\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_ELB_5XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-351E28339D1FDB40", + "title": "Client Locations", + "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| where (elb_status_code matches \"4*\")\n| count by ClientIP\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIP\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelAA81D9348A212B4B", + "title": "Client Locations", + "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| where (elb_status_code matches \"5*\")\n| count by ClientIP\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIP\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelFAD82336AEDD0B49", + "title": "Client Locations", + "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| where (elb_status_code matches \"3*\")\n| count by ClientIP\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIP\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-CCFCC1BB99CA3843", + "title": "Events - 5XX Response Codes", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Server Errors\"}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| if(elb_status_code matches \"5*\", 1, 0) as ServerErrors \n| timeslice 1m\n| sum(ServerErrors) as ServerErrors by _timeslice\n| sort _timeslice asc", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelE7BD64DF89B9B94E", + "title": "4XX ELB Response Codes", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"loadbalancername={{loadbalancername}} AvailabilityZone={{AvailabilityZone}}\"}}],\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HTTPCode_ELB_4XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panel849F83B5B73CC844", + "title": "Backend Response Codes", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"loadbalancername={{loadbalancername}} AvailabilityZone={{AvailabilityZone}} metric={{metric}}\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"loadbalancername={{loadbalancername}} AvailabilityZone={{AvailabilityZone}} metric={{metric}}\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"name\":\"loadbalancername={{loadbalancername}} AvailabilityZone={{AvailabilityZone}} metric={{metric}}\"}}],\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_Backend_3XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + }, + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_Backend_4XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone", + "queryType": "Metrics", + "queryKey": "B", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + }, + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_Backend_5XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone", + "queryType": "Metrics", + "queryKey": "C", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panel848E183B8031884D", + "title": "Events - 4XX Response Codes", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Server Errors\"}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| if(elb_status_code matches \"4*\", 1, 0) as ServerErrors \n| timeslice 1m\n| sum(ServerErrors) as ServerErrors by _timeslice\n| sort _timeslice asc", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panel114E4560B4917A43", + "title": "Events - 3XX Response Codes", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Server Errors\"}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| if(elb_status_code matches \"3*\", 1, 0) as ServerErrors \n| timeslice 1m\n| sum(ServerErrors) as ServerErrors by _timeslice\n| sort _timeslice asc", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-4E589BF4AEA7D84B", + "title": "Response Codes Distribution by Domain and URI", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account=* region=* namespace=aws/elb\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"*\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI \n| if (elb_status_code matches \"5*\",1,0) as ELB_5XX\n| if (elb_status_code matches \"4*\",1,0) as ELB_4XX\n| if (elb_status_code matches \"3*\",1,0) as ELB_3XX\n| sum(ELB_5XX) as ELB_5XX, sum(ELB_4XX) as ELB_4XX, sum(ELB_3XX) as ELB_3XX by loadbalancername, Domain, URI\n| limit 20\n| sort by ELB_5XX", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + } + ], + "variables": [ + { + "id": null, + "name": "account", + "displayName": null, + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "", + "key": "account" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "region", + "displayName": null, + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}}", + "key": "region" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "namespace", + "displayName": "namespace", + "defaultValue": "aws/elb", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}} namespace=aws/elb", + "key": "namespace" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "loadbalancername", + "displayName": "loadbalancername", + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}} namespace={{namespace}}", + "key": "loadbalancername" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + } + ], + "coloringRules": [] + }, + { + "type": "DashboardV2SyncDefinition", + "name": "2. AWS Classic Load Balancer - Backend Response Analysis", + "description": "See the details of the Backend HTTP codes 2XX, 3XX, 4XX, and 5XX by availability zone, and load balancer name.", + "title": "2. AWS Classic Load Balancer - Backend Response Analysis", + "rootPanel": null, + "theme": "Light", + "topologyLabelMap": { + "data": { + "loadbalancername": [ + "*" + ], + "namespace": [ + "aws/elb" + ], + "region": [ + "*" + ], + "account": [ + "*" + ] + } + }, + "refreshInterval": 0, + "timeRange": { + "type": "BeginBoundedTimeRange", + "from": { + "type": "RelativeTimeRangeBoundary", + "relativeTime": "-1d" + }, + "to": null + }, + "layout": { + "layoutType": "Grid", + "layoutStructures": [ + { + "key": "panelPANE-EFB93C23B0ABA948", + "structure": "{\"height\":1,\"width\":12,\"x\":0,\"y\":6}" + }, + { + "key": "panel05DD969FA8F84846", + "structure": "{\"height\":1,\"width\":12,\"x\":12,\"y\":19}" + }, + { + "key": "panelE8037BA1BAFE4840", + "structure": "{\"height\":1,\"width\":12,\"x\":12,\"y\":6}" + }, + { + "key": "panel11E5E924B7E46B4D", + "structure": "{\"height\":1,\"width\":12,\"x\":0,\"y\":19}" + }, + { + "key": "panelPANE-31F3A4E7852C484F", + "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":0}" + }, + { + "key": "panel8D3D1B68A68C1B49", + "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":7}" + }, + { + "key": "panelA52CD401A29F7942", + "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":20}" + }, + { + "key": "panelDF364B0988414A44", + "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":20}" + }, + { + "key": "panelPANE-2A2CE58CB024284B", + "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":13}" + }, + { + "key": "panelDCE3556190369A4B", + "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":13}" + }, + { + "key": "panel74660D2CA5358B47", + "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":26}" + }, + { + "key": "panelA5A5D6698A94CB4F", + "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":26}" + }, + { + "key": "panel13B1911EADE35944", + "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":7}" + } + ] + }, + "panels": [ + { + "id": null, + "key": "panelPANE-EFB93C23B0ABA948", + "title": "5xx", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"textColor\":\"#222d3b\",\"backgroundColor\":\"#f36644\",\"showTitle\":false},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "Backend 5XX Response Codes" + }, + { + "id": null, + "key": "panel05DD969FA8F84846", + "title": "2XX", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"textColor\":\"#222d3b\",\"backgroundColor\":\"#75bf00\",\"showTitle\":false},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "Backend 2XX Response Codes" + }, + { + "id": null, + "key": "panelE8037BA1BAFE4840", + "title": "4xx", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"textColor\":\"#222d3b\",\"backgroundColor\":\"#f4a866\",\"showTitle\":false},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "Backend 4XX Response Codes" + }, + { + "id": null, + "key": "panel11E5E924B7E46B4D", + "title": "3XX", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"textColor\":\"#222d3b\",\"backgroundColor\":\"#f6c851\",\"showTitle\":false},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "Backend 3XX Response Codes" + }, + { + "id": null, + "key": "panelPANE-31F3A4E7852C484F", + "title": "Response Codes Distribution by Domain and URI", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"*\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| parse field=client \"*:*\" as clientIP, port nodrop\n| parse field=backend \"*:*\" as backendIP, backend_port nodrop\n| fields - request, client, backend\n| if (backend_status_code matches \"5*\",1,0) as Backend_5XX\n| if (backend_status_code matches \"4*\",1,0) as Backend_4XX\n| if (backend_status_code matches \"3*\",1,0) as Backend_3XX\n| if (backend_status_code matches \"2*\",1,0) as Backend_2XX\n| sum(Backend_5XX) as Backend_5XX, sum(Backend_4XX) as Backend_4XX, sum(Backend_3XX) as Backend_3XX, sum(Backend_2XX) as Backend_2XX by loadbalancername, Domain, URI\n| limit 20\n| sort by Backend_5XX, Backend_4XX, Backend_3XX, Backend_2XX ", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panel8D3D1B68A68C1B49", + "title": "4XX Backend Response Codes", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancername={{loadbalancername}}\"}}],\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_Backend_4XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelA52CD401A29F7942", + "title": "2XX Backend Response Codes", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancername={{loadbalancername}}\"}}],\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_Backend_2XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone ", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelDF364B0988414A44", + "title": "3XX Backend Response Codes", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancername={{loadbalancername}}\"}}],\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_Backend_3XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone ", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-2A2CE58CB024284B", + "title": "Events - 5XX Response Codes", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| where !isEmpty(backend_status_code)\n| if(backend_status_code matches \"5*\", 1, 0) as BackendErrors\n| timeslice 1m\n| sum(BackendErrors) as BackendErrors by _timeslice, Loadbalancername\n| transpose row _timeslice column Loadbalancername", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelDCE3556190369A4B", + "title": "Events - 4XX Response Codes", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| where !isEmpty(backend_status_code)\n| if(backend_status_code matches \"4*\", 1, 0) as BackendErrors\n| timeslice 1m\n| sum(BackendErrors) as BackendErrors by _timeslice, Loadbalancername\n| transpose row _timeslice column Loadbalancername", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panel74660D2CA5358B47", + "title": "Events - 3XX Response Codes", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| where !isEmpty(backend_status_code)\n| if(backend_status_code matches \"3*\", 1, 0) as BackendErrors\n| timeslice 1m\n| sum(BackendErrors) as BackendErrors by _timeslice, Loadbalancername\n| transpose row _timeslice column Loadbalancername", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelA5A5D6698A94CB4F", + "title": "Events - 2XX Response Codes", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| where !isEmpty(backend_status_code)\n| if(backend_status_code matches \"2*\", 1, 0) as BackendErrors\n| timeslice 1m\n| sum(BackendErrors) as BackendErrors by _timeslice, Loadbalancername\n| transpose row _timeslice column Loadbalancername", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panel13B1911EADE35944", + "title": "5XX Backend Response Codes", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancername={{loadbalancername}}\"}}],\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_Backend_5XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + } + ], + "variables": [ + { + "id": null, + "name": "account", + "displayName": null, + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "", + "key": "account" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "region", + "displayName": null, + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}}", + "key": "region" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "namespace", + "displayName": "namespace", + "defaultValue": "aws/elb", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}} namespace=aws/elb", + "key": "namespace" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "loadbalancername", + "displayName": "loadbalancername", + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}} namespace={{namespace}}", + "key": "loadbalancername" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + } + ], + "coloringRules": [] + }, + { + "type": "DashboardV2SyncDefinition", + "name": "3. AWS Classic Load Balancer - Latency Overview", + "description": "See the details of latency in your classic load balancer by availability zone, and load balancer name.", + "title": "3. AWS Classic Load Balancer - Latency Overview", + "rootPanel": null, + "theme": "Light", + "topologyLabelMap": { + "data": { + "loadbalancername": [ + "*" + ], + "namespace": [ + "aws/elb" + ], + "region": [ + "*" + ], + "account": [ + "*" + ] + } + }, + "refreshInterval": 0, + "timeRange": { + "type": "BeginBoundedTimeRange", + "from": { + "type": "RelativeTimeRangeBoundary", + "relativeTime": "-1d" + }, + "to": null + }, + "layout": { + "layoutType": "Grid", + "layoutStructures": [ + { + "key": "panelpane-8fb7ac20b210584f", + "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":1}" + }, + { + "key": "panelpane-46aba672bb08b846", + "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":8}" + }, + { + "key": "panelpane-3ebb85e685bf1b4f", + "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":8}" + }, + { + "key": "panelpane-c1ca3098892bea40", + "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":14}" + }, + { + "key": "panelpane-c301d958990e694d", + "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":14}" + }, + { + "key": "panelPANE-42811CC2ADA89846", + "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":0}" + }, + { + "key": "panelPANE-BAF589A28E007840", + "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":7}" + } + ] + }, + "panels": [ + { + "id": null, + "key": "panelpane-8fb7ac20b210584f", + "title": "Latency", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Latency\",\"unit\":{\"value\":\"s\",\"isCustom\":false}},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancername={{loadbalancername}}\"}}],\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=Latency Statistic=Average | avg by account, region, namespace, loadbalancername, AvailabilityZone", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-46aba672bb08b846", + "title": "Max and Average Total Client Latency by Loadbalancername", + "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"column\",\"fontSize\":12,\"paginationPageSize\":100,\"displayType\":\"default\",\"fillOpacity\":1},\"color\":{\"family\":\"scheme1\"},\"hiddenQueryKeys\":[],\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\"},\"axes\":{\"axisY\":{\"title\":\"Average Latency\",\"unit\":{\"value\":\"s\",\"isCustom\":false},\"hideLabels\":false},\"axisX\":{\"title\":\"loadbalancername\"},\"axisY2\":{\"hideLabels\":false,\"unit\":{\"value\":\"s\",\"isCustom\":false},\"title\":\"Max Latency\"}},\"series\":{},\"overrides\":[{\"series\":[\"AverageClientLatency\"],\"queries\":[],\"properties\":{\"axisYType\":\"primary\"}},{\"series\":[\"MaximumClientLatency\"],\"queries\":[],\"properties\":{\"axisYType\":\"secondary\"}}]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| (request_processing_time+backend_processing_time+response_processing_time) as ClientLatency\n| avg(ClientLatency) as AverageClientLatency, max(ClientLatency) as MaximumClientLatency by loadbalancername\n| order by MaximumClientLatency", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-3ebb85e685bf1b4f", + "title": "Max and Average Backend Processing Time by Loadbalancername", + "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"column\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Avg Latency\",\"unit\":{\"value\":\"s\",\"isCustom\":false}},\"axisX\":{\"title\":\"loadbalancername\"},\"axisY2\":{\"title\":\"Max latency\",\"unit\":{\"value\":\"Seconds\",\"isCustom\":true}}},\"series\":{},\"overrides\":[{\"series\":[\"AverageBackendProcessingTime\"],\"queries\":[],\"properties\":{\"axisYType\":\"primary\"}},{\"series\":[\"MaximumBackendProcessingTime\"],\"queries\":[],\"properties\":{\"axisYType\":\"secondary\"}}]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| avg(backend_processing_time) as AverageBackendProcessingTime, max(backend_processing_time) as MaximumBackendProcessingTime by loadbalancername\n| order by MaximumBackendProcessingTime", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-c1ca3098892bea40", + "title": "Average Total Client Latency Over Time by Loadbalancername", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"area\"},\"axes\":{\"axisY\":{\"title\":\"Latency\",\"unit\":{\"value\":\"s\",\"isCustom\":false}},\"axisX\":{\"title\":\"\"}},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| (request_processing_time+backend_processing_time+response_processing_time) as ClientLatency\n| timeslice 1m\n| avg(ClientLatency) as AverageClientLatency by loadbalancername ,_timeslice\n| transpose row _timeslice column loadbalancername", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-c301d958990e694d", + "title": "Average Response Processing Time Over Time by Loadbalancername", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"area\"},\"axes\":{\"axisY\":{\"title\":\"Latency\",\"unit\":{\"value\":\"s\",\"isCustom\":false}},\"axisX\":{\"title\":\"\"}},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| (request_processing_time+backend_processing_time+response_processing_time) as ClientLatency\n| timeslice by 1m\n| avg(response_processing_time) as AverageResponseProcessingTime by _timeslice, loadbalancername\n| transpose row _timeslice column loadbalancername", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-42811CC2ADA89846", + "title": "Response", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"backgroundColor\":\"#dfe5e9\",\"showTitle\":false},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "Overall Latency" + }, + { + "id": null, + "key": "panelPANE-BAF589A28E007840", + "title": "Latency", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"backgroundColor\":\"#dfe5e9\",\"showTitle\":false}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "Events - Backend Latency" + } + ], + "variables": [ + { + "id": null, + "name": "account", + "displayName": null, + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "", + "key": "account" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "region", + "displayName": null, + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}}", + "key": "region" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "namespace", + "displayName": "namespace", + "defaultValue": "aws/elb", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}} namespace=aws/elb", + "key": "namespace" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "loadbalancername", + "displayName": "loadbalancername", + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}} namespace={{namespace}}", + "key": "loadbalancername" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + } + ], + "coloringRules": [] + }, + { + "type": "DashboardV2SyncDefinition", + "name": "4. AWS Classic Load Balancer - Latency Details", + "description": "See the details of latency in your classic load balancer including the average and maximum request and response processing time, by backend and ELB.", + "title": "4. AWS Classic Load Balancer - Latency Details", + "rootPanel": null, + "theme": "Light", + "topologyLabelMap": { + "data": { + "loadbalancername": [ + "*" + ], + "namespace": [ + "aws/elb" + ], + "region": [ + "*" + ], + "account": [ + "*" + ] + } + }, + "refreshInterval": 0, + "timeRange": { + "type": "BeginBoundedTimeRange", + "from": { + "type": "RelativeTimeRangeBoundary", + "relativeTime": "-1d" + }, + "to": null + }, + "layout": { + "layoutType": "Grid", + "layoutStructures": [ + { + "key": "panelpane-e21d1869af8bbb43", + "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":0}" + }, + { + "key": "panelpane-50edccbfa1cd8b4f", + "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":6}" + }, + { + "key": "panelpane-39d07f8699151b42", + "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":6}" + }, + { + "key": "panelpane-6fda9ea0b259db4f", + "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":12}" + }, + { + "key": "panelpane-256726aaafcdba4d", + "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":24}" + }, + { + "key": "panelpane-d9489b8ebd5daa4c", + "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":18}" + }, + { + "key": "panelpane-fee25a48afe96841", + "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":18}" + }, + { + "key": "panelpane-9fa04ab689a4594a", + "structure": "{\"height\":5,\"width\":24,\"x\":0,\"y\":30}" + }, + { + "key": "panelPANE-BCC4A01F93DBD84C", + "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":24}" + }, + { + "key": "panelPANE-E66D573EAA3BBA47", + "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":12,\"minHeight\":3,\"minWidth\":3}" + } + ] + }, + "panels": [ + { + "id": null, + "key": "panelpane-e21d1869af8bbb43", + "title": "Defintions", + "visualSettings": "{\"text\":{\"format\":\"markdown\",\"backgroundColor\":\"#ffffff\"},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "#### All Time units are in Seconds\n\n#### **Client Latency** = ( RequestProcessingTime + BackendProcessingTime + ResponseProcessingTime)\n\n#### **RequestProcessingTime** = The total time elapsed from the time the load balancer received the request until the time it sent it to a registered instance.\n\n#### **BackendProcessingTime** = The total time elapsed from the time the load balancer sent the request to a registered instance until the instance started to send the response headers.\n\n#### **ResponseProcessingTime** = The total time elapsed from the time the load balancer received the response header from the registered instance until it started to send the response to the client. This includes both the queuing time at the load balancer and the connection acquisition time from the load balancer to the back end.\n\n" + }, + { + "id": null, + "key": "panelpane-50edccbfa1cd8b4f", + "title": "Events - Client Latency by Domain", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme3\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| timeslice by 1m\n| avg(request_processing_time) as a1, avg(backend_processing_time) as a2,avg(response_processing_time) as a3 by _timeslice, Domain \n| (a1+a2+a3) as TotalProcessTime\n| fields _timeslice, Domain, TotalProcessTime \n| transpose row _timeslice column Domain", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-39d07f8699151b42", + "title": "Events - Client Latency by ELB Server", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme3\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| timeslice by 1m\n| avg(request_processing_time) as a1, avg(backend_processing_time) as a2,avg(response_processing_time) as a3 by _timeslice, loadbalancername\n| (a1+a2+a3) as TotalProcessTime\n| fields _timeslice, loadbalancername, TotalProcessTime \n| transpose row _timeslice column loadbalancername", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-6fda9ea0b259db4f", + "title": "Events - Average Response Processing Time by ELB Server", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| timeslice by 1m\n| avg(response_processing_time) as AverageResponseProcessingTime by _timeslice, loadbalancername\n| transpose row _timeslice column loadbalancername", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-256726aaafcdba4d", + "title": "Events - Average Request Processing Time by URI", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| timeslice by 1m\n| avg(request_processing_time) as AverageRequestProcessingTime by _timeslice, URI\n| transpose row _timeslice column URI", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-d9489b8ebd5daa4c", + "title": "Events - Max Request Processing Time by ELB Server", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| timeslice by 1m\n| max(request_processing_time) as MaximumRequestProcessingTime by _timeslice, loadbalancername\n| transpose row _timeslice column loadbalancername", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-fee25a48afe96841", + "title": "Events - Max Response Processing Time by ELB Server", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| timeslice by 1m\n| max(response_processing_time) as MaximumResponseProcessingTime by _timeslice, loadbalancername\n| transpose row _timeslice column loadbalancername", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-9fa04ab689a4594a", + "title": "Events - Top 20 Client Latency by Paths", + "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"table\"},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| avg(request_processing_time) as a1, avg(backend_processing_time) as a2,avg(response_processing_time) as a3 by URI\n| (a1+a2+a3) as TotalProcessTime\n| fields URI, TotalProcessTime \n| sort by TotalProcessTime \n| limit 20", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-BCC4A01F93DBD84C", + "title": "Events - Average Response Processing Time by URI", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Time\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| timeslice by 1m\n| avg(response_processing_time) as AverageResponseProcessingTime by _timeslice, URI\n| transpose row _timeslice column URI", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-E66D573EAA3BBA47", + "title": "Events - Average Request Processing Time by ELB Server", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{},\"overrides\":[],\"legend\":{\"enabled\":false}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| timeslice by 1m\n| avg(request_processing_time) as AverageRequestProcessingTime by _timeslice, loadbalancername\n| transpose row _timeslice column loadbalancername", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + } + ], + "variables": [ + { + "id": null, + "name": "account", + "displayName": null, + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "", + "key": "account" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "region", + "displayName": null, + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}}", + "key": "region" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "namespace", + "displayName": "namespace", + "defaultValue": "aws/elb", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}} namespace=aws/elb", + "key": "namespace" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "loadbalancername", + "displayName": "loadbalancername", + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}} namespace={{namespace}}", + "key": "loadbalancername" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + } + ], + "coloringRules": [] + }, + { + "type": "DashboardV2SyncDefinition", + "name": "5. AWS Classic Load Balancer - Connections and Host Status", + "description": "See the details of connections and host status including the average unhealthy host count, and healthy host count by availability zone, and load balancer name.", + "title": "5. AWS Classic Load Balancer - Connections and Host Status", + "rootPanel": null, + "theme": "Light", + "topologyLabelMap": { + "data": { + "loadbalancername": [ + "*" + ], + "namespace": [ + "aws/elb" + ], + "region": [ + "*" + ], + "account": [ + "*" + ] + } + }, + "refreshInterval": 0, + "timeRange": { + "type": "BeginBoundedTimeRange", + "from": { + "type": "RelativeTimeRangeBoundary", + "relativeTime": "-1d" + }, + "to": null + }, + "layout": { + "layoutType": "Grid", + "layoutStructures": [ + { + "key": "panelpane-72162e80bf98794a", + "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":20}" + }, + { + "key": "panelpane-3f69e9d8acb63944", + "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":13}" + }, + { + "key": "panelpane-b0dcb7ce9acff84d", + "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":6}" + }, + { + "key": "panelpane-0a6b3b1a8e6f2a4d", + "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":6}" + }, + { + "key": "panelpane-256d7e9895990b46", + "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":6}" + }, + { + "key": "panelPANE-AC8CEF56B14A3B49", + "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":5}" + }, + { + "key": "panelA50246B29A29584D", + "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":12}" + }, + { + "key": "panel248E85BAAAC3FA49", + "structure": "{\"height\":1,\"width\":12,\"x\":0,\"y\":19}" + }, + { + "key": "panel93A07615B0C15B44", + "structure": "{\"height\":1,\"width\":12,\"x\":12,\"y\":19}" + }, + { + "key": "panelF582E76F8F681B46", + "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":13}" + }, + { + "key": "panelDCF2F2A88E731942", + "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":13}" + }, + { + "key": "panel15B701BABC802B4F", + "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":20}" + }, + { + "key": "panelPANE-9EB0E883B1BAB84B", + "structure": "{\"height\":5,\"width\":24,\"x\":0,\"y\":0}" + } + ] + }, + "panels": [ + { + "id": null, + "key": "panelpane-72162e80bf98794a", + "title": "Unhealthy Hosts", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancername={{loadbalancername}}\"}}],\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=UnHealthyHostCount Statistic=Average | avg by account, region, namespace, loadbalancername, AvailabilityZone", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-3f69e9d8acb63944", + "title": "Backend Connections Errors", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancername={{loadbalancername}}\"}}],\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=BackendConnectionErrors Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-b0dcb7ce9acff84d", + "title": "Active Connections", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{loadbalancername}}\"}}],\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=EstimatedALBActiveConnectionCount Statistic=Sum | sum by account, region, namespace, loadbalancername", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-0a6b3b1a8e6f2a4d", + "title": "New Connections", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{loadbalancername}}\"}}],\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=EstimatedALBNewConnectionCount Statistic=Sum | sum by account, region, namespace, loadbalancername", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-256d7e9895990b46", + "title": "Rejected Connections (Using Spillover Count)", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancername={{loadbalancername}}\"}}],\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=SpilloverCount Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-AC8CEF56B14A3B49", + "title": "Connections", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"backgroundColor\":\"#dfe5e9\",\"showTitle\":false}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "Connections" + }, + { + "id": null, + "key": "panelA50246B29A29584D", + "title": "Connections", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"backgroundColor\":\"#dfe5e9\",\"showTitle\":false}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "Connections Errors" + }, + { + "id": null, + "key": "panel248E85BAAAC3FA49", + "title": "Hosts", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"backgroundColor\":\"#dfe5e9\",\"showTitle\":false}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "Unhealthy Hosts" + }, + { + "id": null, + "key": "panel93A07615B0C15B44", + "title": "Hosts", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"backgroundColor\":\"#dfe5e9\",\"showTitle\":false}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "Healthy Hosts" + }, + { + "id": null, + "key": "panelF582E76F8F681B46", + "title": "3XX Backend Error Count", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancername={{loadbalancername}}\"}}],\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_Backend_3XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelDCF2F2A88E731942", + "title": "4XX Backend Error Count", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancername={{loadbalancername}}\"}}],\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_Backend_4XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panel15B701BABC802B4F", + "title": "Healthy Hosts", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancername={{loadbalancername}}\"}}],\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HealthyHostCount Statistic=Average | avg by account, region, namespace, loadbalancername, AvailabilityZone ", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-9EB0E883B1BAB84B", + "title": "Classic ELB Metrics", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"text\":{\"format\":\"markdownV2\",\"fontSize\":12},\"series\":{},\"legend\":{\"enabled\":false}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "**SpilloverCount** - When requests exceed the maximum SurgeQueueLength, the SpilloverCount metric starts to measure rejected requests. The maximum SurgeQueueLength is 1024.\n\n**SurgeQueueLength** - The total number of requests (HTTP listener) or connections (TCP listener) that are pending routing to a healthy instance. The maximum size of the queue is 1,024. Additional requests or connections are rejected when the queue is full.\n\n**EstimatedALBActiveConnectionCount** - The estimated number of concurrent TCP connections active from clients to the load balancer and from the load balancer to targets.\n\n**EstimatedALBConsumedLCUs** - The estimated number of load balancer capacity units (LCU) used by an Application Load Balancer. You pay for the number of LCUs that you use per hour. For more information, see Elastic Load Balancing Pricing for more info https://aws.amazon.com/elasticloadbalancing/pricing/\n\n**EstimatedALBNewConnectionCount** - The estimated number of new TCP connections established from clients to the load balancer and from the load balancer to targets.\n\n**EstimatedProcessedBytes** The estimated number of bytes processed by an Application Load Balancer." + } + ], + "variables": [ + { + "id": null, + "name": "account", + "displayName": null, + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "", + "key": "account" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "region", + "displayName": null, + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}}", + "key": "region" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "namespace", + "displayName": "namespace", + "defaultValue": "aws/elb", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}} namespace=aws/elb", + "key": "namespace" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "loadbalancername", + "displayName": "loadbalancername", + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}} namespace={{namespace}}", + "key": "loadbalancername" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + } + ], + "coloringRules": [] + }, + { + "type": "DashboardV2SyncDefinition", + "name": "6. AWS Classic Load Balancer - Requests and Processed Bytes", + "description": "See the details of requests and Processed bytes for your classic load balancer.", + "title": "6. AWS Classic Load Balancer - Requests and Processed Bytes", + "rootPanel": null, + "theme": "Light", + "topologyLabelMap": { + "data": { + "loadbalancername": [ + "*" + ], + "namespace": [ + "aws/elb" + ], + "region": [ + "*" + ], + "account": [ + "*" + ] + } + }, + "refreshInterval": 0, + "timeRange": { + "type": "BeginBoundedTimeRange", + "from": { + "type": "RelativeTimeRangeBoundary", + "relativeTime": "-1d" + }, + "to": null + }, + "layout": { + "layoutType": "Grid", + "layoutStructures": [ + { + "key": "panelpane-2fb20d99840ff849", + "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":13}" + }, + { + "key": "panelpane-7836817bb708584c", + "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":13}" + }, + { + "key": "panelpane-9b153d55a89e9849", + "structure": "{\"height\":6,\"width\":6,\"x\":6,\"y\":13}" + }, + { + "key": "panelpane-0a893b479b02184f", + "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":13}" + }, + { + "key": "panelPANE-EFE34823AB0FD841", + "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":0}" + }, + { + "key": "panel9C8F307FA318284A", + "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":0}" + }, + { + "key": "panelPANE-B00C3708A858994E", + "structure": "{\"height\":1,\"width\":12,\"x\":12,\"y\":12}" + }, + { + "key": "panel15C0E6E0A725A84E", + "structure": "{\"height\":1,\"width\":12,\"x\":0,\"y\":12}" + }, + { + "key": "panel506081A3919ACA4A", + "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":6}" + }, + { + "key": "panel6A37B8FBA033EB4D", + "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":6}" + } + ] + }, + "panels": [ + { + "id": null, + "key": "panelpane-2fb20d99840ff849", + "title": "Events - Outlier (Decrease) Requests by Backend", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"color\":{\"family\":\"scheme4\"},\"axes\":{\"axisY\":{\"title\":\"Requests\"}},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n// Parse all fields above, then aggregate\n| timeslice 1m \n| count by _timeslice, backend\n| outlier _count by backend threshold=2, direction=- \n| where (_count_violation=1) and (_count_indicator=1)\n| fields _timeslice, backend, _count \n| transpose row _timeslice column backend", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-7836817bb708584c", + "title": "Events - Outlier (Increase) Requests by Backend", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\",\"fillOpacity\":1},\"color\":{\"family\":\"scheme4\"},\"axes\":{\"axisY\":{\"title\":\"Requests\"}},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n// Parse all fields above, then aggregate\n| timeslice 1m \n| count by _timeslice, backend\n| outlier _count by backend threshold=2, direction=+ \n| where (_count_violation=1) and (_count_indicator=1) and !isEmpty(backend)\n| fields _timeslice, backend, _count \n| transpose row _timeslice column backend", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-9b153d55a89e9849", + "title": "Events - Outlier (Decrease) Requests by Loadbalancername", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"axes\":{\"axisY\":{\"title\":\"Requests\"}},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n// Parse all fields above, then aggregate\n| timeslice 1m \n| count by _timeslice, loadbalancername\n| outlier _count by loadbalancername threshold=2, direction=+ \n| where (_count_violation=1) and (_count_indicator=1)\n| fields _timeslice, loadbalancername, _count \n| transpose row _timeslice column loadbalancername", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-0a893b479b02184f", + "title": "Events - Outlier (Increase) Requests by Loadbalancername", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"axes\":{\"axisY\":{\"title\":\"Requests\"}},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n// Parse all fields above, then aggregate\n| timeslice 1m \n| count by _timeslice, loadbalancername\n| outlier _count by loadbalancername threshold=2, direction=+ \n| where (_count_violation=1) and (_count_indicator=1)\n| fields _timeslice, loadbalancername, _count \n| transpose row _timeslice column loadbalancername", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-EFE34823AB0FD841", + "title": "Request Counts", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{loadbalancername}} \"}}],\"series\":{},\"hiddenQueryKeys\":[\"B\"]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=RequestCount statistic=sum | sum by account, region, namespace, loadbalancername", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panel9C8F307FA318284A", + "title": "Estimated Processed Bytes", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{loadbalancername}} \"}}],\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=EstimatedProcessedBytes Statistic=Sum | sum by account, region, namespace, loadbalancername", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-B00C3708A858994E", + "title": "Untitled", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"backgroundColor\":\"#dfe5e9\",\"showTitle\":false}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "Requests to Backend Servers" + }, + { + "id": null, + "key": "panel15C0E6E0A725A84E", + "title": "Untitled", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"backgroundColor\":\"#dfe5e9\",\"showTitle\":false},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "Requests by URI" + }, + { + "id": null, + "key": "panel506081A3919ACA4A", + "title": "Received Bytes", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Bytes\"}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n// Parse all fields above, then aggregate\n| timeslice 1m \n| sum(received_bytes) as ReceivedBytes by _timeslice\n", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panel6A37B8FBA033EB4D", + "title": "Sent Bytes", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Bytes\"}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n// Parse all fields above, then aggregate\n| timeslice 1m \n| sum(sent_bytes) as SentBytes by _timeslice", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + } + ], + "variables": [ + { + "id": null, + "name": "account", + "displayName": null, + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "", + "key": "account" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "region", + "displayName": null, + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}}", + "key": "region" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "namespace", + "displayName": "namespace", + "defaultValue": "aws/elb", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}} namespace=aws/elb", + "key": "namespace" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "loadbalancername", + "displayName": "loadbalancername", + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}} namespace={{namespace}}", + "key": "loadbalancername" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + } + ], + "coloringRules": [] + }, + { + "type": "DashboardV2SyncDefinition", + "name": "7. AWS Classic Load Balancer - Threat Intel", + "description": "See the details of IP threats including the count, location, and highly malicious IP threats.", + "title": "7. AWS Classic Load Balancer - Threat Intel", + "rootPanel": null, + "theme": "Light", + "topologyLabelMap": { + "data": { + "loadbalancername": [ + "*" + ], + "namespace": [ + "aws/elb" + ], + "region": [ + "*" + ], + "account": [ + "*" + ] + } + }, + "refreshInterval": 0, + "timeRange": { + "type": "BeginBoundedTimeRange", + "from": { + "type": "RelativeTimeRangeBoundary", + "relativeTime": "-1d" + }, + "to": null + }, + "layout": { + "layoutType": "Grid", + "layoutStructures": [ + { + "key": "panelpane-3b762241ac0aba4d", + "structure": "{\"height\":6,\"width\":5,\"x\":8,\"y\":0}" + }, + { + "key": "panelpane-c08479a8a0390b4d", + "structure": "{\"height\":6,\"width\":16,\"x\":8,\"y\":6}" + }, + { + "key": "panelpane-b8ffc92b8b722a41", + "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":20}" + }, + { + "key": "panelpane-c605d948852ffb48", + "structure": "{\"height\":6,\"width\":11,\"x\":13,\"y\":0}" + }, + { + "key": "panelPANE-642147F890E0F848", + "structure": "{\"height\":12,\"width\":8,\"x\":0,\"y\":0}" + }, + { + "key": "panelPANE-3AA22D409203F942", + "structure": "{\"height\":8,\"width\":24,\"x\":0,\"y\":12}" + } + ] + }, + "panels": [ + { + "id": null, + "key": "panelpane-3b762241ac0aba4d", + "title": "All IP Threat Count", + "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Sum\",\"label\":\"Threats\",\"thresholds\":[{\"from\":null,\"to\":null,\"color\":\"#16943E\"},{\"from\":null,\"to\":null,\"color\":\"#DFBE2E\"},{\"from\":null,\"to\":null,\"color\":\"#BF2121\"}],\"valueFontSize\":20,\"labelFontSize\":8,\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100}},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as threat_count", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-c08479a8a0390b4d", + "title": "Highly Malicious IP Threats Table", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"table\"},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by ClientIp, MaliciousConfidence, Actor, LabelName\n| sort by ThreatCount", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-b8ffc92b8b722a41", + "title": "All IP Threats Table", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"table\"},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by ClientIp, MaliciousConfidence, Actor, LabelName\n| sort by MaliciousConfidence", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelpane-c605d948852ffb48", + "title": "Malicious Confidence", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"bar\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"distribution\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp\n| count as Count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count by MaliciousConfidence\n| sort by _count", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-642147F890E0F848", + "title": "Threat Locations", + "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request,user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as Count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count by ClientIp\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIp\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-3AA22D409203F942", + "title": "Top URI's Accessed by Highly Malicious Threat IPs", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| parse regex \"(?\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp, URI\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" // and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count(ip_count) as UniqueThreatIPs by URI\n| top 20 URI by UniqueThreatIPs, URI asc", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + } + ], + "variables": [ + { + "id": null, + "name": "account", + "displayName": null, + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "", + "key": "account" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "region", + "displayName": null, + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}}", + "key": "region" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "namespace", + "displayName": "namespace", + "defaultValue": "aws/elb", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}} namespace=aws/elb", + "key": "namespace" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "loadbalancername", + "displayName": "loadbalancername", + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}} namespace={{namespace}}", + "key": "loadbalancername" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + } + ], + "coloringRules": [] + } + ] +} \ No newline at end of file diff --git a/aws-observability/json/EC2-Metrics-App.json b/aws-observability/json/EC2-Metrics-App.json index 5216fff1..c6b64ac5 100644 --- a/aws-observability/json/EC2-Metrics-App.json +++ b/aws-observability/json/EC2-Metrics-App.json @@ -40,63 +40,63 @@ "layoutStructures": [ { "key": "panelpane-b03ffbbdb0b59b4d", - "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":16}" + "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":24}" }, { "key": "panelpane-73159cd48a30e84d", - "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":16}" + "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":24}" }, { "key": "panelpane-7c0398e384ef0b4b", - "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":22}" + "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":30}" }, { "key": "panelpane-2a01fd42b58b994e", - "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":22}" + "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":30}" }, { "key": "panelpane-21f9df3286d4d843", - "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":28}" + "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":36}" }, { "key": "panelpane-b0342f51a88b2a47", - "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":28}" + "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":36}" }, { "key": "panelpane-2f4529faa0fcc94e", - "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":34}" + "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":42}" }, { "key": "panelpane-909c4962a7e08843", - "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":34}" + "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":42}" }, { "key": "panelpane-33b218968b91a845", - "structure": "{\"height\":5,\"width\":5,\"x\":9,\"y\":6}" + "structure": "{\"height\":6,\"width\":5,\"x\":9,\"y\":12}" }, { "key": "panelpane-481cfaaf957d7842", - "structure": "{\"height\":5,\"width\":5,\"x\":14,\"y\":6}" + "structure": "{\"height\":6,\"width\":5,\"x\":14,\"y\":12}" }, { "key": "panelpane-d3677624bfee3b41", - "structure": "{\"height\":5,\"width\":5,\"x\":9,\"y\":11}" + "structure": "{\"height\":6,\"width\":5,\"x\":9,\"y\":18}" }, { "key": "panelpane-cea7ffdeb458fb4e", - "structure": "{\"height\":5,\"width\":5,\"x\":14,\"y\":11}" + "structure": "{\"height\":6,\"width\":5,\"x\":14,\"y\":18}" }, { "key": "panelpane-33ac098a81186b4e", - "structure": "{\"height\":5,\"width\":5,\"x\":19,\"y\":6}" + "structure": "{\"height\":6,\"width\":5,\"x\":19,\"y\":12}" }, { "key": "panelpane-9d0a24618eef0a4e", - "structure": "{\"height\":5,\"width\":5,\"x\":19,\"y\":11}" + "structure": "{\"height\":6,\"width\":5,\"x\":19,\"y\":18}" }, { "key": "panelpane-1e29da5dbd267a45", - "structure": "{\"height\":10,\"width\":9,\"x\":0,\"y\":6}" + "structure": "{\"height\":6,\"width\":9,\"x\":0,\"y\":12}" }, { "key": "panelPANE-2061037A94244A4B", @@ -105,6 +105,18 @@ { "key": "panelPANE-DE8ED3CB8CEBF849", "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":0}" + }, + { + "key": "panel2F40FE32B1ED8A48", + "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":6}" + }, + { + "key": "panel092B86A6AF75C942", + "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":6}" + }, + { + "key": "panelE292F5CA9886CA4E", + "structure": "{\"height\":6,\"width\":9,\"x\":0,\"y\":18}" } ] }, @@ -536,6 +548,78 @@ "timeRange": null, "coloringRules": null, "linkedDashboards": [] + }, + { + "id": null, + "key": "panel2F40FE32B1ED8A48", + "title": "Instances with Low CPU Utilization", + "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":6,\"color\":\"#28aa55\"},{\"from\":6,\"to\":11,\"color\":\"#f6c851\"},{\"from\":11,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"latest\"},\"title\":{\"fontSize\":16},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "metric=CPU_Total account={{account}} region={{region}} namespace={{namespace}} instanceid={{instanceid}} | filter latest <= 10 | sum by account, region, namespace, instanceid", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panel092B86A6AF75C942", + "title": "Instances with Low Memory Utilization", + "visualSettings": "{\"general\":{\"mode\":\"honeyComb\",\"type\":\"honeyComb\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":6,\"color\":\"#75bf00\"},{\"from\":6,\"to\":11,\"color\":\"#f6c851\"},{\"from\":11,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"latest\"},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "metric= Mem_UsedPercent account={{account}} region={{region}} instanceid={{instanceid}} namespace={{namespace}} | filter latest <= 10 | sum by account, region, namespace, instanceid", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelE292F5CA9886CA4E", + "title": "Average CPU Utilization by Instance Type", + "visualSettings": "{\"title\":{\"fontSize\":16},\"legend\":{\"enabled\":false},\"series\":{},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\",\"decimals\":2},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"Avg CPU Utilization\"}}]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "metric=CPU_Total account={{account}} region={{region}} namespace={{namespace}} | avg by instancetype | topk(25, avg)", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] } ], "variables": [ @@ -551,7 +635,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -565,7 +650,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -579,7 +665,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -593,7 +680,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" } ], "coloringRules": [] @@ -1062,7 +1150,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -1076,7 +1165,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -1090,7 +1180,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -1104,7 +1195,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" } ], "coloringRules": [] @@ -1385,7 +1477,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -1399,7 +1492,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -1413,7 +1507,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -1427,7 +1522,567 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" + } + ], + "coloringRules": [] + }, + { + "type": "DashboardV2SyncDefinition", + "name": "3. AWS EC2 - Events", + "description": "The AWS EC2 Metrics - Audit Event Overview dashboard provides detailed insights into all events associated with EC2 instances and specifically helps identify changes, errors, and users", + "title": "3. AWS EC2 - Events", + "rootPanel": null, + "theme": "Light", + "topologyLabelMap": { + "data": { + "namespace": [ + "aws/ec2" + ], + "region": [ + "*" + ], + "account": [ + "*" + ] + } + }, + "refreshInterval": 0, + "timeRange": { + "type": "BeginBoundedTimeRange", + "from": { + "type": "RelativeTimeRangeBoundary", + "relativeTime": "-1d" + }, + "to": null + }, + "layout": { + "layoutType": "Grid", + "layoutStructures": [ + { + "key": "panelPANE-9A6827ADAFD40B48", + "structure": "{\"height\":8,\"width\":6,\"x\":0,\"y\":10}" + }, + { + "key": "panel808FD9FD8BFB6846", + "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":32}" + }, + { + "key": "panelPANE-F6D67170A3207848", + "structure": "{\"height\":10,\"width\":12,\"x\":0,\"y\":0}" + }, + { + "key": "panelPANE-55BA9CD690905848", + "structure": "{\"height\":5,\"width\":12,\"x\":12,\"y\":18}" + }, + { + "key": "panelE1BCBDE685FB3944", + "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":39}" + }, + { + "key": "panelPANE-4D66006086774A44", + "structure": "{\"height\":8,\"width\":6,\"x\":6,\"y\":10}" + }, + { + "key": "panelPANE-829F6ADB86227949", + "structure": "{\"height\":6,\"width\":18,\"x\":6,\"y\":39}" + }, + { + "key": "panel1DA5F9AA9C03F945", + "structure": "{\"height\":6,\"width\":18,\"x\":6,\"y\":32}" + }, + { + "key": "panelPANE-C6B1C1249FED294C", + "structure": "{\"height\":8,\"width\":9,\"x\":6,\"y\":23}" + }, + { + "key": "panel422C79CD944AC840", + "structure": "{\"height\":8,\"width\":6,\"x\":18,\"y\":10}" + }, + { + "key": "panelB86F7C84926F1844", + "structure": "{\"height\":8,\"width\":6,\"x\":12,\"y\":10}" + }, + { + "key": "panelABB275868F4B2A44", + "structure": "{\"height\":5,\"width\":12,\"x\":0,\"y\":18}" + }, + { + "key": "panelA10E415491CA1B4F", + "structure": "{\"height\":8,\"width\":6,\"x\":0,\"y\":23}" + }, + { + "key": "panelPANE-4B95C387A7D03B47", + "structure": "{\"height\":6,\"width\":24,\"x\":0,\"y\":45}" + }, + { + "key": "panelF999E9E5A6591B41", + "structure": "{\"height\":10,\"width\":12,\"x\":12,\"y\":0}" + }, + { + "key": "panelC8228A47A6D3DA4D", + "structure": "{\"height\":8,\"width\":9,\"x\":15,\"y\":23}" + }, + { + "key": "panelPANE-4022F95385542A46", + "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":31}" + }, + { + "key": "panelD9E5828D86D12941", + "structure": "{\"height\":1,\"width\":24,\"x\":0,\"y\":38}" + } + ] + }, + "panels": [ + { + "id": null, + "key": "panelPANE-9A6827ADAFD40B48", + "title": "Event Status", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"series\":{},\"legend\":{\"enabled\":false},\"overrides\":[{\"series\":[\"Success\"],\"queries\":[],\"properties\":{\"color\":\"#75bf00\"}},{\"series\":[\"Failure\"],\"queries\":[],\"properties\":{\"color\":\"#f36644\"}}]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\"\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1, if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by eventStatus\n| sort by _count, eventStatus asc", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panel808FD9FD8BFB6846", + "title": "Successful Events", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"series\":{},\"legend\":{\"enabled\":false}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" !errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1, if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| where isBlank(error_code)\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by event_name\n| sort by _count, event_name asc", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-F6D67170A3207848", + "title": "Successful Event Locations", + "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" sourceIPAddress !errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1, if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| where isEmpty(error_code)\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by src_ip\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = src_ip\n| where !isNull(latitude)", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-55BA9CD690905848", + "title": "Events Types Trend", + "visualSettings": "{\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"overrides\":[],\"series\":{},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"mode\":\"timeSeries\"},\"color\":{\"family\":\"Categorical Default\"}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\"\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1, if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| timeslice 1h\n| count by _timeslice, event_name\n| transpose row _timeslice column event_name", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelE1BCBDE685FB3944", + "title": "Failed Events", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"series\":{},\"legend\":{\"enabled\":false}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1, if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| where !isEmpty(error_code)\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by event_name\n| sort by _count, event_name asc", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-4D66006086774A44", + "title": "Top 10 Error Codes", + "visualSettings": "{\"title\":{\"fontSize\":16},\"series\":{},\"legend\":{\"enabled\":false},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1, if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count as count by error_code | sort by count, error_code asc | limit 10", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-829F6ADB86227949", + "title": "Latest Failed Events", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"timeSeries\"},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1, if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| where !isEmpty(error_code)\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| timeslice 1s\n| count as Count by _timeslice, event_name, error_code, error_message, src_ip, user, type, request_id, user_agent, instanceid, instancetype\n| sort by _timeslice\n| limit 100", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panel1DA5F9AA9C03F945", + "title": "Latest Successful Events", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"timeSeries\"},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" !errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1, if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| where isEmpty(error_code)\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| timeslice 1s\n| count as Count by _timeslice, event_name, src_ip, user, type, request_id, user_agent, instanceid, instancetype\n| sort by _timeslice\n| limit 100", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-C6B1C1249FED294C", + "title": "Top 10 AssumedRole Users", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" AssumedRole\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1, if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| where type = \"AssumedRole\"\n| count as Count by user\n| sort by Count, user asc | limit 10", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panel422C79CD944AC840", + "title": "Top Events Types", + "visualSettings": "{\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"series\":{},\"overrides\":[],\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\"\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1, if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count as Count by event_name\n| sort by Count, event_name asc | limit 10", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelB86F7C84926F1844", + "title": "Event Types", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"50%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"overrides\":[],\"series\":{\"A_readonlyEvents\":{\"visible\":true},\"A_updateEvents\":{\"visible\":true}},\"legend\":{\"enabled\":false}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\"\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1, if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| if (event_name matches \"*Describe*\" or event_name matches \"Get*\" or event_name matches \"*List*\", \"ReadOnly\", if (event_name matches \"*Delete*\" or event_name matches \"*Terminate*\", \"Delete\", if (event_name matches \"*Create*\", \"Create\", if (!(event_name matches \"*Describe*\") and !(event_name matches \"Get*\") and !(event_name matches \"*List*\") and !(event_name matches \"*Delete*\") and !(event_name matches \"Terminate*\") and !(event_name matches \"Create*\") and !(event_name matches \"MonitorInstances\") and !(event_name matches \"RunInstances\"), \"Update\", \"Others\")))) as EventType\n| count by EventType | sort by _count, EventType asc", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelABB275868F4B2A44", + "title": "Events Status Trend", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[{\"series\":[\"Failure\"],\"queries\":[],\"properties\":{\"color\":\"#f36644\"}},{\"series\":[\"Success\"],\"queries\":[],\"properties\":{\"color\":\"#75bf00\"}}]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\"\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1, if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| timeslice 1h\n| count by _timeslice, eventStatus\n| transpose row _timeslice column eventStatus", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelA10E415491CA1B4F", + "title": "Top 10 IAM Users", + "visualSettings": "{\"title\":{\"fontSize\":16},\"overrides\":[],\"series\":{\"A_readonlyEvents\":{\"visible\":true},\"A_updateEvents\":{\"visible\":true}},\"legend\":{\"enabled\":false},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" IAMUser\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1, if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| where type = \"IAMUser\"\n| count as Count by user\n| sort by Count, user asc | limit 10", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-4B95C387A7D03B47", + "title": "Events from Known Malicious IP Addresses", + "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"pie\",\"displayType\":\"default\",\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"30%\",\"maxNumOfSlices\":10},\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12}},\"series\":{},\"legend\":{\"enabled\":false}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" sourceIPAddress\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1, if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by src_ip, event_name, user, user_agent\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip \n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| where type=\"ip_address\" and malicious_confidence = \"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sort by _count\n| fields src_ip, event_name, user, user_agent, type, actor, malicious_confidence", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelF999E9E5A6591B41", + "title": "Failure Event Locations", + "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.5,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"outlierBandLineDashType\":\"solid\",\"outlierBandDisplayType\":\"default\"},\"title\":{\"fontSize\":16},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" sourceIPAddress errorCode\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1, if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| where !isBlank(error_code)\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count by src_ip\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = src_ip\n| where !isNull(latitude)", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelC8228A47A6D3DA4D", + "title": "Top 10 User Agents", + "visualSettings": "{\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"series\":{},\"overrides\":[],\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"distribution\"}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} region={{region}} namespace={{namespace}} eventname eventsource \"ec2.amazonaws.com\" userAgent\n| json \"eventSource\", \"awsRegion\", \"requestParameters\", \"responseElements\", \"recipientAccountId\" as event_source, region, requestParameters, responseElements, accountid nodrop\n| json \"userIdentity\", \"eventName\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"requestID\", \"errorCode\", \"errorMessage\", \"eventCategory\", \"managementEvent\" as userIdentity, event_name, src_ip, user_agent, event_type, request_id, error_code, error_message, event_category, management_event nodrop\n| where event_source = \"ec2.amazonaws.com\"\n| \"aws/ec2\" as namespace\n| json field=userIdentity \"type\", \"principalId\", \"arn\", \"userName\", \"accountId\" nodrop\n| json field=userIdentity \"sessionContext.attributes.mfaAuthenticated\" as mfaAuthenticated nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"instanceType\", \"instancesSet\", \"instanceId\", \"DescribeInstanceCreditSpecificationsRequest.InstanceId.content\" as req_instancetype, req_instancesSet, req_instanceid_1, req_instanceid_2 nodrop\n| json field=req_instancesSet \"item\", \"items\" as req_instancesSet_item, req_instancesSet_items nodrop\n| parse regex field=req_instancesSet_item \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| parse regex field=req_instancesSet_items \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| json field=responseElements \"instancesSet.items\" as res_responseElements_items nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceType\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| parse regex field=res_responseElements_items \"\\\"instanceId\\\":\\s*\\\"(?.*?)\\\"\" nodrop\n| if (!isBlank(req_instanceid_1), req_instanceid_1, if (!isBlank(req_instanceid_2), req_instanceid_2, if (!isBlank(req_instanceid_3), req_instanceid_3, if (!isBlank(req_instanceid_4), req_instanceid_4, \"\")))) as req_instanceid\n| if (!isBlank(req_instanceid), req_instanceid, res_instanceid) as instanceid\n| if (!isBlank(req_instancetype), req_instancetype, res_instancetype) as instanceType \n| if (isEmpty(error_code), \"Success\", \"Failure\") as eventStatus\n| if (isEmpty(userName), user, userName) as user\n| tolowercase(instanceid) as instanceid\n| count as event_count by user_agent\n| sort by event_count, user_agent asc | limit 10", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Manual", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-4022F95385542A46", + "title": "Successful Events", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"verticalAlignment\":\"center\",\"horizontalAlignment\":\"center\",\"showTitle\":false}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "Successful Events" + }, + { + "id": null, + "key": "panelD9E5828D86D12941", + "title": "Failure Events", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false},\"text\":{\"format\":\"markdownV2\",\"backgroundColor\":\"#dfe5e9\",\"textColor\":\"black\",\"verticalAlignment\":\"center\",\"horizontalAlignment\":\"center\",\"showTitle\":false}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "Failure Events" + } + ], + "variables": [ + { + "id": null, + "name": "account", + "displayName": null, + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "", + "key": "account" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "region", + "displayName": null, + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}}", + "key": "region" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "namespace", + "displayName": "namespace", + "defaultValue": "aws/ec2", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}}", + "key": "namespace" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" } ], "coloringRules": [] @@ -1662,7 +2317,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -1676,7 +2332,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -1690,7 +2347,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -1704,7 +2362,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" } ], "coloringRules": [] @@ -1985,7 +2644,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -1999,7 +2659,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -2013,7 +2674,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -2027,7 +2689,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" } ], "coloringRules": [] @@ -2196,7 +2859,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -2210,7 +2874,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -2224,7 +2889,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -2238,7 +2904,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" } ], "coloringRules": [] @@ -2519,7 +3186,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -2533,7 +3201,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -2547,7 +3216,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -2561,7 +3231,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" } ], "coloringRules": [] diff --git a/aws-observability/scripts/DeployTemplate/DeployTemplate.sh b/aws-observability/scripts/DeployTemplate/DeployTemplate.sh index f6e2e6f6..20a707a3 100755 --- a/aws-observability/scripts/DeployTemplate/DeployTemplate.sh +++ b/aws-observability/scripts/DeployTemplate/DeployTemplate.sh @@ -19,7 +19,7 @@ export parameters_path=parameters-${ENV_NAME}.json # Downloading the template to local for use. Remove if the template with same name if already present. rm sumologic_observability_template.yaml -aws s3 cp s3://sumologic-appdev-aws-sam-apps/aws-observability-versions/v2.3.0/sumologic_observability.master.template.yaml sumologic_observability_template.yaml +aws s3 cp s3://sumologic-appdev-aws-sam-apps/aws-observability-versions/v2.3.1/sumologic_observability.master.template.yaml sumologic_observability_template.yaml # Deploy the template. If the Stack name already exist, stack will be updated else created. aws cloudformation deploy --profile ${AWS_PROFILE} --region ${AWS_REGION} \ diff --git a/aws-observability/scripts/JsonToS3.sh b/aws-observability/scripts/JsonToS3.sh index ed02c5da..9ac2384b 100644 --- a/aws-observability/scripts/JsonToS3.sh +++ b/aws-observability/scripts/JsonToS3.sh @@ -5,7 +5,7 @@ echo "Start S3 upload Script....." export AWS_PROFILE="prod" export bucket_name=sumologic-appdev-aws-sam-apps -export version=v2.3.0 +export version=v2.3.1 export match_case="App" if [[ ${AWS_PROFILE} == 'default' ]] diff --git a/aws-observability/scripts/TestTemplate.sh b/aws-observability/scripts/TestTemplate.sh index b8de4c82..5ae2263b 100644 --- a/aws-observability/scripts/TestTemplate.sh +++ b/aws-observability/scripts/TestTemplate.sh @@ -1,7 +1,7 @@ #!/bin/sh export folder_name=rootcause -export template_version="v2.3.0" +export template_version="v2.3.1" export template_bucket="sumologic-appdev-aws-sam-apps" export lambda_arn="arn:aws:lambda:ap-south-1:668508221233:function:LambdaFucntion-LambdaHelper-1C1GGLRYPWBB0" diff --git a/aws-observability/scripts/YamlToS3.sh b/aws-observability/scripts/YamlToS3.sh index ad8d4669..2ed6fd2a 100755 --- a/aws-observability/scripts/YamlToS3.sh +++ b/aws-observability/scripts/YamlToS3.sh @@ -41,7 +41,7 @@ fi # Upload all templates to sumologic-appdev-aws-sam-apps bucket with version information. if [[ ${AWS_PROFILE} == 'default' ]] then - export version=v2.3.0 + export version=v2.3.1 aws s3 cp apps/ s3://${bucket_name}/aws-observability-versions/${version}/ --recursive --include "*.template.yaml" --exclude '*.zip' --exclude '*.sh' --exclude 'apps/*/test/*' --exclude '*/test/*' --acl public-read --profile ${AWS_PROFILE} diff --git a/aws-observability/templates/sumologic_observability.master.template.yaml b/aws-observability/templates/sumologic_observability.master.template.yaml index e72578ef..a6db1e99 100755 --- a/aws-observability/templates/sumologic_observability.master.template.yaml +++ b/aws-observability/templates/sumologic_observability.master.template.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: '2010-09-09' -Description: "Version - v2.3.0. Note: Before deploying this template, please select the appropriate region. This CloudFormation template will automate the setup of the AWS Observability Solution. For more information on each parameter, please see the AWS Observability Setup Guide: https://help.sumologic.com/Observability_Solution/AWS_Observability_Solution/01_Deploy_and_Use_AWS_Observability/05_Deploy_AWS_Observability" +Description: "Version - v2.3.1. Note: Before deploying this template, please select the appropriate region. This CloudFormation template will automate the setup of the AWS Observability Solution. For more information on each parameter, please see the AWS Observability Setup Guide: https://help.sumologic.com/Observability_Solution/AWS_Observability_Solution/01_Deploy_and_Use_AWS_Observability/05_Deploy_AWS_Observability" Metadata: 'AWS::CloudFormation::Interface': @@ -60,6 +60,15 @@ Metadata: default: "8. Sumo Logic Root Cause Explorer Sources" Parameters: - Section8aRootCauseExplorerOptions + + - Label: + default: "9. Sumo Logic AWS ELB classic Log Source" + Parameters: + - Section9aAutoEnableS3LogsELBResourcesOptions + - Section9bELBCreateLogSource + - Section9cELBLogsSourceUrl + - Section9dELBS3LogsBucketName + - Section9eELBS3BucketPathExpression ParameterLabels: Section1aSumoLogicDeployment: @@ -120,6 +129,17 @@ Metadata: Section8aRootCauseExplorerOptions: default: "Select the Sumo Logic Root Cause Explorer Sources" + Section9aAutoEnableS3LogsELBResourcesOptions: + default: "Enable ELB Access logging" + Section9bELBCreateLogSource: + default: "Create Sumo Logic ELB Logs Source" + Section9cELBLogsSourceUrl: + default: "Existing Sumo Logic ELB Logs Source API URL" + Section9dELBS3LogsBucketName: + default: "Amazon S3 Bucket Name" + Section9eELBS3BucketPathExpression: + default: "Path Expression for existing ELB logs" + Parameters: Section1aSumoLogicDeployment: Type: String @@ -293,6 +313,39 @@ Parameters: - 'Xray Source' - 'Both' - 'None' + + Section9aAutoEnableS3LogsELBResourcesOptions: + Type: String + Description: "New - Automatically enables S3 logging for newly created ELB resources to collect logs for ELB resources. This does not affect ELB resources already collecting logs. + Existing - Automatically enables S3 logging for existing ELB resources to collect logs for ELB resources. + Both - Automatically enables S3 logging for new and existing ELB resources. + None - Skips Automatic S3 Logging enable for ELB resources." + Default: 'Both' + AllowedValues: + - 'New' + - 'Existing' + - 'Both' + - 'None' + Section9bELBCreateLogSource: + Type: String + Description: "Yes - Creates a Sumo Logic ELB Log Source that collects ELB logs from an existing bucket or a new bucket. + No - If you already have an ELB source collecting ELB logs into Sumo Logic." + Default: 'Yes' + AllowedValues: + - 'Yes' + - 'No' + Section9cELBLogsSourceUrl: + Type: String + Description: "Required when already collecting ELB logs in Sumo Logic. Provide the existing Sumo Logic ELB Source API URL. Account, region and namespace Fields will be added to the Source. For Source API URL, visit https://help.sumologic.com/03Send-Data/Sources/03Use-JSON-to-Configure-Sources/Local-Configuration-File-Management/View-or-Download-Source-JSON-Configuration" + Default: "" + Section9dELBS3LogsBucketName: + Type: String + Description: "If you selected 'No' to creating a new source above, skip this step. Provide a name of existing S3 bucket name where you would like to store ELB logs. If this is empty, a new bucket will be created in the region." + Default: "" + Section9eELBS3BucketPathExpression: + Type: String + Description: "This is required in case the above existing bucket is already configured to receive ELB access logs. If this is blank, Sumo Logic will store logs in the path expression: *AWSLogs/*/elasticloadbalancing/*" + Default: "*AWSLogs/*/classicloadbalancing/*" Conditions: # Condition for Metrics Source @@ -312,6 +365,11 @@ Conditions: - !Equals [ !Ref Section6aCreateCloudTrailLogSource, 'Yes' ] - !Equals [ !Ref Section6cCloudTrailLogsBucketName, '' ] + #condition for ELB classic bucket + create_elb_bucket: !And + - !Equals [ !Ref Section9bELBCreateLogSource, 'Yes' ] + - !Equals [ !Ref Section9dELBS3LogsBucketName, '' ] + # Sources Create Condition create_cloudtrail_source: !Equals [ !Ref Section6aCreateCloudTrailLogSource, 'Yes' ] create_alb_source: !Equals [ !Ref Section5bALBCreateLogSource, 'Yes' ] @@ -323,6 +381,7 @@ Conditions: create_cw_logs_source: !Or - !Equals [ !Ref Section7aLambdaCreateCloudWatchLogsSourceOptions, 'Lambda Log Forwarder' ] - !Equals [ !Ref Section7aLambdaCreateCloudWatchLogsSourceOptions, 'Both (Switch from Lambda Log Forwarder to Kinesis Firehose Log Source)' ] + create_elb_source: !Equals [ !Ref Section9bELBCreateLogSource, 'Yes' ] # Sources Update Condition install_cloudwatch_metrics_source: !Or @@ -339,10 +398,18 @@ Conditions: is_bucket_available: !Or - !Condition create_alb_bucket - !Not [!Equals [ !Ref Section5dALBS3LogsBucketName, '' ]] + + is_elb_bucket_available: !Or + - !Condition create_elb_bucket + - !Not [!Equals [ !Ref Section9dELBS3LogsBucketName, '' ]] auto_enable_s3_logs: !And - !Not [!Equals [ !Ref Section5aAutoEnableS3LogsALBResourcesOptions, 'None' ]] - !Condition is_bucket_available + + auto_enable_s3_logs_elb: !And + - !Not [!Equals [ !Ref Section9aAutoEnableS3LogsELBResourcesOptions, 'None' ]] + - !Condition is_elb_bucket_available # Condition for Auto Subscribe Lambda auto_subscribe_new_lambda_log_groups: !Or @@ -355,6 +422,7 @@ Conditions: call_auto_enable: !Or - !Condition auto_enable_s3_logs - !Condition auto_subscribe_lambda_log_groups + - !Condition auto_enable_s3_logs_elb # Condition for Stacks creation. Calling Nested Stack EveryTime to create FER and Metric Rule. If already present, marked as duplicate in Resource. install_overview_dashboards: !Equals [ !Ref Section3aInstallObservabilityApps, 'Yes' ] @@ -363,7 +431,7 @@ Mappings: CommonData: NestedTemplate: BucketName: "sumologic-appdev-aws-sam-apps" - Version: "v2.3.0" + Version: "v2.3.1" CollectorDetails: SumoLogicAccountID: 926226587429 CollectorNamePrefix: "aws-observability" @@ -373,6 +441,7 @@ Mappings: CloudWatchLogsSourceCategory: "aws/observability/cloudwatch/logs" InventorySourceCategory: "aws/observability/inventory" XraySourceCategory: "aws/observability/xray" + ELBLogsSourceCategory: "aws/observability/elb/logs" Resources: CreateCommonResources: @@ -420,6 +489,12 @@ Resources: KinesisFirehoseLogsSourceCategory: !FindInMap [ CommonData, CollectorDetails, CloudWatchLogsSourceCategory ] TemplatesBucketName: !FindInMap [CommonData, NestedTemplate, BucketName] NestedTemplateVersion: !FindInMap [CommonData, NestedTemplate, Version] + CreateELBLogSource: !Ref Section9bELBCreateLogSource + CreateELBS3Bucket: !If [create_elb_bucket, "Yes", "No"] + ELBS3LogsBucketName: !Ref Section9dELBS3LogsBucketName + ELBS3BucketPathExpression: !If [auto_enable_s3_logs_elb, !Sub "*AWSLogs/${AWS::AccountId}/classicloadbalancing/${AWS::Region}/*", !Ref Section9eELBS3BucketPathExpression] + ELBLogsSourceName: !Sub "elb-logs-${AWS::Region}" + ELBLogsSourceCategory: !FindInMap [CommonData, CollectorDetails, ELBLogsSourceCategory] AutoEnableOptions: Type: AWS::CloudFormation::Stack @@ -440,6 +515,9 @@ Resources: AutoSubscribeDestinationARN: !If [create_kf_logs_source, !GetAtt CreateCommonResources.Outputs.KinesisLogsDeliveryStreamARN, !If [ create_cw_logs_source, !GetAtt CreateCommonResources.Outputs.CloudWatchLambdaARN, "" ] ] AutoSubscribeLambdaLogGroupPattern: !Ref Section7dAutoSubscribeLambdaLogGroupPattern AutoSubscribeRoleArn: !If [create_kf_logs_source, !GetAtt CreateCommonResources.Outputs.KinesisLogsRoleARN, "" ] + ELBAutoEnableS3Logs: !If [auto_enable_s3_logs_elb, "Yes", "No"] + ELBAutoEnableS3LogsOptions: !Ref Section9aAutoEnableS3LogsELBResourcesOptions + ELBS3LogsBucketName: !If [create_elb_bucket, !GetAtt CreateCommonResources.Outputs.BucketName, !Ref Section9dELBS3LogsBucketName] sumoEC2MetricsAppStack: Type: AWS::CloudFormation::Stack @@ -480,6 +558,28 @@ Resources: Section6aParentStackLambdaARN: !GetAtt CreateCommonResources.Outputs.LambdaHelperARN Section6bTemplatesBucketName: !FindInMap [CommonData, NestedTemplate, BucketName] Section6cNestedTemplateVersion: !FindInMap [CommonData, NestedTemplate, Version] + + sumoElbMetricsAppStack: + Type: AWS::CloudFormation::Stack + Properties: + TemplateURL: !Sub + - "https://${BucketName}.s3.amazonaws.com/aws-observability-versions/${Version}/elb/elb_app.template.yaml" + - BucketName: !FindInMap [CommonData, NestedTemplate, BucketName] + Version: !FindInMap [CommonData, NestedTemplate, Version] + Parameters: + Section1aSumoDeployment: !Ref Section1aSumoLogicDeployment + Section1bSumoAccessID: !Ref Section1bSumoLogicAccessID + Section1cSumoAccessKey: !Ref Section1cSumoLogicAccessKey + Section1dRemoveSumoResourcesOnDeleteStack: !Ref Section1eSumoLogicResourceRemoveOnDeleteStack + Section2aAccountAlias: !Ref Section2aAccountAlias + Section2bAccountAliasMappingS3URL: !Ref Section2bAccountAliasMappingS3URL + Section3aInstallApp: !If [install_overview_dashboards, !GetAtt CreateCommonResources.Outputs.PaidAccountCheck, "No"] + Section4aCloudWatchExistingSourceAPIUrl: !If [install_cloudwatch_metrics_source, "", !Ref Section4cCloudWatchExistingSourceAPIUrl] + Section5aELBLogsAPIUrl: !If [create_elb_source, "", !Ref Section9cELBLogsSourceUrl] + Section5bELBLogsSourceName: !If [create_elb_source, "*elb-logs*", ""] + Section6aParentStackLambdaARN: !GetAtt CreateCommonResources.Outputs.LambdaHelperARN + Section6bTemplatesBucketName: !FindInMap [CommonData, NestedTemplate, BucketName] + Section6cNestedTemplateVersion: !FindInMap [CommonData, NestedTemplate, Version] sumoDynamoDBMetricsAppStack: Type: AWS::CloudFormation::Stack diff --git a/aws-observability/templates/test/TestTemplate.yaml b/aws-observability/templates/test/TestTemplate.yaml index 7df7ca82..2a2d4299 100644 --- a/aws-observability/templates/test/TestTemplate.yaml +++ b/aws-observability/templates/test/TestTemplate.yaml @@ -28,6 +28,7 @@ Tests: - AutoEnableOptions - sumoEC2MetricsAppStack - sumoAlbMetricsAppStack + - sumoElbMetricsAppStack - sumoDynamoDBMetricsAppStack - sumoRdsMetricsAppStack - sumoApiGatewayMetricsAppStack @@ -40,6 +41,7 @@ Tests: - CreateCommonResources.AddNamespaceField - sumoDynamoDBMetricsAppStack.AddTableNameField - sumoAlbMetricsAppStack.AddLoadBalancerField + - sumoElbMetricsAppStack.AddLoadBalancerField - sumoLambdaMetricsAppStack.AddFunctionNameField - sumoApiGatewayMetricsAppStack.AddApiNameField - sumoRdsMetricsAppStack.AddDBIdentifierField @@ -87,6 +89,8 @@ Tests: - CreateCommonResources.KinesisFirehoseLogsStack.SubscriptionFilter - CreateCommonResources.ALBSource - CreateCommonResources.ALBSNSSubscription + - CreateCommonResources.ELBSource + - CreateCommonResources.ELBSNSSubscription - CreateCommonResources.CloudTrailSource - CreateCommonResources.CloudTrailSNSSubscription - RootCauseAppStack.RootCauseRole @@ -100,6 +104,13 @@ Tests: - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableNewAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.ExistingAWSResources - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.SumoLambdaRole + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.AutoEnableElbLogEventsInvokePermission + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.AutoEnableElbLogEventsRuleTrigger + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExisitngAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableNewAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.ExistingAWSResources + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.SumoLambdaRole - AutoEnableOptions.AutoSubscribeLambdaLogGroupsAWSResources - AutoEnableOptions.AutoSubscribeLambdaLogGroupsAWSResources.InvokeLambdaConnector - AutoEnableOptions.AutoSubscribeLambdaLogGroupsAWSResources.SumoLogGroupExistingLambdaConnector @@ -113,6 +124,7 @@ Tests: - sumoEC2MetricsAppStack.sumoOverview - sumoEC2MetricsAppStack.sumoMonitorAlerts - sumoAlbMetricsAppStack.sumoApp + - sumoElbMetricsAppStack.sumoApp - sumoDynamoDBMetricsAppStack.sumoApp - sumoRdsMetricsAppStack.ClusterMetricRule - sumoRdsMetricsAppStack.InstanceMetricRule @@ -123,6 +135,7 @@ Tests: - sumoLambdaMetricsAppStack.sumoApp - sumoLambdaMetricsAppStack.LambdaFieldExtractionRule - sumoAlbMetricsAppStack.AlbLogsFieldExtractionRule + - sumoElbMetricsAppStack.ElbLogsFieldExtractionRule - sumoApiGatewayMetricsAppStack.FieldExtractionRule - sumoDynamoDBMetricsAppStack.FieldExtractionRule - sumoLambdaMetricsAppStack.LambdaCloudWatchLogsFieldExtractionRule @@ -142,11 +155,15 @@ Tests: - sumoAlbMetricsAppStack.AccountAliasValue - sumoAlbMetricsAppStack.LambdaHelper - sumoAlbMetricsAppStack.LambdaRole + - sumoElbMetricsAppStack.AccountAliasValue + - sumoElbMetricsAppStack.LambdaHelper + - sumoElbMetricsAppStack.LambdaRole - sumoLambdaMetricsAppStack.AccountAliasValue - CreateCommonResources.AddAccountIdField - CreateCommonResources.LambdaHelperAlias - CreateCommonResources.LambdaRoleAlias - CreateCommonResources.SumoLogicALBS3Policy + - CreateCommonResources.SumoLogicELBS3Policy - CreateCommonResources.SumoLogicCloudTrailS3Policy - AssertType: OutputsCheck Assert: @@ -159,6 +176,8 @@ Tests: - CreateCommonResources.BucketName - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExisitngAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableNewAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExisitngAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableNewAWSResourcesLambda - CreateCommonResources.KinesisMetricsRoleARN - CreateCommonResources.KinesisMetricsDeliveryStreamARN - CreateCommonResources.KinesisLogsDeliveryStreamARN @@ -194,6 +213,12 @@ Tests: ALBS3BucketPathExpression: '/elasticloadbalancing/ap-south-1/*' ALBLogsSourceName: "alb-logs-ap-south-1" ALBLogsSourceCategory: "aws/observability/alb/logs" + CreateELBLogSource: 'Yes' + CreateELBS3Bucket: 'Yes' + ELBS3LogsBucketName: "" + ELBS3BucketPathExpression: '/classicloadbalancing/ap-south-1/*' + ELBLogsSourceName: "elb-logs-ap-south-1" + ELBLogsSourceCategory: "aws/observability/elb/logs" CreateCloudTrailLogSource: 'Yes' CreateCloudTrailBucket: 'Yes' CloudTrailLogsBucketName: "" @@ -215,6 +240,9 @@ Tests: ALBAutoEnableS3Logs: 'Yes' ALBAutoEnableS3LogsOptions: "Both" ALBS3LogsBucketName: 'aws-observability-logs' + ELBAutoEnableS3Logs: 'Yes' + ELBAutoEnableS3LogsOptions: "Both" + ELBS3LogsBucketName: 'aws-observability-logs' AutoSubscribeLogGroups: 'Yes' AutoSubscribeLogGroupsLambdaOptions: 'Both' AutoSubscribeDestinationARNType: 'Kinesis' @@ -224,6 +252,9 @@ Tests: AutoEnableOptions.AutoEnableS3LogsAlbAWSResources: BucketName: 'aws-observability-logs' AutoEnableResourceOptions: 'Both' + AutoEnableOptions.AutoEnableS3LogsElbAWSResources: + BucketName: 'aws-observability-logs' + AutoEnableResourceOptions: 'Both' AutoEnableOptions.AutoSubscribeLambdaLogGroupsAWSResources: UseExistingLogs: 'true' DestinationArnType: 'Kinesis' @@ -237,6 +268,11 @@ Tests: Section4aCloudWatchExistingSourceAPIUrl: '' Section5aALBLogsAPIUrl: '' Section5bALBLogsSourceName: '*alb-logs*' + sumoElbMetricsAppStack: + Section3aInstallApp: 'Yes' + Section4aCloudWatchExistingSourceAPIUrl: '' + Section5aELBLogsAPIUrl: '' + Section5bELBLogsSourceName: '*elb-logs*' sumoDynamoDBMetricsAppStack: Section2aInstallApp: 'Yes' Section3aCloudTrailLogsSourceName: '*cloudtrail-logs*' @@ -300,6 +336,7 @@ Tests: - AutoEnableOptions - sumoEC2MetricsAppStack - sumoAlbMetricsAppStack + - sumoElbMetricsAppStack - sumoDynamoDBMetricsAppStack - sumoRdsMetricsAppStack - sumoApiGatewayMetricsAppStack @@ -312,6 +349,7 @@ Tests: - CreateCommonResources.AddNamespaceField - sumoDynamoDBMetricsAppStack.AddTableNameField - sumoAlbMetricsAppStack.AddLoadBalancerField + - sumoElbMetricsAppStack.AddLoadBalancerField - sumoLambdaMetricsAppStack.AddFunctionNameField - sumoApiGatewayMetricsAppStack.AddApiNameField - sumoRdsMetricsAppStack.AddDBIdentifierField @@ -359,6 +397,8 @@ Tests: - CreateCommonResources.KinesisFirehoseLogsStack.SubscriptionFilter - CreateCommonResources.ALBSource - CreateCommonResources.ALBSNSSubscription + - CreateCommonResources.ELBSource + - CreateCommonResources.ELBSNSSubscription - CreateCommonResources.CloudTrailSource - CreateCommonResources.CloudTrailSNSSubscription - RootCauseAppStack.RootCauseRole @@ -372,6 +412,13 @@ Tests: - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableNewAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.ExistingAWSResources - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.SumoLambdaRole + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.AutoEnableElbLogEventsInvokePermission + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.AutoEnableElbLogEventsRuleTrigger + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExisitngAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableNewAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.ExistingAWSResources + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.SumoLambdaRole - AutoEnableOptions.AutoSubscribeLambdaLogGroupsAWSResources - AutoEnableOptions.AutoSubscribeLambdaLogGroupsAWSResources.InvokeLambdaConnector - AutoEnableOptions.AutoSubscribeLambdaLogGroupsAWSResources.SumoLogGroupExistingLambdaConnector @@ -385,6 +432,7 @@ Tests: - sumoEC2MetricsAppStack.sumoOverview - sumoEC2MetricsAppStack.sumoMonitorAlerts - sumoAlbMetricsAppStack.sumoApp + - sumoElbMetricsAppStack.sumoApp - sumoDynamoDBMetricsAppStack.sumoApp - sumoRdsMetricsAppStack.ClusterMetricRule - sumoRdsMetricsAppStack.InstanceMetricRule @@ -395,6 +443,7 @@ Tests: - sumoLambdaMetricsAppStack.sumoApp - sumoLambdaMetricsAppStack.LambdaFieldExtractionRule - sumoAlbMetricsAppStack.AlbLogsFieldExtractionRule + - sumoElbMetricsAppStack.ElbLogsFieldExtractionRule - sumoApiGatewayMetricsAppStack.FieldExtractionRule - sumoDynamoDBMetricsAppStack.FieldExtractionRule - sumoLambdaMetricsAppStack.LambdaCloudWatchLogsFieldExtractionRule @@ -414,6 +463,9 @@ Tests: - sumoAlbMetricsAppStack.AccountAliasValue - sumoAlbMetricsAppStack.LambdaHelper - sumoAlbMetricsAppStack.LambdaRole + - sumoElbMetricsAppStack.AccountAliasValue + - sumoElbMetricsAppStack.LambdaHelper + - sumoElbMetricsAppStack.LambdaRole - sumoLambdaMetricsAppStack.AccountAliasValue - sumoLambdaMetricsAppStack.LambdaHelper - sumoLambdaMetricsAppStack.LambdaRole @@ -421,6 +473,7 @@ Tests: - CreateCommonResources.LambdaHelperAlias - CreateCommonResources.LambdaRoleAlias - CreateCommonResources.SumoLogicALBS3Policy + - CreateCommonResources.SumoLogicELBS3Policy - CreateCommonResources.SumoLogicCloudTrailS3Policy - AssertType: OutputsCheck Assert: @@ -433,6 +486,8 @@ Tests: - CreateCommonResources.BucketName - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExisitngAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableNewAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExisitngAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableNewAWSResourcesLambda - CreateCommonResources.KinesisMetricsRoleARN - CreateCommonResources.KinesisMetricsDeliveryStreamARN - CreateCommonResources.KinesisLogsDeliveryStreamARN @@ -468,6 +523,12 @@ Tests: ALBS3BucketPathExpression: '/elasticloadbalancing/ap-south-1/*' ALBLogsSourceName: "alb-logs-ap-south-1" ALBLogsSourceCategory: "aws/observability/alb/logs" + CreateELBLogSource: 'Yes' + CreateELBS3Bucket: 'Yes' + ELBS3LogsBucketName: "" + ELBS3BucketPathExpression: '/classicloadbalancing/ap-south-1/*' + ELBLogsSourceName: "elb-logs-ap-south-1" + ELBLogsSourceCategory: "aws/observability/elb/logs" CreateCloudTrailLogSource: 'Yes' CreateCloudTrailBucket: 'Yes' CloudTrailLogsBucketName: "" @@ -489,6 +550,9 @@ Tests: ALBAutoEnableS3Logs: 'Yes' ALBAutoEnableS3LogsOptions: "Both" ALBS3LogsBucketName: 'aws-observability-logs' + ELBAutoEnableS3Logs: 'Yes' + ELBAutoEnableS3LogsOptions: "Both" + ELBS3LogsBucketName: 'aws-observability-logs' AutoSubscribeLogGroups: 'Yes' AutoSubscribeLogGroupsLambdaOptions: 'Both' AutoSubscribeDestinationARNType: 'Kinesis' @@ -498,6 +562,9 @@ Tests: AutoEnableOptions.AutoEnableS3LogsAlbAWSResources: BucketName: 'aws-observability-logs' AutoEnableResourceOptions: 'Both' + AutoEnableOptions.AutoEnableS3LogsElbAWSResources: + BucketName: 'aws-observability-logs' + AutoEnableResourceOptions: 'Both' AutoEnableOptions.AutoSubscribeLambdaLogGroupsAWSResources: UseExistingLogs: 'true' DestinationArnType: 'Kinesis' @@ -511,6 +578,11 @@ Tests: Section4aCloudWatchExistingSourceAPIUrl: '' Section5aALBLogsAPIUrl: '' Section5bALBLogsSourceName: '*alb-logs*' + sumoElbMetricsAppStack: + Section3aInstallApp: 'Yes' + Section4aCloudWatchExistingSourceAPIUrl: '' + Section5aELBLogsAPIUrl: '' + Section5bELBLogsSourceName: '*elb-logs*' sumoDynamoDBMetricsAppStack: Section2aInstallApp: 'Yes' Section3aCloudTrailLogsSourceName: '*cloudtrail-logs*' @@ -574,6 +646,7 @@ Tests: - AutoEnableOptions - sumoEC2MetricsAppStack - sumoAlbMetricsAppStack + - sumoElbMetricsAppStack - sumoDynamoDBMetricsAppStack - sumoRdsMetricsAppStack - sumoApiGatewayMetricsAppStack @@ -587,6 +660,7 @@ Tests: - CreateCommonResources.AddAccountIdField - sumoDynamoDBMetricsAppStack.AddTableNameField - sumoAlbMetricsAppStack.AddLoadBalancerField + - sumoElbMetricsAppStack.AddLoadBalancerField - sumoLambdaMetricsAppStack.AddFunctionNameField - sumoApiGatewayMetricsAppStack.AddApiNameField - sumoRdsMetricsAppStack.AddDBIdentifierField @@ -594,6 +668,7 @@ Tests: - sumoECSMetricsAppStack.AddClusterNameField - sumoElasticCacheMetricsAppStack.AddCacheClusterIdField - CreateCommonResources.SumoLogicALBS3Policy + - CreateCommonResources.SumoLogicELBS3Policy - CreateCommonResources.SumoLogicCloudTrailS3Policy - CreateCommonResources.LambdaRole - CreateCommonResources.LambdaHelper @@ -636,6 +711,8 @@ Tests: - CreateCommonResources.KinesisFirehoseLogsStack.SubscriptionFilter - CreateCommonResources.ALBSource - CreateCommonResources.ALBSNSSubscription + - CreateCommonResources.ELBSource + - CreateCommonResources.ELBSNSSubscription - CreateCommonResources.CloudTrailSource - CreateCommonResources.CloudTrailSNSSubscription - RootCauseAppStack.RootCauseRole @@ -649,6 +726,13 @@ Tests: - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableNewAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.ExistingAWSResources - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.SumoLambdaRole + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.AutoEnableElbLogEventsInvokePermission + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.AutoEnableElbLogEventsRuleTrigger + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExisitngAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableNewAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.ExistingAWSResources + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.SumoLambdaRole - AutoEnableOptions.AutoSubscribeLambdaLogGroupsAWSResources - AutoEnableOptions.AutoSubscribeLambdaLogGroupsAWSResources.InvokeLambdaConnector - AutoEnableOptions.AutoSubscribeLambdaLogGroupsAWSResources.SumoLogGroupExistingLambdaConnector @@ -662,6 +746,7 @@ Tests: - sumoEC2MetricsAppStack.sumoOverview - sumoEC2MetricsAppStack.sumoMonitorAlerts - sumoAlbMetricsAppStack.sumoApp + - sumoElbMetricsAppStack.sumoApp - sumoDynamoDBMetricsAppStack.sumoApp - sumoRdsMetricsAppStack.ClusterMetricRule - sumoRdsMetricsAppStack.InstanceMetricRule @@ -672,6 +757,7 @@ Tests: - sumoLambdaMetricsAppStack.sumoApp - sumoLambdaMetricsAppStack.LambdaFieldExtractionRule - sumoAlbMetricsAppStack.AlbLogsFieldExtractionRule + - sumoElbMetricsAppStack.ElbLogsFieldExtractionRule - sumoApiGatewayMetricsAppStack.FieldExtractionRule - sumoDynamoDBMetricsAppStack.FieldExtractionRule - sumoLambdaMetricsAppStack.LambdaCloudWatchLogsFieldExtractionRule @@ -691,6 +777,9 @@ Tests: - sumoAlbMetricsAppStack.AccountAliasValue - sumoAlbMetricsAppStack.LambdaHelper - sumoAlbMetricsAppStack.LambdaRole + - sumoElbMetricsAppStack.AccountAliasValue + - sumoElbMetricsAppStack.LambdaHelper + - sumoElbMetricsAppStack.LambdaRole - sumoLambdaMetricsAppStack.AccountAliasValue - sumoLambdaMetricsAppStack.LambdaHelper - sumoLambdaMetricsAppStack.LambdaRole @@ -707,6 +796,8 @@ Tests: - CreateCommonResources.BucketName - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExisitngAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableNewAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExisitngAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableNewAWSResourcesLambda - CreateCommonResources.KinesisMetricsRoleARN - CreateCommonResources.KinesisMetricsDeliveryStreamARN - CreateCommonResources.KinesisLogsDeliveryStreamARN @@ -742,6 +833,12 @@ Tests: ALBS3BucketPathExpression: '/elasticloadbalancing/ap-south-1/*' ALBLogsSourceName: "alb-logs-ap-south-1" ALBLogsSourceCategory: "aws/observability/alb/logs" + CreateELBLogSource: 'Yes' + CreateELBS3Bucket: 'Yes' + ELBS3LogsBucketName: "" + ELBS3BucketPathExpression: '/classicloadbalancing/ap-south-1/*' + ELBLogsSourceName: "elb-logs-ap-south-1" + ELBLogsSourceCategory: "aws/observability/elb/logs" CreateCloudTrailLogSource: 'Yes' CreateCloudTrailBucket: 'Yes' CloudTrailLogsBucketName: "" @@ -763,6 +860,9 @@ Tests: ALBAutoEnableS3Logs: 'Yes' ALBAutoEnableS3LogsOptions: "Both" ALBS3LogsBucketName: 'aws-observability-logs' + ELBAutoEnableS3Logs: 'Yes' + ELBAutoEnableS3LogsOptions: "Both" + ELBS3LogsBucketName: 'aws-observability-logs' AutoSubscribeLogGroups: 'Yes' AutoSubscribeLogGroupsLambdaOptions: 'Both' AutoSubscribeDestinationARNType: 'Kinesis' @@ -772,6 +872,9 @@ Tests: AutoEnableOptions.AutoEnableS3LogsAlbAWSResources: BucketName: 'aws-observability-logs' AutoEnableResourceOptions: 'Both' + AutoEnableOptions.AutoEnableS3LogsElbAWSResources: + BucketName: 'aws-observability-logs' + AutoEnableResourceOptions: 'Both' AutoEnableOptions.AutoSubscribeLambdaLogGroupsAWSResources: UseExistingLogs: 'true' DestinationArnType: 'Kinesis' @@ -785,6 +888,11 @@ Tests: Section4aCloudWatchExistingSourceAPIUrl: '' Section5aALBLogsAPIUrl: '' Section5bALBLogsSourceName: '*alb-logs*' + sumoElbMetricsAppStack: + Section3aInstallApp: 'Yes' + Section4aCloudWatchExistingSourceAPIUrl: '' + Section5aELBLogsAPIUrl: '' + Section5bELBLogsSourceName: '*elb-logs*' sumoDynamoDBMetricsAppStack: Section2aInstallApp: 'Yes' Section3aCloudTrailLogsSourceName: '*cloudtrail-logs*' @@ -845,6 +953,8 @@ Tests: Section6aCreateCloudTrailLogSource: 'No' Section7aLambdaCreateCloudWatchLogsSourceOptions: 'None' Section8aRootCauseExplorerOptions: 'None' + Section9aAutoEnableS3LogsELBResourcesOptions: 'None' + Section9bELBCreateLogSource: 'No' Assertions: - AssertType: ResourceExistence Assert: @@ -852,6 +962,7 @@ Tests: - CreateCommonResources - sumoEC2MetricsAppStack - sumoAlbMetricsAppStack + - sumoElbMetricsAppStack - sumoDynamoDBMetricsAppStack - sumoRdsMetricsAppStack - sumoApiGatewayMetricsAppStack @@ -865,6 +976,7 @@ Tests: - CreateCommonResources.AddAccountIdField - sumoDynamoDBMetricsAppStack.AddTableNameField - sumoAlbMetricsAppStack.AddLoadBalancerField + - sumoElbMetricsAppStack.AddLoadBalancerField - sumoLambdaMetricsAppStack.AddFunctionNameField - sumoApiGatewayMetricsAppStack.AddApiNameField - sumoRdsMetricsAppStack.AddDBIdentifierField @@ -889,6 +1001,9 @@ Tests: - sumoAlbMetricsAppStack.AccountAliasValue - sumoAlbMetricsAppStack.LambdaHelper - sumoAlbMetricsAppStack.LambdaRole + - sumoElbMetricsAppStack.AccountAliasValue + - sumoElbMetricsAppStack.LambdaHelper + - sumoElbMetricsAppStack.LambdaRole - sumoLambdaMetricsAppStack.AccountAliasValue - CreateCommonResources.LambdaHelperAlias - CreateCommonResources.LambdaRoleAlias @@ -921,6 +1036,12 @@ Tests: ALBS3BucketPathExpression: '' ALBLogsSourceName: "alb-logs-us-east-1" ALBLogsSourceCategory: "aws/observability/alb/logs" + CreateELBLogSource: 'No' + CreateELBS3Bucket: 'No' + ELBS3LogsBucketName: "" + ELBS3BucketPathExpression: '' + ELBLogsSourceName: "elb-logs-us-east-1" + ELBLogsSourceCategory: "aws/observability/elb/logs" CreateCloudTrailLogSource: 'No' CreateCloudTrailBucket: 'No' CloudTrailLogsBucketName: "" @@ -944,6 +1065,12 @@ Tests: Section4aCloudWatchExistingSourceAPIUrl: '' Section5aALBLogsAPIUrl: '' Section5bALBLogsSourceName: '' + sumoElbMetricsAppStack: + Section2aAccountAlias: 'test2env' + Section3aInstallApp: 'No' + Section4aCloudWatchExistingSourceAPIUrl: '' + Section5aELBLogsAPIUrl: '' + Section5bELBLogsSourceName: '' sumoDynamoDBMetricsAppStack: Section2aInstallApp: 'No' Section3aCloudTrailLogsSourceName: '' @@ -1006,6 +1133,8 @@ Tests: Section7cAutoSubscribeLogGroupsLambdaOptions: 'New' Section8aRootCauseExplorerOptions: 'Xray Source' Section4bMetricsNameSpaces: 'AWS/ElastiCache, AWS/ELB, AWS/NetworkELB, AWS/ApplicationELB, AWS/RDS, AWS/SQS' + Section9aAutoEnableS3LogsELBResourcesOptions: 'New' + Section9bELBCreateLogSource: 'Yes' Assertions: - AssertType: ResourceExistence Assert: @@ -1014,6 +1143,7 @@ Tests: - AutoEnableOptions - sumoEC2MetricsAppStack - sumoAlbMetricsAppStack + - sumoElbMetricsAppStack - sumoDynamoDBMetricsAppStack - sumoRdsMetricsAppStack - sumoApiGatewayMetricsAppStack @@ -1027,6 +1157,7 @@ Tests: - CreateCommonResources.AddAccountIdField - sumoDynamoDBMetricsAppStack.AddTableNameField - sumoAlbMetricsAppStack.AddLoadBalancerField + - sumoElbMetricsAppStack.AddLoadBalancerField - sumoLambdaMetricsAppStack.AddFunctionNameField - sumoApiGatewayMetricsAppStack.AddApiNameField - sumoRdsMetricsAppStack.AddDBIdentifierField @@ -1034,6 +1165,7 @@ Tests: - sumoECSMetricsAppStack.AddClusterNameField - sumoElasticCacheMetricsAppStack.AddCacheClusterIdField - CreateCommonResources.SumoLogicALBS3Policy + - CreateCommonResources.SumoLogicELBS3Policy - CreateCommonResources.LambdaRole - CreateCommonResources.LambdaHelper - CreateCommonResources.AccountCheck @@ -1057,6 +1189,8 @@ Tests: - CreateCommonResources.CloudWatchMetricsThirdStack.FirstCloudwatchMetricsSource - CreateCommonResources.ALBSource - CreateCommonResources.ALBSNSSubscription + - CreateCommonResources.ELBSource + - CreateCommonResources.ELBSNSSubscription - CreateCommonResources.CloudWatchEventFunction - CreateCommonResources.CloudWatchHTTPSource - CreateCommonResources.CloudWatchEventFunction.SumoCWDeadLetterQueue @@ -1076,6 +1210,11 @@ Tests: - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.AutoEnableAlbLogEventsRuleTrigger - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableNewAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.SumoLambdaRole + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.AutoEnableElbLogEventsInvokePermission + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.AutoEnableElbLogEventsRuleTrigger + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableNewAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.SumoLambdaRole - AutoEnableOptions.AutoSubscribeLambdaLogGroupsAWSResources.SumoCWLambdaInvokePermission - AutoEnableOptions.AutoSubscribeLambdaLogGroupsAWSResources.SumoLogGroupLambdaConnector - AutoEnableOptions.AutoSubscribeLambdaLogGroupsAWSResources.SumoLogGroupLambdaConnectorLambdaTrigger @@ -1084,6 +1223,7 @@ Tests: - sumoRdsMetricsAppStack.ClusterMetricRule - sumoRdsMetricsAppStack.InstanceMetricRule - sumoAlbMetricsAppStack.AlbLogsFieldExtractionRule + - sumoElbMetricsAppStack.ElbLogsFieldExtractionRule - sumoLambdaMetricsAppStack.LambdaCloudWatchLogsFieldExtractionRule - sumoNlbMetricsAppStack - sumoNlbMetricsAppStack.AddLoadBalancerField @@ -1095,6 +1235,9 @@ Tests: - sumoAlbMetricsAppStack.AccountAliasValue - sumoAlbMetricsAppStack.LambdaHelper - sumoAlbMetricsAppStack.LambdaRole + - sumoElbMetricsAppStack.AccountAliasValue + - sumoElbMetricsAppStack.LambdaHelper + - sumoElbMetricsAppStack.LambdaRole - sumoLambdaMetricsAppStack.AccountAliasValue - CreateCommonResources.LambdaHelperAlias - CreateCommonResources.LambdaRoleAlias @@ -1111,6 +1254,7 @@ Tests: - CreateCommonResources.CloudWatchEventFunction.SumoCWLogsLambdaArn - AutoEnableOptions.AutoSubscribeLambdaLogGroupsAWSResources.SumoLogGroupLambdaConnector - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableNewAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableNewAWSResourcesLambda - CreateCommonResources.CollectorName - CreateCommonResources.AccountAlias - AssertType: ParameterCheck @@ -1132,6 +1276,12 @@ Tests: ALBS3BucketPathExpression: '/elasticloadbalancing/us-east-2/*' ALBLogsSourceName: "alb-logs-us-east-2" ALBLogsSourceCategory: "aws/observability/alb/logs" + CreateELBLogSource: 'Yes' + CreateELBS3Bucket: 'Yes' + ELBS3LogsBucketName: "" + ELBS3BucketPathExpression: '/classicloadbalancing/us-east-2/*' + ELBLogsSourceName: "elb-logs-us-east-2" + ELBLogsSourceCategory: "aws/observability/elb/logs" CreateCloudTrailLogSource: 'No' CreateCloudTrailBucket: 'No' CloudTrailLogsBucketName: "" @@ -1150,6 +1300,8 @@ Tests: AutoEnableOptions: ALBAutoEnableS3Logs: 'Yes' ALBS3LogsBucketName: 'aws-observability-logs' + ELBAutoEnableS3Logs: 'Yes' + ELBS3LogsBucketName: 'aws-observability-logs' AutoSubscribeLogGroups: 'Yes' AutoSubscribeLogGroupsLambdaOptions: 'New' AutoSubscribeDestinationARNType: 'Lambda' @@ -1159,6 +1311,9 @@ Tests: AutoEnableOptions.AutoEnableS3LogsAlbAWSResources: BucketName: 'aws-observability-logs' AutoEnableResourceOptions: 'New' + AutoEnableOptions.AutoEnableS3LogsElbAWSResources: + BucketName: 'aws-observability-logs' + AutoEnableResourceOptions: 'New' AutoEnableOptions.AutoSubscribeLambdaLogGroupsAWSResources: UseExistingLogs: 'false' DestinationArnType: 'Lambda' @@ -1173,6 +1328,12 @@ Tests: Section4aCloudWatchExistingSourceAPIUrl: '' Section5aALBLogsAPIUrl: '' Section5bALBLogsSourceName: '*alb-logs*' + sumoElbMetricsAppStack: + Section2aAccountAlias: 'test3env' + Section3aInstallApp: 'No' + Section4aCloudWatchExistingSourceAPIUrl: '' + Section5aELBLogsAPIUrl: '' + Section5bELBLogsSourceName: '*elb-logs*' sumoDynamoDBMetricsAppStack: Section2aInstallApp: 'No' Section3aCloudTrailLogsSourceName: '' @@ -1234,6 +1395,8 @@ Tests: Section7aLambdaCreateCloudWatchLogsSourceOptions: 'Lambda Log Forwarder' Section7cAutoSubscribeLogGroupsLambdaOptions: 'Existing' Section8aRootCauseExplorerOptions: 'Inventory Source' + Section9aAutoEnableS3LogsELBResourcesOptions: 'New' + Section9bELBCreateLogSource: 'No' Assertions: - AssertType: ResourceExistence Assert: @@ -1241,6 +1404,7 @@ Tests: - CreateCommonResources - sumoEC2MetricsAppStack - sumoAlbMetricsAppStack + - sumoElbMetricsAppStack - sumoDynamoDBMetricsAppStack - sumoRdsMetricsAppStack - sumoApiGatewayMetricsAppStack @@ -1255,6 +1419,7 @@ Tests: - CreateCommonResources.AddAccountIdField - sumoDynamoDBMetricsAppStack.AddTableNameField - sumoAlbMetricsAppStack.AddLoadBalancerField + - sumoElbMetricsAppStack.AddLoadBalancerField - sumoLambdaMetricsAppStack.AddFunctionNameField - sumoApiGatewayMetricsAppStack.AddApiNameField - sumoRdsMetricsAppStack.AddDBIdentifierField @@ -1325,6 +1490,9 @@ Tests: - sumoAlbMetricsAppStack.AccountAliasValue - sumoAlbMetricsAppStack.LambdaHelper - sumoAlbMetricsAppStack.LambdaRole + - sumoElbMetricsAppStack.AccountAliasValue + - sumoElbMetricsAppStack.LambdaHelper + - sumoElbMetricsAppStack.LambdaRole - sumoLambdaMetricsAppStack.AccountAliasValue - CreateCommonResources.LambdaHelperAlias - CreateCommonResources.LambdaRoleAlias @@ -1365,6 +1533,12 @@ Tests: ALBS3BucketPathExpression: '' ALBLogsSourceName: "alb-logs-ap-south-1" ALBLogsSourceCategory: "aws/observability/alb/logs" + CreateELBLogSource: 'No' + CreateELBS3Bucket: 'No' + ELBS3LogsBucketName: "" + ELBS3BucketPathExpression: '' + ELBLogsSourceName: "elb-logs-ap-south-1" + ELBLogsSourceCategory: "aws/observability/elb/logs" CreateCloudTrailLogSource: 'Yes' CreateCloudTrailBucket: 'Yes' CloudTrailLogsBucketName: "" @@ -1391,6 +1565,12 @@ Tests: Section4aCloudWatchExistingSourceAPIUrl: '' Section5aALBLogsAPIUrl: '' Section5bALBLogsSourceName: '' + sumoElbMetricsAppStack: + Section2aAccountAlias: 'test4env' + Section3aInstallApp: 'No' + Section4aCloudWatchExistingSourceAPIUrl: '' + Section5aELBLogsAPIUrl: '' + Section5bELBLogsSourceName: '' sumoDynamoDBMetricsAppStack: Section2aInstallApp: 'No' Section3aCloudTrailLogsSourceName: '*cloudtrail-logs*' @@ -1637,6 +1817,213 @@ Tests: Section2aInstallApp: 'No' Section3aNLBLogsSourceName: '' Section3bNLBSourceUpdated: 'No' + + - TestName: existingsourcewithelbbucket + Regions: + - us-east-1 + Skip: true + Parameters: + Values: + Section1aSumoLogicDeployment: 'us2' + Section1bSumoLogicAccessID: '${FREE_ACCOUNT_ACCESS_ID}' + Section1cSumoLogicAccessKey: '${FREE_ACCOUNT_ACCESS_KEY}' + Section1dSumoLogicOrganizationId: '${US2_FREE_ORG_ID}' + Section2aAccountAlias: 'test9env' + Section2bAccountAliasMappingS3URL: '' + Section3aInstallObservabilityApps: 'No' + Section4aCreateMetricsSourceOptions: 'None' + Section4cCloudWatchExistingSourceAPIUrl: 'https://api.de.sumologic.com/api/v1/collectors/2081523/sources/12871374' + Section5aAutoEnableS3LogsALBResourcesOptions: 'None' + Section5bALBCreateLogSource: 'No' + Section6aCreateCloudTrailLogSource: 'Yes' + Section7aLambdaCreateCloudWatchLogsSourceOptions: 'None' + Section7bLambdaCloudWatchLogsSourceUrl: 'https://api.de.sumologic.com/api/v1/collectors/2081523/sources/12791746' + Section7cAutoSubscribeLogGroupsLambdaOptions: 'New' + Section8aRootCauseExplorerOptions: 'Xray Source' + Section9aAutoEnableS3LogsELBResourcesOptions: 'Existing' + Section9bELBCreateLogSource: 'Yes' + Section9dELBS3LogsBucketName: 'cf-templates-1qpf3unpuo1hw-us-east-1-alekh' + Section9eELBS3BucketPathExpression: '*elblogs*' + + Assertions: + - AssertType: ResourceExistence + Assert: + Resources: + - CreateCommonResources + - AutoEnableOptions + - sumoEC2MetricsAppStack + - sumoElbMetricsAppStack + - sumoDynamoDBMetricsAppStack + - sumoRdsMetricsAppStack + - sumoApiGatewayMetricsAppStack + - RootCauseAppStack + - sumoLambdaMetricsAppStack + - sumoECSMetricsAppStack + - sumoElasticCacheMetricsAppStack + - CreateCommonResources.AddAccountField + - CreateCommonResources.AddRegionField + - CreateCommonResources.AddNamespaceField + - CreateCommonResources.AddAccountIdField + - sumoDynamoDBMetricsAppStack.AddTableNameField + - sumoElbMetricsAppStack.AddLoadBalancerField + - sumoLambdaMetricsAppStack.AddFunctionNameField + - sumoApiGatewayMetricsAppStack.AddApiNameField + - sumoRdsMetricsAppStack.AddDBIdentifierField + - sumoEC2MetricsAppStack.AddInstanceIdField + - sumoECSMetricsAppStack.AddClusterNameField + - sumoElasticCacheMetricsAppStack.AddCacheClusterIdField + - CreateCommonResources.SumoLogicELBS3Policy + - CreateCommonResources.SumoLogicCloudTrailS3Policy + - CreateCommonResources.LambdaRole + - CreateCommonResources.LambdaHelper + - CreateCommonResources.AccountCheck + - CreateCommonResources.CommonBucketSNSTopic + - CreateCommonResources.CommonS3Bucket + - CreateCommonResources.CommonBucketPolicy + - CreateCommonResources.CommonSNSpolicy + - CreateCommonResources.CommonCloudTrail + - CreateCommonResources.CreateSumoLogicAWSExplorerView + - CreateCommonResources.SumoLogicSourceRole + - CreateCommonResources.SumoLogicHostedCollector + - CreateCommonResources.LambdaToDecideCWMetricsSources + - CreateCommonResources.Primerinvoke + - CreateCommonResources.ELBSource + - CreateCommonResources.ELBSNSTopic + - CreateCommonResources.ELBSNSpolicy + - CreateCommonResources.ELBSNSSubscription + - CreateCommonResources.CloudTrailSource + - CreateCommonResources.CloudTrailSNSSubscription + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExisitngAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.ExistingAWSResources + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.SumoLambdaRole + - sumoRdsMetricsAppStack.ClusterMetricRule + - sumoRdsMetricsAppStack.InstanceMetricRule + - sumoLambdaMetricsAppStack.SumoHTTPUpdateSource + - sumoLambdaMetricsAppStack.LambdaFieldExtractionRule + - sumoElbMetricsAppStack.ElbLogsFieldExtractionRule + - sumoApiGatewayMetricsAppStack.FieldExtractionRule + - sumoDynamoDBMetricsAppStack.FieldExtractionRule + - sumoLambdaMetricsAppStack.LambdaCloudWatchLogsFieldExtractionRule + - sumoRdsMetricsAppStack.FieldExtractionRule + - sumoECSMetricsAppStack.FieldExtractionRule + - sumoElasticCacheMetricsAppStack.FieldExtractionRule + - sumoNlbMetricsAppStack + - sumoNlbMetricsAppStack.AddLoadBalancerField + - sumoNlbMetricsAppStack.MetricRule + - CreateCommonResources.AccountAliasValue + - RootCauseAppStack.AccountAliasValue + - RootCauseAppStack.LambdaHelper + - RootCauseAppStack.LambdaRole + - sumoElbMetricsAppStack.AccountAliasValue + - sumoElbMetricsAppStack.LambdaHelper + - sumoElbMetricsAppStack.LambdaRole + - sumoLambdaMetricsAppStack.AccountAliasValue + - CreateCommonResources.LambdaHelperAlias + - CreateCommonResources.LambdaRoleAlias + - AssertType: OutputsCheck + Assert: + Outputs: + - CreateCommonResources.LambdaHelperARN + - CreateCommonResources.EnterpriseCheck + - CreateCommonResources.PaidAccountCheck + - CreateCommonResources.Namespaces + - CreateCommonResources.LambdaRoleARN + - CreateCommonResources.BucketName + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExisitngAWSResourcesLambda + - sumoLambdaMetricsAppStack.ExistingCloudWatchLogSourceName + - CreateCommonResources.CollectorName + - CreateCommonResources.AccountAlias + - AssertType: ParameterCheck + Assert: + CreateCommonResources: + AccountAlias: "test9env" + AccountAliasMappingS3URL: "" + CreateMetaDataSource: 'No' + MetaDataSourceName: "" + MetaDataSourceCategory: "" + CreateCloudWatchMetricsSource: 'No' + CloudWatchMetricsSourceName: '' + CloudWatchMetricsNameSpaces: "AWS/ApplicationELB, AWS/ApiGateway, AWS/DynamoDB, AWS/Lambda, AWS/RDS, AWS/ECS, AWS/ElastiCache, AWS/ELB, AWS/NetworkELB" + ScanInterval: "30000" + CloudWatchMetricSourceCategory: "" + CreateELBLogSource: 'Yes' + CreateELBS3Bucket: 'No' + ELBS3LogsBucketName: "anemaelblogs" + ELBS3BucketPathExpression: '/classicloadbalancing/us-east-1/*' + ELBLogsSourceName: "elb-logs-us-east-1" + ELBLogsSourceCategory: "aws/observability/elb/logs" + CreateCloudTrailLogSource: 'Yes' + CreateCloudTrailBucket: 'Yes' + CloudTrailLogsBucketName: "" + CloudTrailBucketPathExpression: '/CloudTrail/us-east-1/*' + CloudTrailLogsSourceName: "cloudtrail-logs-us-east-1" + CloudTrailLogsSourceCategory: "aws/observability/cloudtrail/logs" + CreateCloudWatchLogSource: 'No' + CloudWatchLogsSourceName: "cloudwatch-logs-us-east-1" + CloudWatchLogsSourceCategory: "aws/observability/cloudwatch/logs" + CreateKinesisFirehoseLogSource: 'No' + KinesisFirehoseLogsSourceName: 'kinesis-firehose-cloudwatch-logs-us-east-1' + KinesisFirehoseLogsSourceCategory: 'aws/observability/cloudwatch/logs' + CreateKinesisFirehoseMetricsSource: 'No' + KinesisFirehoseMetricsSourceName: 'cloudwatch-metrics-us-east-1' + KinesisFirehoseMetricSourceCategory: 'aws/observability/cloudwatch/metrics' + AutoEnableOptions: + ELBAutoEnableS3Logs: 'Yes' + ELBS3LogsBucketName: 'cf-templates-1qpf3unpuo1hw-us-east-1-alekh' + AutoSubscribeLogGroups: 'No' + AutoEnableOptions.AutoEnableS3LogsElbAWSResources: + BucketName: 'cf-templates-1qpf3unpuo1hw-us-east-1-alekh' + AutoEnableResourceOptions: 'Existing' + sumoEC2MetricsAppStack: + Section2aInstallApp: 'No' + sumoElbMetricsAppStack: + Section2aAccountAlias: 'test9env' + Section3aInstallApp: 'No' + Section4aCloudWatchExistingSourceAPIUrl: 'https://api.de.sumologic.com/api/v1/collectors/2081523/sources/12871374' + Section5aELBLogsAPIUrl: '' + Section5bELBLogsSourceName: '*elb-logs*' + sumoDynamoDBMetricsAppStack: + Section2aInstallApp: 'No' + Section3aCloudTrailLogsSourceName: '*cloudtrail-logs*' + Section3bCloudTrailSourceUpdated: 'No' + sumoRdsMetricsAppStack: + Section2aInstallApp: 'No' + Section3aCloudTrailLogsSourceName: '*cloudtrail-logs*' + Section3bCloudTrailSourceUpdated: 'No' + sumoApiGatewayMetricsAppStack: + Section2aInstallApp: 'No' + Section3aCloudTrailLogsSourceName: '*cloudtrail-logs*' + Section3bCloudTrailSourceUpdated: 'No' + RootCauseAppStack: + Section2aInstallApp: 'No' + Section2bCollectorName: "" + Section3aCreateAwsInventorySource: 'No' + Section3bAwsInventorySourceName: "inventory-us-east-1" + Section3dInventorySourceCategory: "aws/observability/inventory" + Section4aCreateAwsXRaySource: 'No' + Section4bAwsXRaySourceName: "xray-us-east-1" + Section4cXraySourceCategory: "aws/observability/xray" + sumoLambdaMetricsAppStack: + Section2aAccountAlias: 'test9env' + Section3aInstallApp: 'No' + Section4aCloudWatchExistingSourceAPIUrl: '' + Section5aCloudTrailLogsAPIUrl: '' + Section5bCloudTrailLogsSourceName: '*cloudtrail-logs*' + Section6aCloudWatchLogsAPIUrl: 'https://api.de.sumologic.com/api/v1/collectors/2081523/sources/12791746' + Section6bCloudWatchLogsSourceName: '' + sumoECSMetricsAppStack: + Section2aInstallApp: 'No' + Section3aCloudTrailLogsSourceName: '*cloudtrail-logs*' + Section3bCloudTrailSourceUpdated: 'No' + sumoElasticCacheMetricsAppStack: + Section2aInstallApp: 'No' + Section3aCloudTrailLogsSourceName: '*cloudtrail-logs*' + Section3bCloudTrailSourceUpdated: 'No' + sumoNlbMetricsAppStack: + Section2aInstallApp: 'No' + Section3aNLBLogsSourceName: '' + Section3bNLBSourceUpdated: 'No' - TestName: existingcloudtrailbucket Regions: - us-east-2 @@ -1659,6 +2046,8 @@ Tests: Section7aLambdaCreateCloudWatchLogsSourceOptions: 'None' Section8aRootCauseExplorerOptions: 'Inventory Source' Section4bMetricsNameSpaces: 'AWS/ApiGateway, AWS/DynamoDB, AWS/ElastiCache' + Section9aAutoEnableS3LogsELBResourcesOptions: 'None' + Section9bELBCreateLogSource: 'Yes' Assertions: - AssertType: ResourceExistence Assert: @@ -1666,6 +2055,7 @@ Tests: - CreateCommonResources - sumoEC2MetricsAppStack - sumoAlbMetricsAppStack + - sumoElbMetricsAppStack - sumoDynamoDBMetricsAppStack - sumoRdsMetricsAppStack - sumoApiGatewayMetricsAppStack @@ -1679,6 +2069,7 @@ Tests: - CreateCommonResources.AddAccountIdField - sumoDynamoDBMetricsAppStack.AddTableNameField - sumoAlbMetricsAppStack.AddLoadBalancerField + - sumoElbMetricsAppStack.AddLoadBalancerField - sumoLambdaMetricsAppStack.AddFunctionNameField - sumoApiGatewayMetricsAppStack.AddApiNameField - sumoRdsMetricsAppStack.AddDBIdentifierField @@ -1686,6 +2077,7 @@ Tests: - sumoECSMetricsAppStack.AddClusterNameField - sumoElasticCacheMetricsAppStack.AddCacheClusterIdField - CreateCommonResources.SumoLogicALBS3Policy + - CreateCommonResources.SumoLogicELBS3Policy - CreateCommonResources.SumoLogicCloudTrailS3Policy - CreateCommonResources.LambdaRole - CreateCommonResources.LambdaHelper @@ -1707,6 +2099,8 @@ Tests: - CreateCommonResources.CloudWatchMetricsSecondStack.SecondCloudwatchMetricsSource - CreateCommonResources.ALBSource - CreateCommonResources.ALBSNSSubscription + - CreateCommonResources.ELBSource + - CreateCommonResources.ELBSNSSubscription - CreateCommonResources.CloudTrailSource - CreateCommonResources.CloudTrailSNSTopic - CreateCommonResources.CloudTrailSNSpolicy @@ -1718,6 +2112,7 @@ Tests: - sumoRdsMetricsAppStack.InstanceMetricRule - sumoLambdaMetricsAppStack.LambdaFieldExtractionRule - sumoAlbMetricsAppStack.AlbLogsFieldExtractionRule + - sumoElbMetricsAppStack.ElbLogsFieldExtractionRule - sumoApiGatewayMetricsAppStack.FieldExtractionRule - sumoDynamoDBMetricsAppStack.FieldExtractionRule - sumoRdsMetricsAppStack.FieldExtractionRule @@ -1733,6 +2128,9 @@ Tests: - sumoAlbMetricsAppStack.AccountAliasValue - sumoAlbMetricsAppStack.LambdaHelper - sumoAlbMetricsAppStack.LambdaRole + - sumoElbMetricsAppStack.AccountAliasValue + - sumoElbMetricsAppStack.LambdaHelper + - sumoElbMetricsAppStack.LambdaRole - sumoLambdaMetricsAppStack.AccountAliasValue - CreateCommonResources.LambdaHelperAlias - CreateCommonResources.LambdaRoleAlias @@ -1766,6 +2164,12 @@ Tests: ALBS3BucketPathExpression: '*AWSLogs/*/elasticloadbalancing/*' ALBLogsSourceName: "alb-logs-us-east-2" ALBLogsSourceCategory: "aws/observability/alb/logs" + CreateELBLogSource: 'Yes' + CreateELBS3Bucket: 'Yes' + ELBS3LogsBucketName: "" + ELBS3BucketPathExpression: '*AWSLogs/*/elasticloadbalancing/*' + ELBLogsSourceName: "elb-logs-us-east-1" + ELBLogsSourceCategory: "aws/observability/elb/logs" CreateCloudTrailLogSource: 'Yes' CreateCloudTrailBucket: 'No' CloudTrailLogsBucketName: "cf-templates-1qpf3unpuo1hw-us-east-2-arun" @@ -1789,6 +2193,12 @@ Tests: Section4aCloudWatchExistingSourceAPIUrl: '' Section5aALBLogsAPIUrl: '' Section5bALBLogsSourceName: '*alb-logs*' + sumoElbMetricsAppStack: + Section2aAccountAlias: 'test6env' + Section3aInstallApp: 'No' + Section4aCloudWatchExistingSourceAPIUrl: '' + Section5aELBLogsAPIUrl: '' + Section5bELBLogsSourceName: '*elb-logs*' sumoDynamoDBMetricsAppStack: Section2aInstallApp: 'No' Section3aCloudTrailLogsSourceName: '*cloudtrail-logs*' @@ -1853,6 +2263,8 @@ Tests: Section6bCloudTrailLogsSourceUrl: 'https://api.us2.sumologic.com/api/v1/collectors/238450591/sources/1563363030' Section7aLambdaCreateCloudWatchLogsSourceOptions: 'None' Section8aRootCauseExplorerOptions: 'Both' + Section9aAutoEnableS3LogsELBResourcesOptions: 'None' + Section9bELBCreateLogSource: 'No' Assertions: - AssertType: ResourceExistence Assert: @@ -2051,6 +2463,229 @@ Tests: Section2aInstallApp: 'Yes' Section3aNLBLogsSourceName: '' Section3bNLBSourceUpdated: 'No' + - TestName: existingcloudtrailelbsource + Regions: + - ap-south-1 + Skip: true + Parameters: + Values: + Section1aSumoLogicDeployment: 'us2' + Section1bSumoLogicAccessID: '${PROFESSIONAL_US2_ACCESS_ID}' + Section1cSumoLogicAccessKey: '${PROFESSIONAL_US2_ACCESS_KEY}' + Section1dSumoLogicOrganizationId: '${US2_PROFESSIONAL_ORG_ID}' + Section2aAccountAlias: 'test7env' + Section2bAccountAliasMappingS3URL: '' + Section3aInstallObservabilityApps: 'Yes' + Section4aCreateMetricsSourceOptions: 'Kinesis Firehose Metrics Source' + Section4cCloudWatchExistingSourceAPIUrl: 'https://api.us2.sumologic.com/api/v1/collectors/253144985/sources/1716165187' + Section5aAutoEnableS3LogsALBResourcesOptions: 'None' + Section5bALBCreateLogSource: 'No' + Section6aCreateCloudTrailLogSource: 'No' + Section6bCloudTrailLogsSourceUrl: 'https://api.us2.sumologic.com/api/v1/collectors/253144985/sources/1716169440' + Section7aLambdaCreateCloudWatchLogsSourceOptions: 'None' + Section8aRootCauseExplorerOptions: 'Both' + Section9aAutoEnableS3LogsELBResourcesOptions: 'Both' + Section9bELBCreateLogSource: 'No' + Section9cELBLogsSourceUrl: 'https://api.us2.sumologic.com/api/v1/collectors/253144985/sources/1716486002' + Section9dELBS3LogsBucketName: 'anemaelblogs-ap-south-1' + Assertions: + - AssertType: ResourceExistence + Assert: + Resources: + - CreateCommonResources + - AutoEnableOptions + - sumoEC2MetricsAppStack + - sumoElbMetricsAppStack + - sumoDynamoDBMetricsAppStack + - sumoRdsMetricsAppStack + - sumoApiGatewayMetricsAppStack + - RootCauseAppStack + - sumoLambdaMetricsAppStack + - sumoECSMetricsAppStack + - sumoElasticCacheMetricsAppStack + - CreateCommonResources.AddAccountField + - CreateCommonResources.AddRegionField + - CreateCommonResources.AddNamespaceField + - CreateCommonResources.AddAccountIdField + - sumoDynamoDBMetricsAppStack.AddTableNameField + - sumoElbMetricsAppStack.AddLoadBalancerField + - sumoLambdaMetricsAppStack.AddFunctionNameField + - sumoApiGatewayMetricsAppStack.AddApiNameField + - sumoRdsMetricsAppStack.AddDBIdentifierField + - sumoEC2MetricsAppStack.AddInstanceIdField + - sumoECSMetricsAppStack.AddClusterNameField + - sumoElasticCacheMetricsAppStack.AddCacheClusterIdField + - CreateCommonResources.LambdaRole + - CreateCommonResources.LambdaHelper + - CreateCommonResources.AccountCheck + - CreateCommonResources.CreateSumoLogicAWSExplorerView + - CreateCommonResources.LambdaToDecideCWMetricsSources + - CreateCommonResources.Primerinvoke + - CreateCommonResources.SumoLogicHostedCollector + - CreateCommonResources.SumoLogicSourceRole + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.AutoEnableElbLogEventsInvokePermission + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.AutoEnableElbLogEventsRuleTrigger + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExisitngAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableNewAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.ExistingAWSResources + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.SumoLambdaRole + - sumoEC2MetricsAppStack.sumoApp + - sumoEC2MetricsAppStack.sumoOverview + - sumoEC2MetricsAppStack.sumoMonitorAlerts + - sumoElbMetricsAppStack.sumoApp + - sumoElbMetricsAppStack.SumoELBLogsUpdateSource + - sumoDynamoDBMetricsAppStack.sumoApp + - sumoRdsMetricsAppStack.ClusterMetricRule + - sumoRdsMetricsAppStack.sumoApp + - sumoRdsMetricsAppStack.InstanceMetricRule + - sumoApiGatewayMetricsAppStack.sumoApp + - sumoLambdaMetricsAppStack.sumoApp + - sumoLambdaMetricsAppStack.SumoCloudTrailLogsUpdateSource + - sumoLambdaMetricsAppStack.LambdaFieldExtractionRule + - sumoElbMetricsAppStack.ElbLogsFieldExtractionRule + - sumoApiGatewayMetricsAppStack.FieldExtractionRule + - sumoDynamoDBMetricsAppStack.FieldExtractionRule + - sumoRdsMetricsAppStack.FieldExtractionRule + - sumoECSMetricsAppStack.FieldExtractionRule + - sumoECSMetricsAppStack.sumoApp + - sumoElasticCacheMetricsAppStack.FieldExtractionRule + - sumoElasticCacheMetricsAppStack.sumoApp + - sumoNlbMetricsAppStack.AddLoadBalancerField + - sumoNlbMetricsAppStack + - sumoNlbMetricsAppStack.MetricRule + - sumoNlbMetricsAppStack.sumoApp + - CreateCommonResources.KinesisFirehoseMetricsStack + - CreateCommonResources.KinesisFirehoseMetricsSource + - CreateCommonResources.KinesisFirehoseMetricsStack.AttachBucketPolicyToFirehoseLogsRole + - CreateCommonResources.KinesisFirehoseMetricsStack.FailedDataBucket + - CreateCommonResources.KinesisFirehoseMetricsStack.FirehoseLogsRole + - CreateCommonResources.KinesisFirehoseMetricsStack.KinesisMetricsCloudWatchMetricsStream + - CreateCommonResources.KinesisFirehoseMetricsStack.KinesisMetricsDeliveryStream + - CreateCommonResources.KinesisFirehoseMetricsStack.KinesisMetricsFirehoseRolePolicy + - CreateCommonResources.KinesisFirehoseMetricsStack.KinesisMetricsLogGroup + - CreateCommonResources.KinesisFirehoseMetricsStack.KinesisMetricsLogStream + - CreateCommonResources.KinesisFirehoseMetricsStack.KinesisMetricsLogStreamS3 + - CreateCommonResources.KinesisFirehoseMetricsStack.KinesisMetricsRole + - CreateCommonResources.KinesisFirehoseMetricsStack.KinesisMetricsRolePolicy + - CreateCommonResources.KinesisFirehoseMetricsStack.KinesisMetricsCloudWatchMetricsStreamLambda + - CreateCommonResources.KinesisFirehoseMetricsStack.KinesisMetricsCloudWatchMetricsStreamLambdaRole + - CreateCommonResources.AccountAliasValue + - RootCauseAppStack.AccountAliasValue + - RootCauseAppStack.LambdaHelper + - RootCauseAppStack.LambdaRole + - sumoElbMetricsAppStack.AccountAliasValue + - sumoElbMetricsAppStack.LambdaHelper + - sumoElbMetricsAppStack.LambdaRole + - sumoLambdaMetricsAppStack.AccountAliasValue + - CreateCommonResources.LambdaHelperAlias + - CreateCommonResources.LambdaRoleAlias + - AssertType: OutputsCheck + Assert: + Outputs: + - CreateCommonResources.LambdaHelperARN + - CreateCommonResources.EnterpriseCheck + - CreateCommonResources.PaidAccountCheck + - CreateCommonResources.Namespaces + - CreateCommonResources.LambdaRoleARN + - sumoLambdaMetricsAppStack.ExistingCloudTrailLogSourceName + - sumoElbMetricsAppStack.ExistingLogSourceName + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExisitngAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableNewAWSResourcesLambda + - CreateCommonResources.KinesisMetricsRoleARN + - CreateCommonResources.KinesisMetricsDeliveryStreamARN + - CreateCommonResources.KinesisFirehoseMetricsStack.KinesisMetricsRoleARN + - CreateCommonResources.KinesisFirehoseMetricsStack.KinesisMetricsDeliveryStreamARN + - CreateCommonResources.KinesisFirehoseMetricsStack.KinesisMetricsLogGroupARN + - CreateCommonResources.KinesisFirehoseMetricsStack.FailedDataBucketArn + - CreateCommonResources.CollectorName + - CreateCommonResources.AccountAlias + - AssertType: ParameterCheck + Assert: + CreateCommonResources: + AccountAlias: "test7env" + AccountAliasMappingS3URL: "" + CreateMetaDataSource: 'No' + MetaDataSourceName: "" + MetaDataSourceCategory: "" + CreateCloudWatchMetricsSource: 'No' + CloudWatchMetricsSourceName: 'cloudwatch-metrics-ap-south-1' + CloudWatchMetricsNameSpaces: "AWS/ApplicationELB, AWS/ApiGateway, AWS/DynamoDB, AWS/Lambda, AWS/RDS, AWS/ECS, AWS/ElastiCache, AWS/ELB, AWS/NetworkELB" + ScanInterval: "30000" + CloudWatchMetricSourceCategory: "aws/observability/cloudwatch/metrics" + CreateELBLogSource: 'No' + CreateELBS3Bucket: 'No' + ELBS3LogsBucketName: "" + ELBS3BucketPathExpression: '' + ELBLogsSourceName: "elb-logs-ap-south-1" + ELBLogsSourceCategory: "aws/observability/elb/logs" + CreateCloudTrailLogSource: 'No' + CreateCloudTrailBucket: 'No' + CloudTrailLogsBucketName: "" + CloudTrailBucketPathExpression: '' + CloudTrailLogsSourceName: "cloudtrail-logs-ap-south-1" + CloudTrailLogsSourceCategory: "aws/observability/cloudtrail/logs" + CreateCloudWatchLogSource: 'No' + CloudWatchLogsSourceName: "cloudwatch-logs-ap-south-1" + CloudWatchLogsSourceCategory: "aws/observability/cloudwatch/logs" + CreateKinesisFirehoseLogSource: 'No' + KinesisFirehoseLogsSourceName: 'kinesis-firehose-cloudwatch-logs-ap-south-1' + KinesisFirehoseLogsSourceCategory: 'aws/observability/cloudwatch/logs' + CreateKinesisFirehoseMetricsSource: 'Yes' + KinesisFirehoseMetricsSourceName: 'cloudwatch-metrics-ap-south-1' + KinesisFirehoseMetricSourceCategory: 'aws/observability/cloudwatch/metrics' + CreateCommonResources.KinesisFirehoseMetricsStack: + Section2aCreateS3Bucket: 'Yes' + Section1bNamespaceFilter: "AWS/ApplicationELB, AWS/ApiGateway, AWS/DynamoDB, AWS/Lambda, AWS/RDS, AWS/ECS, AWS/ElastiCache, AWS/ELB, AWS/NetworkELB" + sumoEC2MetricsAppStack: + Section2aInstallApp: 'Yes' + sumoElbMetricsAppStack: + Section2aAccountAlias: 'test7env' + Section3aInstallApp: 'Yes' + Section4aCloudWatchExistingSourceAPIUrl: '' + Section5aELBLogsAPIUrl: 'https://api.us2.sumologic.com/api/v1/collectors/253144985/sources/1716486002' + Section5bELBLogsSourceName: '' + sumoDynamoDBMetricsAppStack: + Section2aInstallApp: 'Yes' + Section3aCloudTrailLogsSourceName: 'anema_awso_cloudtraiil' + Section3bCloudTrailSourceUpdated: 'Yes' + sumoRdsMetricsAppStack: + Section2aInstallApp: 'Yes' + Section3aCloudTrailLogsSourceName: 'anema_awso_cloudtraiil' + Section3bCloudTrailSourceUpdated: 'Yes' + sumoApiGatewayMetricsAppStack: + Section2aInstallApp: 'Yes' + Section3aCloudTrailLogsSourceName: 'anema_awso_cloudtraiil' + Section3bCloudTrailSourceUpdated: 'Yes' + RootCauseAppStack: + Section2aInstallApp: 'No' + Section2bCollectorName: "" + Section3aCreateAwsInventorySource: 'No' + Section3bAwsInventorySourceName: "inventory-ap-south-1" + Section3dInventorySourceCategory: "aws/observability/inventory" + Section4aCreateAwsXRaySource: 'No' + Section4bAwsXRaySourceName: "xray-ap-south-1" + Section4cXraySourceCategory: "aws/observability/xray" + sumoLambdaMetricsAppStack: + Section2aAccountAlias: 'test7env' + Section3aInstallApp: 'Yes' + Section4aCloudWatchExistingSourceAPIUrl: '' + Section5aCloudTrailLogsAPIUrl: 'https://api.us2.sumologic.com/api/v1/collectors/253144985/sources/1716169440' + Section5bCloudTrailLogsSourceName: '' + Section6aCloudWatchLogsAPIUrl: '' + Section6bCloudWatchLogsSourceName: '' + sumoECSMetricsAppStack: + Section2aInstallApp: 'Yes' + Section3aCloudTrailLogsSourceName: 'anema_awso_cloudtraiil' + Section3bCloudTrailSourceUpdated: 'Yes' + sumoElasticCacheMetricsAppStack: + Section2aInstallApp: 'Yes' + Section3aCloudTrailLogsSourceName: 'anema_awso_cloudtraiil' + Section3bCloudTrailSourceUpdated: 'Yes' + sumoNlbMetricsAppStack: + Section2aInstallApp: 'Yes' + Section3aNLBLogsSourceName: '' + Section3bNLBSourceUpdated: 'No' - TestName: createsourceexibucketexisources Regions: - ap-south-1 @@ -2080,6 +2715,11 @@ Tests: Section7bLambdaCloudWatchLogsSourceUrl: "https://api.us2.sumologic.com/api/v1/collectors/185140717/sources/908777855" Section7cAutoSubscribeLogGroupsLambdaOptions: "Both" Section8aRootCauseExplorerOptions: 'Inventory Source' + Section9aAutoEnableS3LogsELBResourcesOptions: 'None' + Section9bELBCreateLogSource: 'Yes' + Section9cELBLogsSourceUrl: 'https://api.sumologic.com/api/v1/collectors/190041827/sources/957189061' + Section9dELBS3LogsBucketName: 'anemaelblogs-ap-south-1' + Section9eELBS3BucketPathExpression: '*abc*' Assertions: - AssertType: ResourceExistence Assert: @@ -2087,6 +2727,7 @@ Tests: - CreateCommonResources - sumoEC2MetricsAppStack - sumoAlbMetricsAppStack + - sumoElbMetricsAppStack - sumoDynamoDBMetricsAppStack - sumoRdsMetricsAppStack - sumoApiGatewayMetricsAppStack @@ -2100,6 +2741,7 @@ Tests: - CreateCommonResources.AddAccountIdField - sumoDynamoDBMetricsAppStack.AddTableNameField - sumoAlbMetricsAppStack.AddLoadBalancerField + - sumoElbMetricsAppStack.AddLoadBalancerField - sumoLambdaMetricsAppStack.AddFunctionNameField - sumoApiGatewayMetricsAppStack.AddApiNameField - sumoRdsMetricsAppStack.AddDBIdentifierField @@ -2107,6 +2749,7 @@ Tests: - sumoECSMetricsAppStack.AddClusterNameField - sumoElasticCacheMetricsAppStack.AddCacheClusterIdField - CreateCommonResources.SumoLogicALBS3Policy + - CreateCommonResources.SumoLogicELBS3Policy - CreateCommonResources.SumoLogicCloudTrailS3Policy - CreateCommonResources.LambdaRole - CreateCommonResources.LambdaHelper @@ -2127,6 +2770,10 @@ Tests: - CreateCommonResources.ALBSNSTopic - CreateCommonResources.ALBSNSpolicy - CreateCommonResources.ALBSNSSubscription + - CreateCommonResources.ELBSource + - CreateCommonResources.ELBSNSTopic + - CreateCommonResources.ELBSNSpolicy + - CreateCommonResources.ELBSNSSubscription - CreateCommonResources.CloudTrailSource - CreateCommonResources.CloudTrailSNSTopic - CreateCommonResources.CloudTrailSNSpolicy @@ -2138,6 +2785,7 @@ Tests: - sumoRdsMetricsAppStack.InstanceMetricRule - sumoLambdaMetricsAppStack.LambdaFieldExtractionRule - sumoAlbMetricsAppStack.AlbLogsFieldExtractionRule + - sumoElbMetricsAppStack.ElbLogsFieldExtractionRule - sumoApiGatewayMetricsAppStack.FieldExtractionRule - sumoDynamoDBMetricsAppStack.FieldExtractionRule - sumoLambdaMetricsAppStack.LambdaCloudWatchLogsFieldExtractionRule @@ -2190,6 +2838,9 @@ Tests: - sumoAlbMetricsAppStack.AccountAliasValue - sumoAlbMetricsAppStack.LambdaHelper - sumoAlbMetricsAppStack.LambdaRole + - sumoElbMetricsAppStack.AccountAliasValue + - sumoElbMetricsAppStack.LambdaHelper + - sumoElbMetricsAppStack.LambdaRole - sumoLambdaMetricsAppStack.AccountAliasValue - CreateCommonResources.LambdaHelperAlias - CreateCommonResources.LambdaRoleAlias @@ -2231,6 +2882,12 @@ Tests: ALBS3BucketPathExpression: '' ALBLogsSourceName: "alb-logs-ap-south-1" ALBLogsSourceCategory: "aws/observability/alb/logs" + CreateELBLogSource: 'Yes' + CreateELBS3Bucket: 'No' + ELBS3LogsBucketName: "" + ELBS3BucketPathExpression: '' + ELBLogsSourceName: "elb-logs-ap-south-1" + ELBLogsSourceCategory: "aws/observability/elb/logs" CreateCloudTrailLogSource: 'Yes' CreateCloudTrailBucket: 'No' CloudTrailLogsBucketName: "" @@ -2250,6 +2907,7 @@ Tests: Section2aCreateS3Bucket: 'Yes' AutoEnableOptions: ALBAutoEnableS3Logs: 'No' + ELBAutoEnableS3Logs: 'No' AutoSubscribeLogGroups: 'Yes' AutoSubscribeLogGroupsLambdaOptions: 'Both' AutoSubscribeDestinationARNType: 'Kinesis' @@ -2270,6 +2928,12 @@ Tests: Section4aCloudWatchExistingSourceAPIUrl: '' Section5aALBLogsAPIUrl: '' Section5bALBLogsSourceName: '*alb-logs*' + sumoElbMetricsAppStack: + Section2aAccountAlias: 'test8env' + Section3aInstallApp: 'No' + Section4aCloudWatchExistingSourceAPIUrl: '' + Section5aELBLogsAPIUrl: '' + Section5bELBLogsSourceName: '*elb-logs*' sumoDynamoDBMetricsAppStack: Section2aInstallApp: 'No' Section3aCloudTrailLogsSourceName: '*cloudtrail-logs*' From d616aaf7431c3354835ba2d8bcc076fec3e75ec4 Mon Sep 17 00:00:00 2001 From: sumoanema Date: Mon, 17 Jan 2022 14:56:05 +0530 Subject: [PATCH 10/44] renaming resource name in elb classic to AddLoadBalancerNameField and changes for overview-app.json --- .../apps/elb/elb_app.template.yaml | 4 +- .../apps/elb/test/TestTemplate.yaml | 12 +- aws-observability/json/Overview-App.json | 289 +++++++++++++++++- .../templates/test/TestTemplate.yaml | 20 +- 4 files changed, 302 insertions(+), 23 deletions(-) diff --git a/aws-observability/apps/elb/elb_app.template.yaml b/aws-observability/apps/elb/elb_app.template.yaml index a161fcc6..69c5865a 100755 --- a/aws-observability/apps/elb/elb_app.template.yaml +++ b/aws-observability/apps/elb/elb_app.template.yaml @@ -302,7 +302,7 @@ Resources: ElbLogsFieldExtractionRule: Type: Custom::SumoLogicFieldExtractionRule Condition: create_fer - DependsOn: AddLoadBalancerField + DependsOn: AddLoadBalancerNameField Properties: ServiceToken: !Ref Section6aParentStackLambdaARN RemoveOnDeleteStack: false @@ -320,7 +320,7 @@ Resources: SumoAccessKey: !Ref Section1cSumoAccessKey SumoDeployment: !Ref Section1aSumoDeployment - AddLoadBalancerField: + AddLoadBalancerNameField: Type: Custom::SumoLogicFieldsSchema Properties: ServiceToken: !Ref Section6aParentStackLambdaARN diff --git a/aws-observability/apps/elb/test/TestTemplate.yaml b/aws-observability/apps/elb/test/TestTemplate.yaml index 05c074b0..1a97c63b 100644 --- a/aws-observability/apps/elb/test/TestTemplate.yaml +++ b/aws-observability/apps/elb/test/TestTemplate.yaml @@ -30,7 +30,7 @@ Tests: - sumoApp - ElbLogsFieldExtractionRule - SumoELBMetricsUpdateSource - - AddLoadBalancerField + - AddLoadBalancerNameField - AssertType: OutputsCheck Assert: Outputs: @@ -46,7 +46,7 @@ Tests: - AssertType: ResourceExistence Assert: Resources: - - AddLoadBalancerField + - AddLoadBalancerNameField - AssertType: OutputsCheck Assert: Outputs: @@ -62,7 +62,7 @@ Tests: Assert: Resources: - sumoApp - - AddLoadBalancerField + - AddLoadBalancerNameField - AssertType: OutputsCheck Assert: Outputs: @@ -78,7 +78,7 @@ Tests: Assert: Resources: - SumoELBMetricsUpdateSource - - AddLoadBalancerField + - AddLoadBalancerNameField - AssertType: OutputsCheck Assert: Outputs: @@ -96,7 +96,7 @@ Tests: Resources: - SumoELBLogsUpdateSource - ElbLogsFieldExtractionRule - - AddLoadBalancerField + - AddLoadBalancerNameField - AssertType: OutputsCheck Assert: Outputs: @@ -116,7 +116,7 @@ Tests: - SumoELBLogsUpdateSource - ElbLogsFieldExtractionRule - SumoELBMetricsUpdateSource - - AddLoadBalancerField + - AddLoadBalancerNameField - AssertType: OutputsCheck Assert: Outputs: diff --git a/aws-observability/json/Overview-App.json b/aws-observability/json/Overview-App.json index 7672263d..c7ab88c2 100644 --- a/aws-observability/json/Overview-App.json +++ b/aws-observability/json/Overview-App.json @@ -159,6 +159,30 @@ { "key": "panelPANE-829C893895A9EA4F", "structure": "{\"height\":9,\"width\":12,\"x\":0,\"y\":1}" + }, + { + "key": "panelPANE-9BF16BAEA2C13A49", + "structure": "{\"height\":1,\"width\":12,\"x\":12,\"y\":10}" + }, + { + "key": "panelPANE-9CD9CA05B552CA44", + "structure": "{\"height\":6,\"width\":6,\"x\":6,\"y\":39}" + }, + { + "key": "panelPANE-9D6E7556A262C846", + "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":11}" + }, + { + "key": "panel9A752B10B7A38B4A", + "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":11}" + }, + { + "key": "panelF8611200A33CD847", + "structure": "{\"height\":1,\"width\":12,\"x\":0,\"y\":38}" + }, + { + "key": "panel510C3885ADF8E840", + "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":39}" } ] }, @@ -491,7 +515,7 @@ "id": null, "key": "panelPANE-2489C9AEA5489B4A", "title": "Requests Served by ALB", - "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"area\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"fillOpacity\":0.25,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{loadbalancer}}\"}}],\"series\":{}}", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"area\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"fillOpacity\":0.25,\"mode\":\"timeSeries\",\"aggregationType\":\"avg\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{loadbalancer}}\"}}],\"series\":{}}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ @@ -502,7 +526,7 @@ "metricsQueryMode": "Advanced", "metricsQueryData": null, "tracesQueryData": null, - "parseMode": "Manual", + "parseMode": "Auto", "timeSource": "Message" } ], @@ -810,6 +834,120 @@ "timeRange": null, "coloringRules": null, "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-9BF16BAEA2C13A49", + "title": "Classic Load Balancer (ELB)", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":20},\"text\":{\"backgroundColor\":\"#dfe5e9\"},\"series\":{},\"legend\":{\"enabled\":false}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "" + }, + { + "id": null, + "key": "panelPANE-9CD9CA05B552CA44", + "title": "Classic Load Balancer (ELB) Latency (ms)", + "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"honeyComb\",\"displayType\":\"default\",\"mode\":\"honeyComb\"},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":1001,\"color\":\"#75bf00\"},{\"from\":1001,\"to\":3001,\"color\":\"#f6c851\"},{\"from\":3001,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{},\"legend\":{\"enabled\":false}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} Namespace=AWS/ELB metric=Latency Statistic=Average region=* loadbalancername=* | eval(_value*1000) | avg by account, region, namespace, loadbalancername", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-9D6E7556A262C846", + "title": "ELB Errors", + "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"honeyComb\",\"displayType\":\"default\",\"mode\":\"honeyComb\"},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":6,\"to\":50,\"color\":\"#f6c851\"},{\"from\":51,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{},\"legend\":{\"enabled\":false}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} Namespace=AWS/ELB (metric=HTTPCode_ELB_4XX or metric=HTTPCode_ELB_5XX) Statistic=Sum region=* loadbalancername=* | sum by account, region, namespace, loadbalancername", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panel9A752B10B7A38B4A", + "title": "Requests Served by ELB", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"area\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"fillOpacity\":0.25,\"mode\":\"timeSeries\",\"aggregationType\":\"avg\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{loadbalancername}}\"}}],\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "Namespace=AWS/ELB metric=RequestCount Statistic=Sum account={{account}} region=* loadbalancername=* | sum by loadbalancername, namespace, region, account", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelF8611200A33CD847", + "title": "Application and Classic Load Balancer", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":20},\"text\":{\"backgroundColor\":\"#dfe5e9\"},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "" + }, + { + "id": null, + "key": "panel510C3885ADF8E840", + "title": "Active Connections (ALB)", + "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"series\":{},\"general\":{\"type\":\"area\",\"displayType\":\"stacked\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"fillOpacity\":0.25,\"mode\":\"timeSeries\"},\"color\":{\"family\":\"Categorical Default\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{loadbalancer}}\"}}]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} Namespace=AWS/ApplicationELB metric=ActiveConnectionCount Statistic=Sum region=* loadbalancer=* | sum by account, region, namespace, loadbalancer", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] } ], "variables": [ @@ -825,7 +963,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" } ], "coloringRules": [] @@ -989,6 +1128,30 @@ { "key": "panelPANE-2AEC3E7192D9D942", "structure": "{\"height\":6,\"width\":6,\"x\":6,\"y\":32}" + }, + { + "key": "panelPANE-4162DCB5A32D094C", + "structure": "{\"height\":1,\"width\":12,\"x\":12,\"y\":10}" + }, + { + "key": "panelPANE-A67B2E20BC271A43", + "structure": "{\"height\":6,\"width\":6,\"x\":12,\"y\":11}" + }, + { + "key": "panelPANE-6DFA637C8E2A6B4F", + "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":11}" + }, + { + "key": "panelPANE-8302BACC9D69C946", + "structure": "{\"height\":1,\"width\":12,\"x\":0,\"y\":38}" + }, + { + "key": "panelPANE-1BE7F7D5A20C7949", + "structure": "{\"height\":6,\"width\":6,\"x\":0,\"y\":39}" + }, + { + "key": "panelPANE-FF1759E1A405494E", + "structure": "{\"height\":6,\"width\":6,\"x\":6,\"y\":39}" } ] }, @@ -1640,6 +1803,120 @@ "timeRange": null, "coloringRules": null, "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-4162DCB5A32D094C", + "title": "Classic Load Balancer (ELB)", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":20},\"text\":{\"backgroundColor\":\"#dfe5e9\"},\"series\":{},\"legend\":{\"enabled\":false}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "" + }, + { + "id": null, + "key": "panelPANE-A67B2E20BC271A43", + "title": "Requests Served by ELB", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"area\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"fillOpacity\":0.25,\"mode\":\"timeSeries\",\"aggregationType\":\"avg\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{loadbalancername}}\"}}],\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "Namespace=AWS/ELB metric=RequestCount Statistic=Sum account={{account}} region={{region}} loadbalancername=* | sum by loadbalancername, namespace, region, account", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-6DFA637C8E2A6B4F", + "title": "ELB Errors", + "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"honeyComb\",\"displayType\":\"default\",\"mode\":\"honeyComb\"},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":5,\"color\":\"#75bf00\"},{\"from\":6,\"to\":50,\"color\":\"#f6c851\"},{\"from\":51,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{},\"legend\":{\"enabled\":false}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} Namespace=AWS/ELB (metric=HTTPCode_ELB_4XX or metric=HTTPCode_ELB_5XX) Statistic=Sum region={{region}} loadbalancername=* | sum by account, region, namespace, loadbalancername", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-8302BACC9D69C946", + "title": "Application and Classic Load Balancer", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":20},\"text\":{\"backgroundColor\":\"#dfe5e9\"},\"series\":{},\"legend\":{\"enabled\":false}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "TextPanel", + "text": "" + }, + { + "id": null, + "key": "panelPANE-1BE7F7D5A20C7949", + "title": "Active Connections (ALB)", + "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"title\":\"\",\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"series\":{},\"general\":{\"type\":\"area\",\"displayType\":\"stacked\",\"markerSize\":5,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":1,\"fillOpacity\":0.25,\"mode\":\"timeSeries\"},\"color\":{\"family\":\"Categorical Default\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"properties\":{\"name\":\"{{loadbalancer}}\"}}]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} Namespace=AWS/ApplicationELB metric=ActiveConnectionCount Statistic=Sum region={{region}} loadbalancer=* | sum by account, region, namespace, loadbalancer", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-FF1759E1A405494E", + "title": "Classic Load Balancer (ELB) Latency (ms)", + "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"honeyComb\",\"displayType\":\"default\",\"mode\":\"honeyComb\"},\"honeyComb\":{\"thresholds\":[{\"from\":0,\"to\":1001,\"color\":\"#75bf00\"},{\"from\":1001,\"to\":3001,\"color\":\"#f6c851\"},{\"from\":3001,\"to\":null,\"color\":\"#f36644\"}],\"shape\":\"hexagon\",\"groupBy\":[],\"aggregationType\":\"avg\"},\"series\":{},\"legend\":{\"enabled\":false}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "queryString": "account={{account}} Namespace=AWS/ELB metric=Latency Statistic=Average region={{region}} loadbalancername=* | eval(_value*1000) | avg by account, region, namespace, loadbalancername", + "queryType": "Metrics", + "queryKey": "A", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] } ], "variables": [ @@ -1655,7 +1932,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -1669,7 +1947,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" } ], "coloringRules": [] diff --git a/aws-observability/templates/test/TestTemplate.yaml b/aws-observability/templates/test/TestTemplate.yaml index 2a2d4299..9800e28f 100644 --- a/aws-observability/templates/test/TestTemplate.yaml +++ b/aws-observability/templates/test/TestTemplate.yaml @@ -41,7 +41,7 @@ Tests: - CreateCommonResources.AddNamespaceField - sumoDynamoDBMetricsAppStack.AddTableNameField - sumoAlbMetricsAppStack.AddLoadBalancerField - - sumoElbMetricsAppStack.AddLoadBalancerField + - sumoElbMetricsAppStack.AddLoadBalancerNameField - sumoLambdaMetricsAppStack.AddFunctionNameField - sumoApiGatewayMetricsAppStack.AddApiNameField - sumoRdsMetricsAppStack.AddDBIdentifierField @@ -349,7 +349,7 @@ Tests: - CreateCommonResources.AddNamespaceField - sumoDynamoDBMetricsAppStack.AddTableNameField - sumoAlbMetricsAppStack.AddLoadBalancerField - - sumoElbMetricsAppStack.AddLoadBalancerField + - sumoElbMetricsAppStack.AddLoadBalancerNameField - sumoLambdaMetricsAppStack.AddFunctionNameField - sumoApiGatewayMetricsAppStack.AddApiNameField - sumoRdsMetricsAppStack.AddDBIdentifierField @@ -660,7 +660,7 @@ Tests: - CreateCommonResources.AddAccountIdField - sumoDynamoDBMetricsAppStack.AddTableNameField - sumoAlbMetricsAppStack.AddLoadBalancerField - - sumoElbMetricsAppStack.AddLoadBalancerField + - sumoElbMetricsAppStack.AddLoadBalancerNameField - sumoLambdaMetricsAppStack.AddFunctionNameField - sumoApiGatewayMetricsAppStack.AddApiNameField - sumoRdsMetricsAppStack.AddDBIdentifierField @@ -976,7 +976,7 @@ Tests: - CreateCommonResources.AddAccountIdField - sumoDynamoDBMetricsAppStack.AddTableNameField - sumoAlbMetricsAppStack.AddLoadBalancerField - - sumoElbMetricsAppStack.AddLoadBalancerField + - sumoElbMetricsAppStack.AddLoadBalancerNameField - sumoLambdaMetricsAppStack.AddFunctionNameField - sumoApiGatewayMetricsAppStack.AddApiNameField - sumoRdsMetricsAppStack.AddDBIdentifierField @@ -1157,7 +1157,7 @@ Tests: - CreateCommonResources.AddAccountIdField - sumoDynamoDBMetricsAppStack.AddTableNameField - sumoAlbMetricsAppStack.AddLoadBalancerField - - sumoElbMetricsAppStack.AddLoadBalancerField + - sumoElbMetricsAppStack.AddLoadBalancerNameField - sumoLambdaMetricsAppStack.AddFunctionNameField - sumoApiGatewayMetricsAppStack.AddApiNameField - sumoRdsMetricsAppStack.AddDBIdentifierField @@ -1419,7 +1419,7 @@ Tests: - CreateCommonResources.AddAccountIdField - sumoDynamoDBMetricsAppStack.AddTableNameField - sumoAlbMetricsAppStack.AddLoadBalancerField - - sumoElbMetricsAppStack.AddLoadBalancerField + - sumoElbMetricsAppStack.AddLoadBalancerNameField - sumoLambdaMetricsAppStack.AddFunctionNameField - sumoApiGatewayMetricsAppStack.AddApiNameField - sumoRdsMetricsAppStack.AddDBIdentifierField @@ -1865,7 +1865,7 @@ Tests: - CreateCommonResources.AddNamespaceField - CreateCommonResources.AddAccountIdField - sumoDynamoDBMetricsAppStack.AddTableNameField - - sumoElbMetricsAppStack.AddLoadBalancerField + - sumoElbMetricsAppStack.AddLoadBalancerNameField - sumoLambdaMetricsAppStack.AddFunctionNameField - sumoApiGatewayMetricsAppStack.AddApiNameField - sumoRdsMetricsAppStack.AddDBIdentifierField @@ -2069,7 +2069,7 @@ Tests: - CreateCommonResources.AddAccountIdField - sumoDynamoDBMetricsAppStack.AddTableNameField - sumoAlbMetricsAppStack.AddLoadBalancerField - - sumoElbMetricsAppStack.AddLoadBalancerField + - sumoElbMetricsAppStack.AddLoadBalancerNameField - sumoLambdaMetricsAppStack.AddFunctionNameField - sumoApiGatewayMetricsAppStack.AddApiNameField - sumoRdsMetricsAppStack.AddDBIdentifierField @@ -2508,7 +2508,7 @@ Tests: - CreateCommonResources.AddNamespaceField - CreateCommonResources.AddAccountIdField - sumoDynamoDBMetricsAppStack.AddTableNameField - - sumoElbMetricsAppStack.AddLoadBalancerField + - sumoElbMetricsAppStack.AddLoadBalancerNameField - sumoLambdaMetricsAppStack.AddFunctionNameField - sumoApiGatewayMetricsAppStack.AddApiNameField - sumoRdsMetricsAppStack.AddDBIdentifierField @@ -2741,7 +2741,7 @@ Tests: - CreateCommonResources.AddAccountIdField - sumoDynamoDBMetricsAppStack.AddTableNameField - sumoAlbMetricsAppStack.AddLoadBalancerField - - sumoElbMetricsAppStack.AddLoadBalancerField + - sumoElbMetricsAppStack.AddLoadBalancerNameField - sumoLambdaMetricsAppStack.AddFunctionNameField - sumoApiGatewayMetricsAppStack.AddApiNameField - sumoRdsMetricsAppStack.AddDBIdentifierField From 3bdc91a87d4fb3568d3cbdc77790a9379d4fc7b1 Mon Sep 17 00:00:00 2001 From: Nitin Pande Date: Wed, 19 Jan 2022 13:28:16 +0530 Subject: [PATCH 11/44] Updated ELB app module based on SUMO-184051. FER, monitors, output, README, hierarchy name, install dependency changes. --- .../app-modules/README.md | 7 +- .../app-modules/alb/app.tf | 2 +- .../app-modules/elb/README.md | 9 +- .../app-modules/elb/app.tf | 169 ++++++++++++++++++ .../app-modules/elb/elb.tf | 29 --- .../app-modules/elb/outputs.tf | 6 +- .../app-modules/main.tf | 36 ++-- .../app-modules/outputs.tf | 10 +- 8 files changed, 206 insertions(+), 62 deletions(-) create mode 100644 aws-observability-terraform/app-modules/elb/app.tf delete mode 100644 aws-observability-terraform/app-modules/elb/elb.tf diff --git a/aws-observability-terraform/app-modules/README.md b/aws-observability-terraform/app-modules/README.md index f510b627..550fe79c 100644 --- a/aws-observability-terraform/app-modules/README.md +++ b/aws-observability-terraform/app-modules/README.md @@ -75,22 +75,25 @@ | [sumologic\_content\_ec2metrics](#output\_sumologic\_content\_ec2metrics) | This output contains EC2 Metrics App. | | [sumologic\_content\_ecs](#output\_sumologic\_content\_ecs) | This output contains ecs App. | | [sumologic\_content\_elasticache](#output\_sumologic\_content\_elasticache) | This output contains elasticache App. | +| [sumologic\_content\_elb](#output\_sumologic\_content\_elb) | This output contains classic elb App. | | [sumologic\_content\_lambda](#output\_sumologic\_content\_lambda) | This output contains lambda App. | | [sumologic\_content\_nlb](#output\_sumologic\_content\_nlb) | This output contains nlb App. | -| [sumologic\_content\_overview](#output\_sumologic\_content\_overview) | This output contains alb App. | +| [sumologic\_content\_overview](#output\_sumologic\_content\_overview) | This output contains overview App. | | [sumologic\_content\_rce](#output\_sumologic\_content\_rce) | This output contains rce Apps. | | [sumologic\_content\_rds](#output\_sumologic\_content\_rds) | This output contains rds App. | -| [sumologic\_field\_alb](#output\_sumologic\_field\_alb) | This output contains fields required for overview app. | +| [sumologic\_field\_alb](#output\_sumologic\_field\_alb) | This output contains fields required for alb app. | | [sumologic\_field\_apigateway](#output\_sumologic\_field\_apigateway) | This output contains fields required for apigateway app. | | [sumologic\_field\_dynamodb](#output\_sumologic\_field\_dynamodb) | This output contains fields required for dynamodb app. | | [sumologic\_field\_ec2metrics](#output\_sumologic\_field\_ec2metrics) | This output contains fields required for EC2 Metrics app. | | [sumologic\_field\_ecs](#output\_sumologic\_field\_ecs) | This output contains fields required for ecs app. | | [sumologic\_field\_elasticache](#output\_sumologic\_field\_elasticache) | This output contains fields required for elasticache app. | +| [sumologic\_field\_elb](#output\_sumologic\_field\_elb) | This output contains fields required for classic elb app. | | [sumologic\_field\_extraction\_rule\_alb](#output\_sumologic\_field\_extraction\_rule\_alb) | This output contains Field Extraction rules required for alb app. | | [sumologic\_field\_extraction\_rule\_apigateway](#output\_sumologic\_field\_extraction\_rule\_apigateway) | This output contains Field Extraction rules required for apigateway app. | | [sumologic\_field\_extraction\_rule\_dynamodb](#output\_sumologic\_field\_extraction\_rule\_dynamodb) | This output contains Field Extraction rules required for dynamodb app. | | [sumologic\_field\_extraction\_rule\_ecs](#output\_sumologic\_field\_extraction\_rule\_ecs) | This output contains Field Extraction rules required for ecs app. | | [sumologic\_field\_extraction\_rule\_elasticache](#output\_sumologic\_field\_extraction\_rule\_elasticache) | This output contains Field Extraction rules required for elasticache app. | +| [sumologic\_field\_extraction\_rule\_elb](#output\_sumologic\_field\_extraction\_rule\_elb) | This output contains Field Extraction rules required for classic elb app. | | [sumologic\_field\_extraction\_rule\_lambda](#output\_sumologic\_field\_extraction\_rule\_lambda) | This output contains Field Extraction rules required for lambda app. | | [sumologic\_field\_extraction\_rule\_rds](#output\_sumologic\_field\_extraction\_rule\_rds) | This output contains Field Extraction rules required for rds app. | | [sumologic\_field\_lambda](#output\_sumologic\_field\_lambda) | This output contains fields required for lambda app. | diff --git a/aws-observability-terraform/app-modules/alb/app.tf b/aws-observability-terraform/app-modules/alb/app.tf index b1923354..13e398a6 100644 --- a/aws-observability-terraform/app-modules/alb/app.tf +++ b/aws-observability-terraform/app-modules/alb/app.tf @@ -20,7 +20,7 @@ module "alb_module" { managed_field_extraction_rules = { "AlbAccessLogsFieldExtractionRule" = { name = "AwsObservabilityAlbAccessLogsFER" - scope = "account=* region=* namespace=aws/alb" + scope = "account=* region=* namespace=aws/applicationelb" parse_expression = < [alb\_module](#module\_alb\_module) | SumoLogic/sumo-logic-integrations/sumologic//sumologic | n/a | +| [classic\_elb\_module](#module\_classic\_elb\_module) | SumoLogic/sumo-logic-integrations/sumologic//sumologic | n/a | ## Resources @@ -27,6 +27,7 @@ No resources. | [email\_notifications](#input\_email\_notifications) | Email Notifications to be sent by the alert. | 
list(object(
    {
      connection_type       = string,
      recipients            = list(string),
      subject               = string,
      time_zone             = string,
      message_body          = string,
      run_for_trigger_types = list(string)
    }
  ))
| n/a | yes | | [environment](#input\_environment) | Enter au, ca, de, eu, jp, us2, in, fed or us1. Visit https://help.sumologic.com/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security | `string` | n/a | yes | | [group\_notifications](#input\_group\_notifications) | Whether or not to group notifications for individual items that meet the trigger condition. Defaults to true. | `bool` | `true` | no | +| [json\_file\_directory\_path](#input\_json\_file\_directory\_path) | Directory path where all the JSONs are present. | `string` | n/a | yes | | [monitor\_folder\_id](#input\_monitor\_folder\_id) | Please provide a folder ID where you would like the monitors to be installed. | `string` | `""` | no | | [monitors\_disabled](#input\_monitors\_disabled) | Whether the monitors are enabled or not? | `bool` | `true` | no | @@ -34,6 +35,6 @@ No resources. | Name | Description | |------|-------------| -| [sumologic\_content](#output\_sumologic\_content) | This output contains alb App. | -| [sumologic\_field](#output\_sumologic\_field) | This output contains fields required for alb app. | -| [sumologic\_field\_extraction\_rule](#output\_sumologic\_field\_extraction\_rule) | This output contains Field Extraction rules required for alb app. | +| [sumologic\_content](#output\_sumologic\_content) | This output contains classic elb App. | +| [sumologic\_field](#output\_sumologic\_field) | This output contains fields required for classic elb app. | +| [sumologic\_field\_extraction\_rule](#output\_sumologic\_field\_extraction\_rule) | This output contains Field Extraction rules required for classic elb app. | diff --git a/aws-observability-terraform/app-modules/elb/app.tf b/aws-observability-terraform/app-modules/elb/app.tf new file mode 100644 index 00000000..6da55ae8 --- /dev/null +++ b/aws-observability-terraform/app-modules/elb/app.tf @@ -0,0 +1,169 @@ +module "classic_elb_module" { + source = "SumoLogic/sumo-logic-integrations/sumologic//sumologic" + + access_id = var.access_id + access_key = var.access_key + environment = var.environment + + # ********************** FERs ********************** # + managed_field_extraction_rules = { + "ElbAccessLogsFieldExtractionRule" = { + name = "AwsObservabilityElbAccessLogsFER" + scope = "account=* region=* namespace=aws/elb" + parse_expression = <\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp, loadbalancername, account, region, namespace\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by ClientIp, loadbalancername, account, region, namespace, MaliciousConfidence, Actor, LabelName" + } + triggers = [ + { + detection_method = "StaticCondition", + time_range = "-5m", + trigger_type = "Critical", + threshold = 0, + threshold_type = "GreaterThan", + occurrence_type = "ResultCount", + trigger_source = "AllResults" + }, + { + detection_method = "StaticCondition", + time_range = "-5m", + trigger_type = "ResolvedCritical", + threshold = 0, + threshold_type = "LessThanOrEqual", + occurrence_type = "ResultCount", + trigger_source = "AllResults" + } + ] + group_notifications = var.group_notifications + connection_notifications = var.connection_notifications + email_notifications = var.email_notifications + }, + "AWSClassicLoadBalancerHigh4XXErrors" = { + monitor_name = "AWS Classic Load Balancer - High 4XX Errors" + monitor_description = "This alert fires where there are too many HTTP requests (>5%) with a response status of 4xx within an interval of 5 minutes." + monitor_monitor_type = "Metrics" + monitor_parent_id = var.monitor_folder_id + monitor_is_disabled = var.monitors_disabled + queries = { + A = "Namespace=aws/elb metric=HTTPCode_ELB_4XX Statistic=Sum account=* region=* loadbalancername=* | sum by loadbalancername, account, region, namespace" + B = "Namespace=aws/elb metric=RequestCount Statistic=Sum account=* region=* loadbalancername=* | sum by loadbalancername, account, region, namespace" + C = "#A * 100 / #B along loadbalancername, account, region, namespace" + } + triggers = [ + { + detection_method = "StaticCondition", + time_range = "-5m", + trigger_type = "Critical", + threshold = 5, + threshold_type = "GreaterThanOrEqual", + occurrence_type = "Always", + trigger_source = "AnyTimeSeries" + }, + { + detection_method = "StaticCondition", + time_range = "-5m", + trigger_type = "ResolvedCritical", + threshold = 5, + threshold_type = "LessThan", + occurrence_type = "Always", + trigger_source = "AnyTimeSeries" + } + ] + group_notifications = var.group_notifications + connection_notifications = var.connection_notifications + email_notifications = var.email_notifications + }, + "AWSClassicLoadBalancerHighLatency" = { + monitor_name = "AWS Classic Load Balancer - High Latency" + monitor_description = "This alert fires when we detect that the average latency for a given Classic load balancer within a time interval of 5 minutes is greater than or equal to three seconds." + monitor_monitor_type = "Metrics" + monitor_parent_id = var.monitor_folder_id + monitor_is_disabled = var.monitors_disabled + queries = { + A = "Namespace=aws/elb metric=Latency Statistic=Average account=* region=* loadbalancername=* | eval(_value*1000) | sum by account, region, namespace, loadbalancername" + } + triggers = [ + { + detection_method = "StaticCondition", + time_range = "-5m", + trigger_type = "Critical", + threshold = 3000, + threshold_type = "GreaterThanOrEqual", + occurrence_type = "Always", + trigger_source = "AnyTimeSeries" + }, + { + detection_method = "StaticCondition", + time_range = "-5m", + trigger_type = "ResolvedCritical", + threshold = 3000, + threshold_type = "LessThan", + occurrence_type = "Always", + trigger_source = "AnyTimeSeries" + } + ], + group_notifications = var.group_notifications + connection_notifications = var.connection_notifications + email_notifications = var.email_notifications + }, + "AWSClassicLoadBalancerHigh5XXErrors" = { + monitor_name = "AWS Classic Load Balancer - High 5XX Errors" + monitor_description = "This alert fires where there are too many HTTP requests (>5%) with a response status of 5xx within an interval of 5 minutes." + monitor_monitor_type = "Metrics" + monitor_parent_id = var.monitor_folder_id + monitor_is_disabled = var.monitors_disabled + queries = { + A = "Namespace=aws/elb metric=HTTPCode_ELB_5XX Statistic=Sum account=* region=* loadbalancername=* | sum by loadbalancername, account, region, namespace" + B = "Namespace=aws/elb metric=RequestCount Statistic=Sum account=* region=* loadbalancername=* | sum by loadbalancername, account, region, namespace" + C = "#A * 100 / #B along loadbalancername, account, region, namespace" + } + triggers = [ + { + detection_method = "StaticCondition", + time_range = "-5m", + trigger_type = "Critical", + threshold = 5, + threshold_type = "GreaterThanOrEqual", + occurrence_type = "Always", + trigger_source = "AnyTimeSeries" + }, + { + detection_method = "StaticCondition", + time_range = "-5m", + trigger_type = "ResolvedCritical", + threshold = 5, + threshold_type = "LessThan", + occurrence_type = "Always", + trigger_source = "AnyTimeSeries" + } + ], + group_notifications = var.group_notifications + connection_notifications = var.connection_notifications + email_notifications = var.email_notifications + } + } +} \ No newline at end of file diff --git a/aws-observability-terraform/app-modules/elb/elb.tf b/aws-observability-terraform/app-modules/elb/elb.tf deleted file mode 100644 index 61a96c59..00000000 --- a/aws-observability-terraform/app-modules/elb/elb.tf +++ /dev/null @@ -1,29 +0,0 @@ -module "classic_elb_module" { - source = "SumoLogic/sumo-logic-integrations/sumologic//sumologic" - - access_id = var.access_id - access_key = var.access_key - environment = var.environment - - # ********************** FERs ********************** # - # managed_field_extraction_rules = { - # "AlbAccessLogsFieldExtractionRule" = { - # name = "AwsObservabilityAlbAccessLogsFER" - # scope = "account=* region=* namespace=aws/alb" - # parse_expression = < Date: Thu, 20 Jan 2022 12:10:49 +0530 Subject: [PATCH 12/44] Updated classic elb app json. --- aws-observability/json/Classic-lb-App.json | 342 +++++++++++---------- 1 file changed, 181 insertions(+), 161 deletions(-) diff --git a/aws-observability/json/Classic-lb-App.json b/aws-observability/json/Classic-lb-App.json index b6cd1f38..481b1fb6 100644 --- a/aws-observability/json/Classic-lb-App.json +++ b/aws-observability/json/Classic-lb-App.json @@ -1,13 +1,13 @@ { "type": "FolderSyncDefinition", - "name": "AWS Classic LB", + "name": "AWS Classic Load Balancer", "description": "", "children": [ { "type": "DashboardV2SyncDefinition", - "name": "1. AWS Classic Load Balancer - Overview (DONE)", - "description": "See the overview of Application load balancer including the requests, healthy and unhealthy host count, target response time, active connections, and client TLS error.", - "title": "1. AWS Classic Load Balancer - Overview (DONE)", + "name": "1. AWS Classic Load Balancer - Overview", + "description": "See the overview of Classic load balancer including the requests, healthy and unhealthy host count, backend response time, and active connections.", + "title": "1. AWS Classic Load Balancer - Overview", "rootPanel": null, "theme": "Light", "topologyLabelMap": { @@ -107,7 +107,7 @@ "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HealthyHostCount Statistic=Average | sum", + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HealthyHostCount Statistic=Average | avg", "queryType": "Metrics", "queryKey": "A", "metricsQueryMode": "Advanced", @@ -131,7 +131,7 @@ "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=UnHealthyHostCount Statistic=Average | sum", + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=UnHealthyHostCount Statistic=Average | avg", "queryType": "Metrics", "queryKey": "A", "metricsQueryMode": "Advanced", @@ -149,7 +149,7 @@ { "id": null, "key": "panelpane-3c5686918c144a48", - "title": "Target Connection Errors", + "title": "Backend Connection Errors", "visualSettings": "{\"general\":{\"type\":\"svp\"},\"svp\":{\"option\":\"Sum\",\"label\":\"Errors\",\"thresholds\":[{\"from\":0,\"to\":10,\"color\":\"#527b01\"},{\"from\":10,\"to\":20,\"color\":\"#b18209\"},{\"from\":20,\"to\":null,\"color\":\"#b63010\"}],\"valueFontSize\":24,\"labelFontSize\":16,\"noDataString\":\"0\",\"rounding\":0,\"sparkline\":{\"show\":true,\"color\":\"\"}},\"series\":{}}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", @@ -246,7 +246,7 @@ "id": null, "key": "panelpane-3919c994a29d9b4a", "title": "Overall Healthy vs Unhealthy Host Count", - "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Host Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Healthy Host - {{loadbalancer}}\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"UnHealthy Host - {{loadbalancer}}\"}}],\"color\":{\"family\":\"scheme7\"},\"series\":{}}", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Host Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Healthy Host - {{loadbalancername}}\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"UnHealthy Host - {{loadbalancername}}\"}}],\"color\":{\"family\":\"scheme7\"},\"series\":{}}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ @@ -280,7 +280,7 @@ "id": null, "key": "panelpane-ed2772e08225f840", "title": "Requests Served by Load Balancer", - "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"column\",\"name\":\"{{loadbalancer}}\"}}],\"series\":{}}", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"column\",\"name\":\"{{loadbalancername}}\"}}],\"series\":{}}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ @@ -304,7 +304,7 @@ "id": null, "key": "panelpane-97c80ce1b96ed948", "title": "4XX by Load Balancer", - "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{loadbalancer}}\"}}],\"series\":{}}", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{loadbalancername}}\"}}],\"series\":{}}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ @@ -333,7 +333,7 @@ "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request,user_agent,ssl_cipher,ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop \n| count by ClientIP\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIP\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop \n| count by ClientIP\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIP\n| sum(_count) by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -357,7 +357,7 @@ "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=Latency Statistic=Average | eval(_value*1000) | sum by account, region, namespace, loadbalancername", + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=Latency Statistic=Average | eval(_value*1000) | avg by account, region, namespace, loadbalancername", "queryType": "Metrics", "queryKey": "A", "metricsQueryMode": "Advanced", @@ -424,7 +424,7 @@ "id": null, "key": "panel4A7F28558036BA4D", "title": "5XX by Load Balancer", - "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{loadbalancer}}\"}}],\"series\":{}}", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#ED3CPE\",\"outlierBandFillOpacity\":0.15,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":3},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{loadbalancername}}\"}}],\"series\":{}}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ @@ -453,7 +453,7 @@ "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request,user_agent,ssl_cipher,ssl_protocol\n| parse field=request \"* *://*:*/* HTTP\" as method, protocol, domain, server_port, path nodrop\n| parse field=client \"*:*\" as ClientIP, Cport nodrop\n| parse field=backend \"*:*\" as BackendIP, Backend_port nodrop\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| timeslice 5m\n| count as ip_count by ClientIp, Classicloadbalancer\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by Classicloadbalancer\n| sort by ThreatCount", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| parse field=request \"* *://*:*/* HTTP\" as method, protocol, domain, server_port, path nodrop\n| parse field=client \"*:*\" as ClientIP, Cport nodrop\n| parse field=backend \"*:*\" as BackendIP, Backend_port nodrop\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| timeslice 5m\n| count as ip_count by ClientIp, loadbalancername, account, region, namespace\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by loadbalancername, account, region, namespace\n| sort by ThreatCount", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -507,7 +507,7 @@ "defaultValue": "aws/elb", "sourceDefinition": { "variableSourceType": "MetadataVariableSourceDefinition", - "filter": "account={{account}} region={{region}}", + "filter": "account={{account}} region={{region}} namespace=aws/elb", "key": "namespace" }, "allowMultiSelect": false, @@ -535,9 +535,9 @@ }, { "type": "DashboardV2SyncDefinition", - "name": "1. AWS Classic Load Balancer - Response Analysis (DONE)", - "description": "See the details of the Load Balancer HTTP codes 3XX, 4XX, and 5XX by availability zone, and load balancer.", - "title": "1. AWS Classic Load Balancer - Response Analysis (DONE)", + "name": "1. AWS Classic Load Balancer - Response Analysis", + "description": "See the details of the Classic Load Balancer HTTP codes 3XX, 4XX, and 5XX by availability zone, and load balancer.", + "title": "1. AWS Classic Load Balancer - Response Analysis", "rootPanel": null, "theme": "Light", "topologyLabelMap": { @@ -582,7 +582,7 @@ }, { "key": "panel373343E8B68AA846", - "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":14}" + "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":20}" }, { "key": "panelPANE-351E28339D1FDB40", @@ -598,23 +598,23 @@ }, { "key": "panelPANE-CCFCC1BB99CA3843", - "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":20}" + "structure": "{\"height\":6,\"width\":8,\"x\":0,\"y\":14}" }, { "key": "panelE7BD64DF89B9B94E", - "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":14}" + "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":20}" }, { "key": "panel849F83B5B73CC844", - "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":14}" + "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":20}" }, { "key": "panel848E183B8031884D", - "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":20}" + "structure": "{\"height\":6,\"width\":8,\"x\":8,\"y\":14}" }, { "key": "panel114E4560B4917A43", - "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":20}" + "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":14}" }, { "key": "panelPANE-4E589BF4AEA7D84B", @@ -653,8 +653,8 @@ { "id": null, "key": "panel373343E8B68AA846", - "title": "5XX Response Codes", - "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"loadbalancer={{loadbalancer}} AvailabilityZone={{AvailabilityZone}}\"}}],\"series\":{}}", + "title": "5XX ELB Response Codes", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"loadbalancername={{loadbalancername}} AvailabilityZone={{AvailabilityZone}}\"}}],\"series\":{}}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ @@ -683,7 +683,7 @@ "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| where (ElbStatusCode matches \"4*\")\n| count by ClientIP\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIP\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| where (elb_status_code matches \"4*\")\n| count by ClientIP\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIP\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -707,7 +707,7 @@ "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| where (ElbStatusCode matches \"5*\")\n| count by ClientIP\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIP\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| where (elb_status_code matches \"5*\")\n| count by ClientIP\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIP\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -731,7 +731,7 @@ "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| where (ElbStatusCode matches \"3*\")\n| count by ClientIP\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIP\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| where (elb_status_code matches \"3*\")\n| count by ClientIP\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIP\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -755,7 +755,7 @@ "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| if(ElbStatusCode matches \"5*\", 1, 0) as ServerErrors \n| timeslice 1m\n| sum(ServerErrors) as ServerErrors by _timeslice\n| sort _timeslice asc", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| if(elb_status_code matches \"5*\", 1, 0) as ServerErrors \n| timeslice 1m\n| sum(ServerErrors) as ServerErrors by _timeslice\n| sort _timeslice asc", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -773,13 +773,13 @@ { "id": null, "key": "panelE7BD64DF89B9B94E", - "title": "4XX Response Codes", - "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"loadbalancer={{loadbalancer}} AvailabilityZone={{AvailabilityZone}}\"}}],\"series\":{}}", + "title": "4XX ELB Response Codes", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"loadbalancername={{loadbalancername}} AvailabilityZone={{AvailabilityZone}}\"}}],\"series\":{}}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_ELB_4XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone", + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HTTPCode_ELB_4XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone", "queryType": "Metrics", "queryKey": "A", "metricsQueryMode": "Advanced", @@ -797,8 +797,8 @@ { "id": null, "key": "panel849F83B5B73CC844", - "title": "3XX Response Codes (This metric doesn't exist for clb)", - "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"loadbalancer={{loadbalancer}} AvailabilityZone={{AvailabilityZone}}\"}}],\"series\":{}}", + "title": "Backend Response Codes", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"loadbalancername={{loadbalancername}} AvailabilityZone={{AvailabilityZone}} metric={{metric}}\"}},{\"series\":[],\"queries\":[\"B\"],\"properties\":{\"name\":\"loadbalancername={{loadbalancername}} AvailabilityZone={{AvailabilityZone}} metric={{metric}}\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"name\":\"loadbalancername={{loadbalancername}} AvailabilityZone={{AvailabilityZone}} metric={{metric}}\"}}],\"series\":{}}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ @@ -811,6 +811,26 @@ "tracesQueryData": null, "parseMode": "Auto", "timeSource": "Message" + }, + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_Backend_4XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone", + "queryType": "Metrics", + "queryKey": "B", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" + }, + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_Backend_5XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone", + "queryType": "Metrics", + "queryKey": "C", + "metricsQueryMode": "Advanced", + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", + "timeSource": "Message" } ], "description": "", @@ -827,7 +847,7 @@ "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| if(ElbStatusCode matches \"4*\", 1, 0) as ServerErrors \n| timeslice 1m\n| sum(ServerErrors) as ServerErrors by _timeslice\n| sort _timeslice asc", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| if(elb_status_code matches \"4*\", 1, 0) as ServerErrors \n| timeslice 1m\n| sum(ServerErrors) as ServerErrors by _timeslice\n| sort _timeslice asc", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -851,7 +871,7 @@ "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| if(ElbStatusCode matches \"3*\", 1, 0) as ServerErrors \n| timeslice 1m\n| sum(ServerErrors) as ServerErrors by _timeslice\n| sort _timeslice asc", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| if(elb_status_code matches \"3*\", 1, 0) as ServerErrors \n| timeslice 1m\n| sum(ServerErrors) as ServerErrors by _timeslice\n| sort _timeslice asc", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -875,7 +895,7 @@ "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n| where tolowercase(loadbalancername) matches tolowercase(\"*\")\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI \n| if (ElbStatusCode matches \"5*\",1,0) as ELB_5XX\n| if (ElbStatusCode matches \"4*\",1,0) as ELB_4XX\n| if (ElbStatusCode matches \"3*\",1,0) as ELB_3XX\n| sum(ELB_5XX) as ELB_5XX, sum(ELB_4XX) as ELB_4XX, sum(ELB_3XX) as ELB_3XX by loadbalancername, Domain, URI\n| limit 20\n| sort by ELB_5XX", + "queryString": "account=* region=* namespace=aws/elb\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"*\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI \n| if (elb_status_code matches \"5*\",1,0) as ELB_5XX\n| if (elb_status_code matches \"4*\",1,0) as ELB_4XX\n| if (elb_status_code matches \"3*\",1,0) as ELB_3XX\n| sum(ELB_5XX) as ELB_5XX, sum(ELB_4XX) as ELB_4XX, sum(ELB_3XX) as ELB_3XX by loadbalancername, Domain, URI\n| limit 20\n| sort by ELB_5XX", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -929,7 +949,7 @@ "defaultValue": "aws/elb", "sourceDefinition": { "variableSourceType": "MetadataVariableSourceDefinition", - "filter": "account={{account}} region={{region}}", + "filter": "account={{account}} region={{region}} namespace=aws/elb", "key": "namespace" }, "allowMultiSelect": false, @@ -957,9 +977,9 @@ }, { "type": "DashboardV2SyncDefinition", - "name": "2. AWS Classic Load Balancer - Target Group Response Analysis (DONE)", - "description": "", - "title": "2. AWS Classic Load Balancer - Target Group Response Analysis (DONE)", + "name": "2. AWS Classic Load Balancer - Backend Response Analysis", + "description": "See the details of the Backend HTTP codes 2XX, 3XX, 4XX, and 5XX by availability zone, and load balancer name.", + "title": "2. AWS Classic Load Balancer - Backend Response Analysis", "rootPanel": null, "theme": "Light", "topologyLabelMap": { @@ -1058,10 +1078,10 @@ "id": null, "key": "panel05DD969FA8F84846", "title": "2XX", - "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"textColor\":\"#222d3b\",\"backgroundColor\":\"#75bf00\",\"showTitle\":false}}", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"textColor\":\"#222d3b\",\"backgroundColor\":\"#75bf00\",\"showTitle\":false},\"series\":{}}", "keepVisualSettingsConsistentWithParent": true, "panelType": "TextPanel", - "text": "Target Group 2XX Response Codes" + "text": "Backend 2XX Response Codes" }, { "id": null, @@ -1076,10 +1096,10 @@ "id": null, "key": "panel11E5E924B7E46B4D", "title": "3XX", - "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"textColor\":\"#222d3b\",\"backgroundColor\":\"#f6c851\",\"showTitle\":false}}", + "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\"},\"title\":{\"fontSize\":16},\"text\":{\"textColor\":\"#222d3b\",\"backgroundColor\":\"#f6c851\",\"showTitle\":false},\"series\":{}}", "keepVisualSettingsConsistentWithParent": true, "panelType": "TextPanel", - "text": "Target Group 3XX Response Codes" + "text": "Backend 3XX Response Codes" }, { "id": null, @@ -1090,7 +1110,7 @@ "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| parse field=client \"*:*\" as clientIP, port nodrop\n| parse field=backend \"*:*\" as backendIP, backend_port nodrop\n| fields - request, client, backend\n//| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| if (BackendStatusCode matches \"5*\",1,0) as Backend_5XX\n| if (BackendStatusCode matches \"4*\",1,0) as Backend_4XX\n| if (BackendStatusCode matches \"3*\",1,0) as Backend_3XX\n| if (BackendStatusCode matches \"2*\",1,0) as Backend_2XX\n| sum(Backend_5XX) as Backend_5XX, sum(Backend_4XX) as Backend_4XX, sum(Backend_3XX) as Backend_3XX, sum(Backend_2XX) as Backend_2XX by loadbalancername, Domain, URI\n| limit 20\n| sort by Backend_5XX, Backend_4XX, Backend_3XX, Backend_2XX ", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"*\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| parse field=client \"*:*\" as clientIP, port nodrop\n| parse field=backend \"*:*\" as backendIP, backend_port nodrop\n| fields - request, client, backend\n| if (backend_status_code matches \"5*\",1,0) as Backend_5XX\n| if (backend_status_code matches \"4*\",1,0) as Backend_4XX\n| if (backend_status_code matches \"3*\",1,0) as Backend_3XX\n| if (backend_status_code matches \"2*\",1,0) as Backend_2XX\n| sum(Backend_5XX) as Backend_5XX, sum(Backend_4XX) as Backend_4XX, sum(Backend_3XX) as Backend_3XX, sum(Backend_2XX) as Backend_2XX by loadbalancername, Domain, URI\n| limit 20\n| sort by Backend_5XX, Backend_4XX, Backend_3XX, Backend_2XX ", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -1108,13 +1128,13 @@ { "id": null, "key": "panel8D3D1B68A68C1B49", - "title": "4XX Response Codes", - "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} TargetGroup={{TargetGroup}} loadbalancer={{loadbalancer}}\"}}],\"series\":{}}", + "title": "4XX Backend Response Codes", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancername={{loadbalancername}}\"}}],\"series\":{}}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HTTPCode_Backend_4XX Statistic=Sum | sum by account, region, namespace, loadbalancername , AvailabilityZone //AvailabilityZone=* | parse field= TargetGroup */* as Unused, TargetGroup", + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_Backend_4XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone", "queryType": "Metrics", "queryKey": "A", "metricsQueryMode": "Advanced", @@ -1132,13 +1152,13 @@ { "id": null, "key": "panelA52CD401A29F7942", - "title": "2XX Response Codes", - "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} TargetGroup={{TargetGroup}} loadbalancer={{loadbalancer}}\"}}],\"series\":{}}", + "title": "2XX Backend Response Codes", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancername={{loadbalancername}}\"}}],\"series\":{}}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HTTPCode_Backend_2XX Statistic=Sum | sum by account, region, namespace, loadbalancername //AvailabilityZone=* TargetGroup=* <- not in metrics series, | parse field= TargetGroup */* as Unused, TargetGroup", + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_Backend_2XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone ", "queryType": "Metrics", "queryKey": "A", "metricsQueryMode": "Advanced", @@ -1156,13 +1176,13 @@ { "id": null, "key": "panelDF364B0988414A44", - "title": "3XX Response Codes", - "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} TargetGroup={{TargetGroup}} loadbalancer={{loadbalancer}}\"}}],\"series\":{}}", + "title": "3XX Backend Response Codes", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancername={{loadbalancername}}\"}}],\"series\":{}}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HTTPCode_Backend_3XX Statistic=Sum | sum by account, region, namespace, loadbalancername, //AvailabilityZone=* TargetGroup=* <- not in metrics, | parse field= TargetGroup */* as Unused, TargetGroup", + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_Backend_3XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone ", "queryType": "Metrics", "queryKey": "A", "metricsQueryMode": "Advanced", @@ -1186,7 +1206,7 @@ "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n//The field TargetGroupARN does not show up in Classic ELB Logs\n//| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| where !isEmpty(BackendStatusCode)\n| if(BackendStatusCode matches \"5*\", 1, 0) as BackendErrors\n| timeslice 1m\n| sum(BackendErrors) as BackendErrors by _timeslice, Loadbalancername\n| transpose row _timeslice column Loadbalancername", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| where !isEmpty(backend_status_code)\n| if(backend_status_code matches \"5*\", 1, 0) as BackendErrors\n| timeslice 1m\n| sum(BackendErrors) as BackendErrors by _timeslice, Loadbalancername\n| transpose row _timeslice column Loadbalancername", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -1210,7 +1230,7 @@ "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n//The field TargetGroupARN does not show up in Classic ELB Logs\n//| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| where !isEmpty(BackendStatusCode)\n| if(BackendStatusCode matches \"4*\", 1, 0) as BackendErrors\n| timeslice 1m\n| sum(BackendErrors) as BackendErrors by _timeslice, Loadbalancername\n| transpose row _timeslice column Loadbalancername\n", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| where !isEmpty(backend_status_code)\n| if(backend_status_code matches \"4*\", 1, 0) as BackendErrors\n| timeslice 1m\n| sum(BackendErrors) as BackendErrors by _timeslice, Loadbalancername\n| transpose row _timeslice column Loadbalancername", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -1234,7 +1254,7 @@ "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n//The field TargetGroupARN does not show up in Classic ELB Logs\n//| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| where !isEmpty(BackendStatusCode)\n| if(BackendStatusCode matches \"3*\", 1, 0) as BackendErrors\n| timeslice 1m\n| sum(BackendErrors) as BackendErrors by _timeslice, Loadbalancername\n| transpose row _timeslice column Loadbalancername\n", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| where !isEmpty(backend_status_code)\n| if(backend_status_code matches \"3*\", 1, 0) as BackendErrors\n| timeslice 1m\n| sum(BackendErrors) as BackendErrors by _timeslice, Loadbalancername\n| transpose row _timeslice column Loadbalancername", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -1258,7 +1278,7 @@ "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n//The field TargetGroupARN does not show up in Classic ELB Logs\n//| parse field=TargetGroupArn \"arn:aws:elasticloadbalancing:*:*:*\" as AwsRegion, AccountId, TargetGroup nodrop\n| parse field=Client \"*:*\" as ClientIP, ClientPort nodrop\n| where !isEmpty(BackendStatusCode)\n| if(BackendStatusCode matches \"2*\", 1, 0) as BackendErrors\n| timeslice 1m\n| sum(BackendErrors) as BackendErrors by _timeslice, Loadbalancername\n| transpose row _timeslice column Loadbalancername\n", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=client \"*:*\" as ClientIP, ClientPort nodrop\n| where !isEmpty(backend_status_code)\n| if(backend_status_code matches \"2*\", 1, 0) as BackendErrors\n| timeslice 1m\n| sum(BackendErrors) as BackendErrors by _timeslice, Loadbalancername\n| transpose row _timeslice column Loadbalancername", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -1277,12 +1297,12 @@ "id": null, "key": "panel13B1911EADE35944", "title": "5XX Backend Response Codes", - "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} TargetGroup={{TargetGroup}} loadbalancer={{loadbalancer}}\"}}],\"series\":{}}", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"color\":{\"family\":\"scheme7\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancername={{loadbalancername}}\"}}],\"series\":{}}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HTTPCode_Backend_5XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone //AvailabilityZone=* | parse field= TargetGroup */* as Unused, TargetGroup", + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_Backend_5XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone", "queryType": "Metrics", "queryKey": "A", "metricsQueryMode": "Advanced", @@ -1336,7 +1356,7 @@ "defaultValue": "aws/elb", "sourceDefinition": { "variableSourceType": "MetadataVariableSourceDefinition", - "filter": "account={{account}} region={{region}}", + "filter": "account={{account}} region={{region}} namespace=aws/elb", "key": "namespace" }, "allowMultiSelect": false, @@ -1364,9 +1384,9 @@ }, { "type": "DashboardV2SyncDefinition", - "name": "3. AWS Classic Load Balancer - Latency Overview (DONE)", - "description": "See the details of latency in your application load balancer by target group, availability zone, and load balancer.", - "title": "3. AWS Classic Load Balancer - Latency Overview (DONE)", + "name": "3. AWS Classic Load Balancer - Latency Overview", + "description": "See the details of latency in your classic load balancer by availability zone, and load balancer name.", + "title": "3. AWS Classic Load Balancer - Latency Overview", "rootPanel": null, "theme": "Light", "topologyLabelMap": { @@ -1432,12 +1452,12 @@ "id": null, "key": "panelpane-8fb7ac20b210584f", "title": "Latency", - "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Seconds\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} TargetGroup={{TargetGroup}} loadbalancer={{loadbalancer}}\"}}],\"series\":{}}", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Latency\",\"unit\":{\"value\":\"s\",\"isCustom\":false}},\"axisX\":{\"title\":\"\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancername={{loadbalancername}}\"}}],\"series\":{}}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=Latency Statistic=Average | sum by account, region, namespace, loadbalancername3 //targetgroup=* AvailabilityZone=* | parse field= TargetGroup */* as Unused, TargetGroup", + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=Latency Statistic=Average | avg by account, region, namespace, loadbalancername, AvailabilityZone", "queryType": "Metrics", "queryKey": "A", "metricsQueryMode": "Advanced", @@ -1456,12 +1476,12 @@ "id": null, "key": "panelpane-46aba672bb08b846", "title": "Max and Average Total Client Latency by Loadbalancername", - "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"column\",\"fontSize\":12,\"paginationPageSize\":100,\"displayType\":\"default\",\"fillOpacity\":1},\"color\":{\"family\":\"scheme1\"},\"hiddenQueryKeys\":[],\"legend\":{\"enabled\":false},\"axes\":{\"axisY\":{\"title\":\"Latency\"}},\"series\":{},\"overrides\":[]}", + "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"column\",\"fontSize\":12,\"paginationPageSize\":100,\"displayType\":\"default\",\"fillOpacity\":1},\"color\":{\"family\":\"scheme1\"},\"hiddenQueryKeys\":[],\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\"},\"axes\":{\"axisY\":{\"title\":\"Average Latency\",\"unit\":{\"value\":\"s\",\"isCustom\":false},\"hideLabels\":false},\"axisX\":{\"title\":\"loadbalancername\"},\"axisY2\":{\"hideLabels\":false,\"unit\":{\"value\":\"s\",\"isCustom\":false},\"title\":\"Max Latency\"}},\"series\":{},\"overrides\":[{\"series\":[\"AverageClientLatency\"],\"queries\":[],\"properties\":{\"axisYType\":\"primary\"}},{\"series\":[\"MaximumClientLatency\"],\"queries\":[],\"properties\":{\"axisYType\":\"secondary\"}}]}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and BackendProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| (RequestProcessingTime+BackendProcessingTime+ResponseProcessingTime) as ClientLatency\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| avg(ClientLatency) as AverageClientLatency, max(ClientLatency) as MaximumClientLatency by loadbalancername\n| order by MaximumClientLatency", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| (request_processing_time+backend_processing_time+response_processing_time) as ClientLatency\n| avg(ClientLatency) as AverageClientLatency, max(ClientLatency) as MaximumClientLatency by loadbalancername\n| order by MaximumClientLatency", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -1479,13 +1499,13 @@ { "id": null, "key": "panelpane-3ebb85e685bf1b4f", - "title": "Max and Average Target Processing Time by Loadbalancername", - "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"column\"},\"legend\":{\"enabled\":false},\"axes\":{\"axisY\":{\"title\":\"Latency\"}},\"series\":{},\"overrides\":[]}", + "title": "Max and Average Backend Processing Time by Loadbalancername", + "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"column\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Avg Latency\",\"unit\":{\"value\":\"s\",\"isCustom\":false}},\"axisX\":{\"title\":\"loadbalancername\"},\"axisY2\":{\"title\":\"Max latency\",\"unit\":{\"value\":\"Seconds\",\"isCustom\":true}}},\"series\":{},\"overrides\":[{\"series\":[\"AverageBackendProcessingTime\"],\"queries\":[],\"properties\":{\"axisYType\":\"primary\"}},{\"series\":[\"MaximumBackendProcessingTime\"],\"queries\":[],\"properties\":{\"axisYType\":\"secondary\"}}]}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and BackendProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// ^Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| avg(BackendProcessingTime) as AverageBackendProcessingTime, max(BackendProcessingTime) as MaximumBackendProcessingTime by loadbalancername\n| order by MaximumBackendProcessingTime\n\n\n", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| avg(backend_processing_time) as AverageBackendProcessingTime, max(backend_processing_time) as MaximumBackendProcessingTime by loadbalancername\n| order by MaximumBackendProcessingTime", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -1504,12 +1524,12 @@ "id": null, "key": "panelpane-c1ca3098892bea40", "title": "Average Total Client Latency Over Time by Loadbalancername", - "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"area\"},\"axes\":{\"axisY\":{\"title\":\"Latency\"}},\"series\":{},\"overrides\":[]}", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"area\"},\"axes\":{\"axisY\":{\"title\":\"Latency\",\"unit\":{\"value\":\"s\",\"isCustom\":false}},\"axisX\":{\"title\":\"\"}},\"series\":{},\"overrides\":[]}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and BackendProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// ^Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| (RequestProcessingTime+BackendProcessingTime+ResponseProcessingTime) as ClientLatency\n| timeslice 1m\n| avg(ClientLatency) as AverageClientLatency by loadbalancername ,_timeslice\n| transpose row _timeslice column loadbalancername\n", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| (request_processing_time+backend_processing_time+response_processing_time) as ClientLatency\n| timeslice 1m\n| avg(ClientLatency) as AverageClientLatency by loadbalancername ,_timeslice\n| transpose row _timeslice column loadbalancername", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -1528,12 +1548,12 @@ "id": null, "key": "panelpane-c301d958990e694d", "title": "Average Response Processing Time Over Time by Loadbalancername", - "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"area\"},\"axes\":{\"axisY\":{\"title\":\"Latency\"}},\"series\":{},\"overrides\":[]}", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"area\"},\"axes\":{\"axisY\":{\"title\":\"Latency\",\"unit\":{\"value\":\"s\",\"isCustom\":false}},\"axisX\":{\"title\":\"\"}},\"series\":{},\"overrides\":[]}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and BackendProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// ^Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| (RequestProcessingTime+BackendProcessingTime+ResponseProcessingTime) as ClientLatency\n| timeslice by 1m\n| avg(ResponseProcessingTime) as AverageResponseProcessingTime by _timeslice, loadbalancername\n| transpose row _timeslice column loadbalancername", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| (request_processing_time+backend_processing_time+response_processing_time) as ClientLatency\n| timeslice by 1m\n| avg(response_processing_time) as AverageResponseProcessingTime by _timeslice, loadbalancername\n| transpose row _timeslice column loadbalancername", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -1605,7 +1625,7 @@ "defaultValue": "aws/elb", "sourceDefinition": { "variableSourceType": "MetadataVariableSourceDefinition", - "filter": "account={{account}} region={{region}}", + "filter": "account={{account}} region={{region}} namespace=aws/elb", "key": "namespace" }, "allowMultiSelect": false, @@ -1621,7 +1641,7 @@ "sourceDefinition": { "variableSourceType": "MetadataVariableSourceDefinition", "filter": "account={{account}} region={{region}} namespace={{namespace}}", - "key": "loadbalancer" + "key": "loadbalancername" }, "allowMultiSelect": false, "includeAllOption": true, @@ -1633,9 +1653,9 @@ }, { "type": "DashboardV2SyncDefinition", - "name": "4. AWS Classic Load Balancer - Latency Details (DONE)", - "description": "See the details of latency in your application load balancer including the average and maximum request and response processing time, by target group and ELB server.", - "title": "4. AWS Classic Load Balancer - Latency Details (DONE)", + "name": "4. AWS Classic Load Balancer - Latency Details", + "description": "See the details of latency in your classic load balancer including the average and maximum request and response processing time, by backend and ELB.", + "title": "4. AWS Classic Load Balancer - Latency Details", "rootPanel": null, "theme": "Light", "topologyLabelMap": { @@ -1678,10 +1698,6 @@ "key": "panelpane-39d07f8699151b42", "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":6}" }, - { - "key": "panelpane-9ce61eae9fc92848", - "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":12}" - }, { "key": "panelpane-6fda9ea0b259db4f", "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":12}" @@ -1705,6 +1721,10 @@ { "key": "panelPANE-BCC4A01F93DBD84C", "structure": "{\"height\":6,\"width\":12,\"x\":12,\"y\":24}" + }, + { + "key": "panelPANE-E66D573EAA3BBA47", + "structure": "{\"height\":6,\"width\":12,\"x\":0,\"y\":12,\"minHeight\":3,\"minWidth\":3}" } ] }, @@ -1713,10 +1733,10 @@ "id": null, "key": "panelpane-e21d1869af8bbb43", "title": "Defintions", - "visualSettings": "{\"text\":{\"format\":\"markdown\",\"backgroundColor\":\"#ffffff\"}}", + "visualSettings": "{\"text\":{\"format\":\"markdown\",\"backgroundColor\":\"#ffffff\"},\"series\":{}}", "keepVisualSettingsConsistentWithParent": true, "panelType": "TextPanel", - "text": "#### All Time units are in Seconds\n\n#### **Client Latency** = ( RequestProcessingTime + TargetProcessingTime + ResponseProcessingTime)\n\n#### **RequestProcessingTime** = The total time elapsed from the time the load balancer received the request until the time it sent it to a registered instance.\n\n#### **ResponseProcessingTime** = The total time elapsed from the time the load balancer received the response header from the registered instance until it started to send the response to the client. This includes both the queuing time at the load balancer and the connection acquisition time from the load balancer to the back end.\n\n#### **TargetProcessingTime** = The total time elapsed from the time the load balancer sent the request to a registered instance until the instance started to send the response headers." + "text": "#### All Time units are in Seconds\n\n#### **Client Latency** = ( RequestProcessingTime + BackendProcessingTime + ResponseProcessingTime)\n\n#### **RequestProcessingTime** = The total time elapsed from the time the load balancer received the request until the time it sent it to a registered instance.\n\n#### **BackendProcessingTime** = The total time elapsed from the time the load balancer sent the request to a registered instance until the instance started to send the response headers.\n\n#### **ResponseProcessingTime** = The total time elapsed from the time the load balancer received the response header from the registered instance until it started to send the response to the client. This includes both the queuing time at the load balancer and the connection acquisition time from the load balancer to the back end.\n\n" }, { "id": null, @@ -1727,7 +1747,7 @@ "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and BackendProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| avg(RequestProcessingTime) as a1, avg(BackendProcessingTime) as a2,avg(ResponseProcessingTime) as a3 by _timeslice, Domain \n| (a1+a2+a3) as TotalProcessTime\n| fields _timeslice, Domain, TotalProcessTime \n| transpose row _timeslice column Domain\n", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| timeslice by 1m\n| avg(request_processing_time) as a1, avg(backend_processing_time) as a2,avg(response_processing_time) as a3 by _timeslice, Domain \n| (a1+a2+a3) as TotalProcessTime\n| fields _timeslice, Domain, TotalProcessTime \n| transpose row _timeslice column Domain", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -1751,7 +1771,7 @@ "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and BackendProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| avg(RequestProcessingTime) as a1, avg(BackendProcessingTime) as a2,avg(ResponseProcessingTime) as a3 by _timeslice, loadbalancername\n| (a1+a2+a3) as TotalProcessTime\n| fields _timeslice, loadbalancername, TotalProcessTime \n| transpose row _timeslice column loadbalancername\n", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| timeslice by 1m\n| avg(request_processing_time) as a1, avg(backend_processing_time) as a2,avg(response_processing_time) as a3 by _timeslice, loadbalancername\n| (a1+a2+a3) as TotalProcessTime\n| fields _timeslice, loadbalancername, TotalProcessTime \n| transpose row _timeslice column loadbalancername", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -1768,14 +1788,14 @@ }, { "id": null, - "key": "panelpane-9ce61eae9fc92848", - "title": "Events - Average Request Processing Time by ELB Server", + "key": "panelpane-6fda9ea0b259db4f", + "title": "Events - Average Response Processing Time by ELB Server", "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{},\"overrides\":[]}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and BackendProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| avg(RequestProcessingTime) as AverageRequestProcessingTime by _timeslice, loadbalancername\n| transpose row _timeslice column loadbalancername", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| timeslice by 1m\n| avg(response_processing_time) as AverageResponseProcessingTime by _timeslice, loadbalancername\n| transpose row _timeslice column loadbalancername", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -1792,14 +1812,14 @@ }, { "id": null, - "key": "panelpane-6fda9ea0b259db4f", - "title": "Events - Average Response Processing Time by ELB Server", + "key": "panelpane-256726aaafcdba4d", + "title": "Events - Average Request Processing Time by URI", "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{},\"overrides\":[]}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and BackendProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| avg(ResponseProcessingTime) as AverageResponseProcessingTime by _timeslice, loadbalancername\n| transpose row _timeslice column loadbalancername\n", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| timeslice by 1m\n| avg(request_processing_time) as AverageRequestProcessingTime by _timeslice, URI\n| transpose row _timeslice column URI", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -1816,14 +1836,14 @@ }, { "id": null, - "key": "panelpane-256726aaafcdba4d", - "title": "Events - Average Request Processing Time by URI", - "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{},\"overrides\":[]}", + "key": "panelpane-d9489b8ebd5daa4c", + "title": "Events - Max Request Processing Time by ELB Server", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{}}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and BackendProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| avg(RequestProcessingTime) as AverageRequestProcessingTime by _timeslice, URI\n| transpose row _timeslice column URI\n", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| timeslice by 1m\n| max(request_processing_time) as MaximumRequestProcessingTime by _timeslice, loadbalancername\n| transpose row _timeslice column loadbalancername", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -1840,14 +1860,14 @@ }, { "id": null, - "key": "panelpane-d9489b8ebd5daa4c", - "title": "Events - Max Request Processing Time by ELB Server", + "key": "panelpane-fee25a48afe96841", + "title": "Events - Max Response Processing Time by ELB Server", "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{}}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and BackendProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| max(RequestProcessingTime) as MaximumRequestProcessingTime by _timeslice, loadbalancername\n| transpose row _timeslice column loadbalancername\n", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| timeslice by 1m\n| max(response_processing_time) as MaximumResponseProcessingTime by _timeslice, loadbalancername\n| transpose row _timeslice column loadbalancername", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -1864,14 +1884,14 @@ }, { "id": null, - "key": "panelpane-fee25a48afe96841", - "title": "Events - Max Response Processing Time by ELB Server", - "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{}}", + "key": "panelpane-9fa04ab689a4594a", + "title": "Events - Top 20 Client Latency by Paths", + "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"table\"},\"series\":{}}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and BackendProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| timeslice by 1m\n| max(ResponseProcessingTime) as MaximumResponseProcessingTime by _timeslice, loadbalancername\n| transpose row _timeslice column loadbalancername\n", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| avg(request_processing_time) as a1, avg(backend_processing_time) as a2,avg(response_processing_time) as a3 by URI\n| (a1+a2+a3) as TotalProcessTime\n| fields URI, TotalProcessTime \n| sort by TotalProcessTime \n| limit 20", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -1888,14 +1908,14 @@ }, { "id": null, - "key": "panelpane-9fa04ab689a4594a", - "title": "Events - Top 20 Client Latency by Paths", - "visualSettings": "{\"general\":{\"mode\":\"distribution\",\"type\":\"table\"},\"series\":{}}", + "key": "panelPANE-BCC4A01F93DBD84C", + "title": "Events - Average Response Processing Time by URI", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Time\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and BackendProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| avg(RequestProcessingTime) as a1, avg(BackendProcessingTime) as a2,avg(ResponseProcessingTime) as a3 by URI\n| (a1+a2+a3) as TotalProcessTime\n| fields URI, TotalProcessTime \n| sort by TotalProcessTime \n| limit 20\n\n", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| timeslice by 1m\n| avg(response_processing_time) as AverageResponseProcessingTime by _timeslice, URI\n| transpose row _timeslice column URI", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -1912,14 +1932,14 @@ }, { "id": null, - "key": "panelPANE-BCC4A01F93DBD84C", - "title": "Events - Average Response Processing Time by URI", - "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"column\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Time\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}", + "key": "panelPANE-E66D573EAA3BBA47", + "title": "Events - Average Request Processing Time by ELB Server", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"column\"},\"axes\":{\"axisY\":{\"title\":\"Time\"}},\"series\":{},\"overrides\":[],\"legend\":{\"enabled\":false}}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| where RequestProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and BackendProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and ResponseProcessingTime matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n// Need to filter out logs where request_processing_time, target_processing_time, or response_processing_time are -1\n// This means the load balancer can't dispatch the request to a target\n| timeslice by 1m\n| avg(ResponseProcessingTime) as AverageResponseProcessingTime by _timeslice, URI\n| transpose row _timeslice column URI\n", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| where request_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and backend_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/ and response_processing_time matches /^[+]?([0-9]+(?:[\\.][0-9]*)?|\\.[0-9]+)$/\n| timeslice by 1m\n| avg(request_processing_time) as AverageRequestProcessingTime by _timeslice, loadbalancername\n| transpose row _timeslice column loadbalancername", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -1973,7 +1993,7 @@ "defaultValue": "aws/elb", "sourceDefinition": { "variableSourceType": "MetadataVariableSourceDefinition", - "filter": "account={{account}} region={{region}}", + "filter": "account={{account}} region={{region}} namespace=aws/elb", "key": "namespace" }, "allowMultiSelect": false, @@ -2001,9 +2021,9 @@ }, { "type": "DashboardV2SyncDefinition", - "name": "5. AWS Classic Load Balancer - Connections and Host Status (DONE)", - "description": "See the details of request and host status including the average unhealthy host count, and healthy host count by target group, availability zone, and load balancer, and request count, outliers in requests by backend, and requests by target.", - "title": "5. AWS Classic Load Balancer - Connections and Host Status (DONE)", + "name": "5. AWS Classic Load Balancer - Connections and Host Status", + "description": "See the details of connections and host status including the average unhealthy host count, and healthy host count by availability zone, and load balancer name.", + "title": "5. AWS Classic Load Balancer - Connections and Host Status", "rootPanel": null, "theme": "Light", "topologyLabelMap": { @@ -2093,12 +2113,12 @@ "id": null, "key": "panelpane-72162e80bf98794a", "title": "Unhealthy Hosts", - "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} TargetGroup={{TargetGroup}} loadbalancer={{loadbalancer}}\"}}],\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"series\":{}}", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancername={{loadbalancername}}\"}}],\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"series\":{}}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=UnHealthyHostCount Statistic=Average | sum by account, region, namespace, loadbalancername //AvailabilityZone=* TargetGroup=* , AvailabilityZone, TargetGroup ", + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=UnHealthyHostCount Statistic=Average | avg by account, region, namespace, loadbalancername, AvailabilityZone", "queryType": "Metrics", "queryKey": "A", "metricsQueryMode": "Advanced", @@ -2116,13 +2136,13 @@ { "id": null, "key": "panelpane-3f69e9d8acb63944", - "title": "Target Connections Errors", - "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} TargetGroup={{TargetGroup}} loadbalancer={{loadbalancer}}\"}}],\"series\":{}}", + "title": "Backend Connections Errors", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancername={{loadbalancername}}\"}}],\"series\":{}}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HTTPCode_Backend_5XX Statistic=Sum | sum by account, region, namespace, loadbalancername //AvailabilityZone=* TargetGroup=*, AvailabilityZone, TargetGroup", + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=BackendConnectionErrors Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone", "queryType": "Metrics", "queryKey": "A", "metricsQueryMode": "Advanced", @@ -2141,7 +2161,7 @@ "id": null, "key": "panelpane-b0dcb7ce9acff84d", "title": "Active Connections", - "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{loadbalancer}}\"}}],\"series\":{}}", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{loadbalancername}}\"}}],\"series\":{}}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ @@ -2165,7 +2185,7 @@ "id": null, "key": "panelpane-0a6b3b1a8e6f2a4d", "title": "New Connections", - "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{loadbalancer}}\"}}],\"series\":{}}", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{loadbalancername}}\"}}],\"series\":{}}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ @@ -2189,12 +2209,12 @@ "id": null, "key": "panelpane-256d7e9895990b46", "title": "Rejected Connections (Using Spillover Count)", - "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancer={{loadbalancer}}\"}}],\"series\":{}}", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancername={{loadbalancername}}\"}}],\"series\":{}}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=SpilloverCount Statistic=Sum | sum by account, region, namespace, loadbalancername //AvailabilityZone, AvailabilityZone=*", + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=SpilloverCount Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone", "queryType": "Metrics", "queryKey": "A", "metricsQueryMode": "Advanced", @@ -2249,12 +2269,12 @@ "id": null, "key": "panelF582E76F8F681B46", "title": "3XX Backend Error Count", - "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancer={{loadbalancer}}\"}}],\"series\":{}}", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancername={{loadbalancername}}\"}}],\"series\":{}}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HTTPCode_Backend_3XX Statistic=Sum | sum by account, region, namespace, loadbalancername //AvailabilityZone=* AvailabilityZone", + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_Backend_3XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone", "queryType": "Metrics", "queryKey": "A", "metricsQueryMode": "Advanced", @@ -2273,12 +2293,12 @@ "id": null, "key": "panelDCF2F2A88E731942", "title": "4XX Backend Error Count", - "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} TargetGroup={{TargetGroup}} loadbalancer={{loadbalancer}}\"}}],\"series\":{}}", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancername={{loadbalancername}}\"}}],\"series\":{}}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HTTPCode_Backend_4XX Statistic=Sum | sum by account, region, namespace, loadbalancername //AvailabilityZone=*, TargetGroup=* AvailabilityZone, TargetGroup", + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HTTPCode_Backend_4XX Statistic=Sum | sum by account, region, namespace, loadbalancername, AvailabilityZone", "queryType": "Metrics", "queryKey": "A", "metricsQueryMode": "Advanced", @@ -2297,12 +2317,12 @@ "id": null, "key": "panel15B701BABC802B4F", "title": "Healthy Hosts", - "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} TargetGroup={{TargetGroup}} loadbalancer={{loadbalancer}}\"}}],\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"series\":{}}", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"AvailabilityZone={{AvailabilityZone}} loadbalancername={{loadbalancername}}\"}}],\"axes\":{\"axisY\":{\"title\":\"Count\"}},\"series\":{}}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=HealthyHostCount Statistic=Average | sum by account, region, namespace, loadbalancername //AvailabilityZone=* TargetGroup=*, AvailabilityZone, TargetGroup ", + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} AvailabilityZone=* metric=HealthyHostCount Statistic=Average | avg by account, region, namespace, loadbalancername, AvailabilityZone ", "queryType": "Metrics", "queryKey": "A", "metricsQueryMode": "Advanced", @@ -2324,7 +2344,7 @@ "visualSettings": "{\"general\":{\"mode\":\"TextPanel\",\"type\":\"text\",\"displayType\":\"default\"},\"title\":{\"fontSize\":14},\"text\":{\"format\":\"markdownV2\",\"fontSize\":12},\"series\":{},\"legend\":{\"enabled\":false}}", "keepVisualSettingsConsistentWithParent": true, "panelType": "TextPanel", - "text": "**SpilloverCount** - When requests exceed the maximum SurgeQueueLength, the SpilloverCount metric starts to measure rejected requests. The maximum SurgeQueueLength is 1024.\n\n**SurgeQueueLegnth** - The total number of requests (HTTP listener) or connections (TCP listener) that are pending routing to a healthy instance. The maximum size of the queue is 1,024. Additional requests or connections are rejected when the queue is full.\n\n**EstimatedALBActiveConnectionCount** - The estimated number of concurrent TCP connections active from clients to the load balancer and from the load balancer to targets.\n\n**EstimatedALBConsumedLCUs** - The estimated number of load balancer capacity units (LCU) used by an Application Load Balancer. You pay for the number of LCUs that you use per hour. For more information, see Elastic Load Balancing Pricing for more info https://aws.amazon.com/elasticloadbalancing/pricing/\n\n**EstimatedALBNewConnectionCount** - The estimated number of new TCP connections established from clients to the load balancer and from the load balancer to targets.\n\n**EstimatedProcessedBytes** The estimated number of bytes processed by an Application Load Balancer." + "text": "**SpilloverCount** - When requests exceed the maximum SurgeQueueLength, the SpilloverCount metric starts to measure rejected requests. The maximum SurgeQueueLength is 1024.\n\n**SurgeQueueLength** - The total number of requests (HTTP listener) or connections (TCP listener) that are pending routing to a healthy instance. The maximum size of the queue is 1,024. Additional requests or connections are rejected when the queue is full.\n\n**EstimatedALBActiveConnectionCount** - The estimated number of concurrent TCP connections active from clients to the load balancer and from the load balancer to targets.\n\n**EstimatedALBConsumedLCUs** - The estimated number of load balancer capacity units (LCU) used by an Application Load Balancer. You pay for the number of LCUs that you use per hour. For more information, see Elastic Load Balancing Pricing for more info https://aws.amazon.com/elasticloadbalancing/pricing/\n\n**EstimatedALBNewConnectionCount** - The estimated number of new TCP connections established from clients to the load balancer and from the load balancer to targets.\n\n**EstimatedProcessedBytes** The estimated number of bytes processed by an Application Load Balancer." } ], "variables": [ @@ -2365,7 +2385,7 @@ "defaultValue": "aws/elb", "sourceDefinition": { "variableSourceType": "MetadataVariableSourceDefinition", - "filter": "account={{account}} region={{region}}", + "filter": "account={{account}} region={{region}} namespace=aws/elb", "key": "namespace" }, "allowMultiSelect": false, @@ -2393,9 +2413,9 @@ }, { "type": "DashboardV2SyncDefinition", - "name": "6. AWS Classic Load Balancer - Requests and Processed Bytes (DONE)", - "description": "See the details of requests and Processed bytes for your application load balancer.", - "title": "6. AWS Classic Load Balancer - Requests and Processed Bytes (DONE)", + "name": "6. AWS Classic Load Balancer - Requests and Processed Bytes", + "description": "See the details of requests and Processed bytes for your classic load balancer.", + "title": "6. AWS Classic Load Balancer - Requests and Processed Bytes", "rootPanel": null, "theme": "Light", "topologyLabelMap": { @@ -2478,7 +2498,7 @@ "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n// Parse all fields above, then aggregate\n| timeslice 1m \n| count by _timeslice, backend\n| outlier _count by backend threshold=2, direction=- \n| where (_count_violation=1) and (_count_indicator=1)\n| fields _timeslice, backend, _count \n| transpose row _timeslice column backend", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n// Parse all fields above, then aggregate\n| timeslice 1m \n| count by _timeslice, backend\n| outlier _count by backend threshold=2, direction=- \n| where (_count_violation=1) and (_count_indicator=1)\n| fields _timeslice, backend, _count \n| transpose row _timeslice column backend", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -2502,7 +2522,7 @@ "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n// Parse all fields above, then aggregate\n| timeslice 1m \n| count by _timeslice, backend\n| outlier _count by backend threshold=2, direction=+ \n| where (_count_violation=1) and (_count_indicator=1) and !isEmpty(backend)\n| fields _timeslice, backend, _count \n| transpose row _timeslice column backend", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n// Parse all fields above, then aggregate\n| timeslice 1m \n| count by _timeslice, backend\n| outlier _count by backend threshold=2, direction=+ \n| where (_count_violation=1) and (_count_indicator=1) and !isEmpty(backend)\n| fields _timeslice, backend, _count \n| transpose row _timeslice column backend", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -2526,7 +2546,7 @@ "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n// Parse all fields above, then aggregate\n| timeslice 1m \n| count by _timeslice, loadbalancername\n| outlier _count by loadbalancername threshold=2, direction=+ \n| where (_count_violation=1) and (_count_indicator=1)\n| fields _timeslice, loadbalancername, _count \n| transpose row _timeslice column loadbalancername", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n// Parse all fields above, then aggregate\n| timeslice 1m \n| count by _timeslice, loadbalancername\n| outlier _count by loadbalancername threshold=2, direction=+ \n| where (_count_violation=1) and (_count_indicator=1)\n| fields _timeslice, loadbalancername, _count \n| transpose row _timeslice column loadbalancername", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -2550,7 +2570,7 @@ "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=Request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n// Parse all fields above, then aggregate\n| timeslice 1m \n| count by _timeslice, loadbalancername\n| outlier _count by loadbalancername threshold=2, direction=+ \n| where (_count_violation=1) and (_count_indicator=1)\n| fields _timeslice, loadbalancername, _count \n| transpose row _timeslice column loadbalancername", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n// Parse all fields above, then aggregate\n| timeslice 1m \n| count by _timeslice, loadbalancername\n| outlier _count by loadbalancername threshold=2, direction=+ \n| where (_count_violation=1) and (_count_indicator=1)\n| fields _timeslice, loadbalancername, _count \n| transpose row _timeslice column loadbalancername", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -2568,13 +2588,13 @@ { "id": null, "key": "panelPANE-EFE34823AB0FD841", - "title": "Request Counts (does request count show up in the metrics?)", - "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"TargetGroup={{TargetGroup}} loadbalancer={{loadbalancer}} \"}}],\"series\":{},\"hiddenQueryKeys\":[\"B\"]}", + "title": "Request Counts", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{loadbalancername}} \"}}],\"series\":{},\"hiddenQueryKeys\":[\"B\"]}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=RequestCount | sum by account, region, namespace, loadbalancername", + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} loadbalancername={{loadbalancername}} metric=RequestCount statistic=sum | sum by account, region, namespace, loadbalancername", "queryType": "Metrics", "queryKey": "A", "metricsQueryMode": "Advanced", @@ -2593,7 +2613,7 @@ "id": null, "key": "panel9C8F307FA318284A", "title": "Estimated Processed Bytes", - "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{loadbalancer}} \"}}],\"series\":{}}", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2},\"title\":{\"fontSize\":16},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Count\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{loadbalancername}} \"}}],\"series\":{}}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ @@ -2635,12 +2655,12 @@ "id": null, "key": "panel506081A3919ACA4A", "title": "Received Bytes", - "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Bytes\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Bytes\"}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n// Parse all fields above, then aggregate\n| timeslice 1m \n| sum(ReceivedBytes) as ReceivedBytes by _timeslice", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n// Parse all fields above, then aggregate\n| timeslice 1m \n| sum(received_bytes) as ReceivedBytes by _timeslice\n", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -2659,12 +2679,12 @@ "id": null, "key": "panel6A37B8FBA033EB4D", "title": "Sent Bytes", - "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Bytes\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}", + "visualSettings": "{\"title\":{\"fontSize\":16},\"general\":{\"type\":\"line\",\"displayType\":\"default\",\"outlierBandColor\":\"#FDECF5\",\"outlierBandMarkerColor\":\"#F032A9\",\"outlierBandFillOpacity\":0.3,\"outlierBandLineThickness\":2,\"outlierBandMarkerSize\":10,\"outlierBandMarkerType\":\"triangle\",\"markerSize\":0,\"lineDashType\":\"solid\",\"markerType\":\"none\",\"lineThickness\":2,\"mode\":\"timeSeries\"},\"axes\":{\"axisX\":{\"title\":\"\",\"titleFontSize\":11,\"labelFontSize\":10},\"axisY\":{\"titleFontSize\":11,\"labelFontSize\":12,\"logarithmic\":false,\"gridColor\":\"#dde4e9\",\"title\":\"Bytes\"}},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"scheme9\"},\"series\":{},\"overrides\":[]}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, Client, backend, RequestProcessingTime, BackendProcessingTime, ResponseProcessingTime, ElbStatusCode, BackendStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SSLCipher,SSLProtocol\n//| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n// Parse all fields above, then aggregate\n| timeslice 1m \n| sum(SentBytes) as SentBytes by _timeslice", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n// Parse all fields above, then aggregate\n| timeslice 1m \n| sum(sent_bytes) as SentBytes by _timeslice", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -2718,7 +2738,7 @@ "defaultValue": "aws/elb", "sourceDefinition": { "variableSourceType": "MetadataVariableSourceDefinition", - "filter": "account={{account}} region={{region}}", + "filter": "account={{account}} region={{region}} namespace=aws/elb", "key": "namespace" }, "allowMultiSelect": false, @@ -2746,9 +2766,9 @@ }, { "type": "DashboardV2SyncDefinition", - "name": "7. AWS Classic Load Balancer - Threat Intel (DONE)", + "name": "7. AWS Classic Load Balancer - Threat Intel", "description": "See the details of IP threats including the count, location, and highly malicious IP threats.", - "title": "7. AWS Classic Load Balancer - Threat Intel (DONE)", + "title": "7. AWS Classic Load Balancer - Threat Intel", "rootPanel": null, "theme": "Light", "topologyLabelMap": { @@ -2815,7 +2835,7 @@ "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request,user_agent,ssl_cipher,ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as threat_count", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as threat_count", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -2839,7 +2859,7 @@ "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request,user_agent,ssl_cipher,ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by ClientIp, MaliciousConfidence, Actor, LabelName\n| sort by ThreatCount", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by ClientIp, MaliciousConfidence, Actor, LabelName\n| sort by ThreatCount", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -2863,7 +2883,7 @@ "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request,user_agent,ssl_cipher,ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by ClientIp, MaliciousConfidence, Actor, LabelName\n| sort by MaliciousConfidence", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by ClientIp, MaliciousConfidence, Actor, LabelName\n| sort by MaliciousConfidence", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -2887,7 +2907,7 @@ "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request,user_agent,ssl_cipher,ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp\n| count as Count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count by MaliciousConfidence\n| sort by _count", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp\n| count as Count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count by MaliciousConfidence\n| sort by _count", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -2911,7 +2931,7 @@ "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request,user_agent,ssl_cipher,ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as Count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count by ClientIp\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIp\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request,user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse regex \"(?\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as Count by ClientIp\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and !isNull(MaliciousConfidence)\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count by ClientIp\n| lookup latitude, longitude, country_code, country_name, region, city, postal_code from geo://location on ip = ClientIp\n| count by latitude, longitude, country_code, country_name, region, city, postal_code\n| where !isnull(latitude)", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -2935,7 +2955,7 @@ "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request,user_agent,ssl_cipher,ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| parse regex \"(?\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp, URI\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count(ip_count) as UniqueThreatIPs by URI\n| top 20 URI by UniqueThreatIPs, URI asc", + "queryString": "account={{account}} region={{region}} namespace={{namespace}}\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| where tolowercase(loadbalancername) matches tolowercase(\"{{loadbalancername}}\")\n| parse field=request \"* *://*:*/* HTTP\" as Method, Protocol, Domain, ServerPort, URI nodrop\n| parse regex \"(?\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp, URI\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" // and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| count(ip_count) as UniqueThreatIPs by URI\n| top 20 URI by UniqueThreatIPs, URI asc", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -2989,7 +3009,7 @@ "defaultValue": "aws/elb", "sourceDefinition": { "variableSourceType": "MetadataVariableSourceDefinition", - "filter": "account={{account}} region={{region}}", + "filter": "account={{account}} region={{region}} namespace=aws/elb", "key": "namespace" }, "allowMultiSelect": false, From 85f7a0564b6d71f173f63d956cf5e5c12c7442c3 Mon Sep 17 00:00:00 2001 From: Jayanta Kashyap Date: Thu, 27 Jan 2022 17:15:39 +0530 Subject: [PATCH 13/44] tf update for feature to install app in either personal or admin folder --- aws-observability-terraform/app-modules/main.tf | 3 ++- .../app-modules/providers.tf | 1 + .../app-modules/variables.tf | 12 ++++++++++++ aws-observability-terraform/main.auto.tfvars | 1 + aws-observability-terraform/main.tf | 1 + aws-observability-terraform/providers.tf | 1 + aws-observability-terraform/variables.tf | 13 +++++++++++++ 7 files changed, 31 insertions(+), 1 deletion(-) diff --git a/aws-observability-terraform/app-modules/main.tf b/aws-observability-terraform/app-modules/main.tf index a2d25482..1a0e3ba2 100644 --- a/aws-observability-terraform/app-modules/main.tf +++ b/aws-observability-terraform/app-modules/main.tf @@ -1,10 +1,11 @@ data "sumologic_personal_folder" "personalFolder" {} +data "sumologic_admin_recommended_folder" "folder" {} # Create a folder in the folder ID provided. If no folder ID is provided, create the folder in personal folder resource "sumologic_folder" "apps_folder" { description = "This folder contains all the apps for AWS Observability solution." name = var.apps_folder_name - parent_id = var.parent_folder_id != "" ? format("%x", var.parent_folder_id) : data.sumologic_personal_folder.personalFolder.id + parent_id = var.parent_folder_id != "" ? format("%x", var.parent_folder_id) : (var.folder_installation_location == "Personal" ? data.sumologic_personal_folder.personalFolder.id : data.sumologic_admin_recommended_folder.folder.id) } # Create a folder to install all monitors. diff --git a/aws-observability-terraform/app-modules/providers.tf b/aws-observability-terraform/app-modules/providers.tf index f8b979dd..fc01f377 100644 --- a/aws-observability-terraform/app-modules/providers.tf +++ b/aws-observability-terraform/app-modules/providers.tf @@ -3,4 +3,5 @@ provider "sumologic" { access_id = var.access_id access_key = var.access_key environment = var.environment + admin_mode = var.folder_installation_location == "Personal" ? false : true } \ No newline at end of file diff --git a/aws-observability-terraform/app-modules/variables.tf b/aws-observability-terraform/app-modules/variables.tf index c197aa33..b8451c98 100644 --- a/aws-observability-terraform/app-modules/variables.tf +++ b/aws-observability-terraform/app-modules/variables.tf @@ -155,3 +155,15 @@ variable "rds_monitors_disabled" { default = true } +variable "folder_installation_location" { + type = string + description = "Indicates where to install the app folder. Enter Personal for installing in personal folder and Admin for installing in Admin folder." + validation { + condition = contains([ + "Personal", + "Admin"], var.folder_installation_location) + error_message = "The value must be one of Personal or Admin." + } + default = "Personal" +} + diff --git a/aws-observability-terraform/main.auto.tfvars b/aws-observability-terraform/main.auto.tfvars index b7efd53a..825c2a53 100644 --- a/aws-observability-terraform/main.auto.tfvars +++ b/aws-observability-terraform/main.auto.tfvars @@ -5,3 +5,4 @@ sumologic_access_id = "" # Please replace (including brackets) with your Sumo Logic Access KEY. sumologic_organization_id = "" # Please replace (including brackets) with your Sumo Logic Organization ID. aws_account_alias = "" # Please replace with an AWS account alias for identification in Sumo Logic Explorer View, metrics and logs. +sumologic_folder_installation_location = "" # Please replace with your preferred folder installation location, either of Personal or Admin. \ No newline at end of file diff --git a/aws-observability-terraform/main.tf b/aws-observability-terraform/main.tf index 3abe7ad9..2ec70793 100644 --- a/aws-observability-terraform/main.tf +++ b/aws-observability-terraform/main.tf @@ -8,6 +8,7 @@ module "sumo-module" { access_key = var.sumologic_access_key environment = var.sumologic_environment json_file_directory_path = dirname(path.cwd) + folder_installation_location = var.sumologic_folder_installation_location } # diff --git a/aws-observability-terraform/providers.tf b/aws-observability-terraform/providers.tf index 1262b87e..58f8ca4b 100644 --- a/aws-observability-terraform/providers.tf +++ b/aws-observability-terraform/providers.tf @@ -2,6 +2,7 @@ provider "sumologic" { environment = var.sumologic_environment access_id = var.sumologic_access_id access_key = var.sumologic_access_key + admin_mode = var.sumologic_folder_installation_location == "Personal" ? false : true } provider "aws" { diff --git a/aws-observability-terraform/variables.tf b/aws-observability-terraform/variables.tf index 05aef778..0029d119 100644 --- a/aws-observability-terraform/variables.tf +++ b/aws-observability-terraform/variables.tf @@ -61,4 +61,17 @@ variable "aws_account_alias" { condition = can(regex("[a-z0-9]*", var.aws_account_alias)) error_message = "Alias must only contain lowercase letters, number and length less than or equal to 30 characters." } +} + +variable "sumologic_folder_installation_location" { + type = string + description = "Indicates where to install the app folder. Enter Personal for installing in personal folder and Admin for installing in Admin folder." + validation { + condition = contains([ + "Personal", + "Admin"], var.sumologic_folder_installation_location) + error_message = "The value must be one of Personal or Admin." + } + default = "Personal" + } \ No newline at end of file From 4d1402d3e6b7fd84ac42ccf12e85e82a698873f3 Mon Sep 17 00:00:00 2001 From: Himanshu Sharma Date: Thu, 27 Jan 2022 17:41:06 +0530 Subject: [PATCH 14/44] adding folder sharing feature --- .../apps/alb/alb_app.template.yaml | 39 ++++++++++++ .../apigateway/api_gateway_app.template.yaml | 39 ++++++++++++ .../apps/dynamodb/dynamodb_app.template.yaml | 39 ++++++++++++ .../ec2metrics/ec2_metrics_app.template.yaml | 42 +++++++++++++ .../apps/ecs/ecs_app.template.yaml | 39 ++++++++++++ .../elasticache/elasticache_app.template.yaml | 39 ++++++++++++ .../apps/elb/elb_app.template.yaml | 39 ++++++++++++ .../apps/lambda/lambda_app.template.yaml | 39 ++++++++++++ .../apps/nlb/nlb_app.template.yaml | 39 ++++++++++++ .../permissioncheck.nested.template.yaml | 39 ++++++++++++ .../apps/rds/rds_app.template.yaml | 39 ++++++++++++ .../rootcause/rootcauseexplorer.template.yaml | 42 +++++++++++++ ...mologic_observability.master.template.yaml | 63 ++++++++++++++++++- 13 files changed, 536 insertions(+), 1 deletion(-) diff --git a/aws-observability/apps/alb/alb_app.template.yaml b/aws-observability/apps/alb/alb_app.template.yaml index eeeebf49..6ce82d14 100755 --- a/aws-observability/apps/alb/alb_app.template.yaml +++ b/aws-observability/apps/alb/alb_app.template.yaml @@ -12,6 +12,7 @@ Metadata: - Section1bSumoAccessID - Section1cSumoAccessKey - Section1dRemoveSumoResourcesOnDeleteStack + - Section1eOrgId - Label: default: "Sumo Logic AWS Resources Tagging Configuration (Required)" @@ -42,6 +43,12 @@ Metadata: - Section6bTemplatesBucketName - Section6cNestedTemplateVersion + - Label: + default: "App Installation and sharing" + Parameters: + - Section7aAppInstallLocation + - Section7bShare + ParameterLabels: Section1aSumoDeployment: default: "Sumo Logic Deployment Name" @@ -51,6 +58,8 @@ Metadata: default: "Sumo Logic Access Key" Section1dRemoveSumoResourcesOnDeleteStack: default: "Delete Sumo Logic Resources when stack is deleted" + Section1eOrgId: + default: "Sumo Logic Organization Id" Section2aAccountAlias: default: "Alias for AWS Account Identification. Please leave this blank if you are using CloudFormation StackSets to deploy the solution in multiple AWS accounts." @@ -76,6 +85,11 @@ Metadata: Section6cNestedTemplateVersion: default: "Nested Templates Version" + Section7aAppInstallLocation: + default: "App Installation location" + Section7bShare: + default: "Share" + Parameters: Section1aSumoDeployment: Type: String @@ -100,6 +114,11 @@ Parameters: Description: "To delete collectors, sources and apps when the stack is deleted, set this parameter to True. Default is True. Deletes the resources created by the stack. Deletion of updated resources will be skipped." Type: String + Section1eOrgId: + Description: "Appears on the Account Overview page that displays information about your Sumo Logic organization. Used for IAM Role in Sumo Logic AWS Sources. Visit https://help.sumologic.com/01Start-Here/05Customize-Your-Sumo-Logic-Experience/Preferences-Page" + Type: String + AllowedPattern: ".+" + ConstraintDescription: "Sumo Logic Organization Id can not be empty." Section2aAccountAlias: Type: String @@ -149,6 +168,23 @@ Parameters: Description: "Provide the version for the nested templates. Default is the latest version." AllowedPattern: ".+" + Section7aAppInstallLocation: + Type: String + Description: "Personal - Installs App in user's Personal folder. + admin - Installs App in admin Recommended Folder" + Default: 'Personal' + AllowedValues: + - 'Personal' + - 'admin' + Section7bShare: + Type: String + Description: "True - Installed App will be visible to all members of the organisation. + False - Installed App will be visible to you only." + Default: 'True' + AllowedValues: + - 'True' + - 'False' + Conditions: install_app: !Equals [!Ref Section3aInstallApp, 'Yes'] @@ -281,6 +317,9 @@ Resources: SumoAccessKey: !Ref Section1cSumoAccessKey SumoDeployment: !Ref Section1aSumoDeployment AppJsonS3Url: !Sub "https://${Section6bTemplatesBucketName}.s3.amazonaws.com/aws-observability-versions/${Section6cNestedTemplateVersion}/appjson/Alb-App.json" + location: !Ref Section7aAppInstallLocation + share: !Ref Section7bShare + orgid: !Ref Section1eOrgId SumoALBLogsUpdateSource: Type: Custom::SumoLogicUpdateFields diff --git a/aws-observability/apps/apigateway/api_gateway_app.template.yaml b/aws-observability/apps/apigateway/api_gateway_app.template.yaml index 1abe9e1a..dcc90307 100755 --- a/aws-observability/apps/apigateway/api_gateway_app.template.yaml +++ b/aws-observability/apps/apigateway/api_gateway_app.template.yaml @@ -12,6 +12,7 @@ Metadata: - Section1bSumoAccessID - Section1cSumoAccessKey - Section1dRemoveSumoResourcesOnDeleteStack + - Section1eOrgId - Label: default: "App Details - Sumo Logic App Configuration" @@ -31,6 +32,12 @@ Metadata: - Section4bTemplatesBucketName - Section4cNestedTemplateVersion + - Label: + default: "App Installation and sharing" + Parameters: + - Section5aAppInstallLocation + - Section5bShare + ParameterLabels: Section1aSumoDeployment: default: "Sumo Logic Deployment Name" @@ -40,6 +47,8 @@ Metadata: default: "Sumo Logic Access Key" Section1dRemoveSumoResourcesOnDeleteStack: default: "Delete Sumo Logic Resources when stack is deleted" + Section1eOrgId: + default: "Sumo Logic Organization Id" Section2aInstallApp: default: "Install Sumo Logic App" @@ -56,6 +65,11 @@ Metadata: Section4cNestedTemplateVersion: default: "Nested Templates Version" + Section5aAppInstallLocation: + default: "App Installation location" + Section5bShare: + default: "Share" + Parameters: Section1aSumoDeployment: Type: String @@ -80,6 +94,11 @@ Parameters: Description: "To delete collectors, sources and apps when the stack is deleted, set this parameter to True. Default is True. Deletes the resources created by the stack. Deletion of updated resources will be skipped." Type: String + Section1eOrgId: + Description: "Appears on the Account Overview page that displays information about your Sumo Logic organization. Used for IAM Role in Sumo Logic AWS Sources. Visit https://help.sumologic.com/01Start-Here/05Customize-Your-Sumo-Logic-Experience/Preferences-Page" + Type: String + AllowedPattern: ".+" + ConstraintDescription: "Sumo Logic Organization Id can not be empty." Section2aInstallApp: Type: String @@ -116,6 +135,23 @@ Parameters: Description: "Provide the version for the nested templates. Default is the latest version." AllowedPattern: ".+" + Section5aAppInstallLocation: + Type: String + Description: "Personal - Installs App in user's Personal folder. + admin - Installs App in admin Recommended Folder" + Default: 'Personal' + AllowedValues: + - 'Personal' + - 'admin' + Section5bShare: + Type: String + Description: "True - Installed App will be visible to all members of the organisation. + False - Installed App will be visible to you only." + Default: 'True' + AllowedValues: + - 'True' + - 'False' + Conditions: install_app: !Equals [!Ref Section2aInstallApp, 'Yes'] @@ -139,6 +175,9 @@ Resources: SumoAccessKey: !Ref Section1cSumoAccessKey SumoDeployment: !Ref Section1aSumoDeployment AppJsonS3Url: !Sub "https://${Section4bTemplatesBucketName}.s3.amazonaws.com/aws-observability-versions/${Section4cNestedTemplateVersion}/appjson/Api-Gateway-App.json" + location: !Ref Section5aAppInstallLocation + share: !Ref Section5bShare + orgid: !Ref Section1eOrgId FieldExtractionRule: Type: Custom::SumoLogicFieldExtractionRule diff --git a/aws-observability/apps/dynamodb/dynamodb_app.template.yaml b/aws-observability/apps/dynamodb/dynamodb_app.template.yaml index 214b9e2d..f30fcef5 100755 --- a/aws-observability/apps/dynamodb/dynamodb_app.template.yaml +++ b/aws-observability/apps/dynamodb/dynamodb_app.template.yaml @@ -12,6 +12,7 @@ Metadata: - Section1bSumoAccessID - Section1cSumoAccessKey - Section1dRemoveSumoResourcesOnDeleteStack + - Section1eOrgId - Label: default: "App Details - Sumo Logic App Configuration" @@ -31,6 +32,12 @@ Metadata: - Section4bTemplatesBucketName - Section4cNestedTemplateVersion + - Label: + default: "App Installation and sharing" + Parameters: + - Section5aAppInstallLocation + - Section5bShare + ParameterLabels: Section1aSumoDeployment: default: "Sumo Logic Deployment Name" @@ -40,6 +47,8 @@ Metadata: default: "Sumo Logic Access Key" Section1dRemoveSumoResourcesOnDeleteStack: default: "Delete Sumo Logic Resources when stack is deleted" + Section1eOrgId: + default: "Sumo Logic Organization Id" Section2aInstallApp: default: "Install Sumo Logic App" @@ -56,6 +65,11 @@ Metadata: Section4cNestedTemplateVersion: default: "Nested Templates Version" + Section5aAppInstallLocation: + default: "App Installation location" + Section5bShare: + default: "Share" + Parameters: Section1aSumoDeployment: Type: String @@ -80,6 +94,11 @@ Parameters: Description: "To delete collectors, sources and apps when the stack is deleted, set this parameter to True. Default is True. Deletes the resources created by the stack. Deletion of updated resources will be skipped." Type: String + Section1eOrgId: + Description: "Appears on the Account Overview page that displays information about your Sumo Logic organization. Used for IAM Role in Sumo Logic AWS Sources. Visit https://help.sumologic.com/01Start-Here/05Customize-Your-Sumo-Logic-Experience/Preferences-Page" + Type: String + AllowedPattern: ".+" + ConstraintDescription: "Sumo Logic Organization Id can not be empty." Section2aInstallApp: Type: String @@ -116,6 +135,23 @@ Parameters: Description: "Provide the version for the nested templates. Default is the latest version." AllowedPattern: ".+" + Section5aAppInstallLocation: + Type: String + Description: "Personal - Installs App in user's Personal folder. + admin - Installs App in admin Recommended Folder" + Default: 'Personal' + AllowedValues: + - 'Personal' + - 'admin' + Section5bShare: + Type: String + Description: "True - Installed App will be visible to all members of the organisation. + False - Installed App will be visible to you only." + Default: 'True' + AllowedValues: + - 'True' + - 'False' + Conditions: install_app: !Equals [!Ref Section2aInstallApp, 'Yes'] @@ -139,6 +175,9 @@ Resources: SumoAccessKey: !Ref Section1cSumoAccessKey SumoDeployment: !Ref Section1aSumoDeployment AppJsonS3Url: !Sub "https://${Section4bTemplatesBucketName}.s3.amazonaws.com/aws-observability-versions/${Section4cNestedTemplateVersion}/appjson/DynamoDb-App.json" + location: !Ref Section5aAppInstallLocation + share: !Ref Section5bShare + orgid: !Ref Section1eOrgId FieldExtractionRule: Type: Custom::SumoLogicFieldExtractionRule diff --git a/aws-observability/apps/ec2metrics/ec2_metrics_app.template.yaml b/aws-observability/apps/ec2metrics/ec2_metrics_app.template.yaml index cf319977..9dcff825 100755 --- a/aws-observability/apps/ec2metrics/ec2_metrics_app.template.yaml +++ b/aws-observability/apps/ec2metrics/ec2_metrics_app.template.yaml @@ -12,6 +12,7 @@ Metadata: - Section1bSumoAccessID - Section1cSumoAccessKey - Section1dRemoveSumoResourcesOnDeleteStack + - Section1eOrgId - Label: default: "App Details - Sumo Logic App Configuration" @@ -31,6 +32,12 @@ Metadata: - Section4aCloudTrailLogsSourceName - Section4bCloudTrailSourceUpdated + - Label: + default: "App Installation and sharing" + Parameters: + - Section5aAppInstallLocation + - Section5bShare + ParameterLabels: Section1aSumoDeployment: default: "Sumo Logic Deployment Name" @@ -40,6 +47,8 @@ Metadata: default: "Sumo Logic Access Key" Section1dRemoveSumoResourcesOnDeleteStack: default: "Delete Sumo Logic Resources when stack is deleted" + Section1eOrgId: + default: "Sumo Logic Organization Id" Section2aInstallApp: default: "Install Sumo Logic App" @@ -56,6 +65,11 @@ Metadata: Section4bCloudTrailSourceUpdated: default: "Existing Source Updated" + Section5aAppInstallLocation: + default: "App Installation location" + Section5bShare: + default: "Share" + Parameters: Section1aSumoDeployment: Type: String @@ -80,6 +94,11 @@ Parameters: Description: "To delete collectors, sources and apps when the stack is deleted, set this parameter to True. Default is True. Deletes the resources created by the stack. Deletion of updated resources will be skipped." Type: String + Section1eOrgId: + Description: "Appears on the Account Overview page that displays information about your Sumo Logic organization. Used for IAM Role in Sumo Logic AWS Sources. Visit https://help.sumologic.com/01Start-Here/05Customize-Your-Sumo-Logic-Experience/Preferences-Page" + Type: String + AllowedPattern: ".+" + ConstraintDescription: "Sumo Logic Organization Id can not be empty." Section2aInstallApp: Type: String @@ -115,6 +134,23 @@ Parameters: AllowedValues: - 'Yes' - 'No' + + Section5aAppInstallLocation: + Type: String + Description: "Personal - Installs App in user's Personal folder. + admin - Installs App in admin Recommended Folder" + Default: 'Personal' + AllowedValues: + - 'Personal' + - 'admin' + Section5bShare: + Type: String + Description: "True - Installed App will be visible to all members of the organisation. + False - Installed App will be visible to you only." + Default: 'True' + AllowedValues: + - 'True' + - 'False' Conditions: install_app: !Equals [!Ref Section2aInstallApp, 'Yes'] @@ -139,6 +175,9 @@ Resources: SumoAccessKey: !Ref Section1cSumoAccessKey SumoDeployment: !Ref Section1aSumoDeployment AppJsonS3Url: !Sub "https://${Section3bTemplatesBucketName}.s3.amazonaws.com/aws-observability-versions/${Section3cNestedTemplateVersion}/appjson/EC2-Metrics-App.json" + location: !Ref Section5aAppInstallLocation + share: !Ref Section5bShare + orgid: !Ref Section1eOrgId FieldExtractionRule: Type: Custom::SumoLogicFieldExtractionRule @@ -188,6 +227,9 @@ Resources: SumoAccessKey: !Ref Section1cSumoAccessKey SumoDeployment: !Ref Section1aSumoDeployment AppJsonS3Url: !Sub "https://${Section3bTemplatesBucketName}.s3.amazonaws.com/aws-observability-versions/${Section3cNestedTemplateVersion}/appjson/Overview-App.json" + location: !Ref Section5aAppInstallLocation + share: !Ref Section5bShare + orgid: !Ref Section1eOrgId sumoMonitorAlerts: Type: Custom::AlertsMonitor diff --git a/aws-observability/apps/ecs/ecs_app.template.yaml b/aws-observability/apps/ecs/ecs_app.template.yaml index 5b7da106..aa7761ed 100755 --- a/aws-observability/apps/ecs/ecs_app.template.yaml +++ b/aws-observability/apps/ecs/ecs_app.template.yaml @@ -12,6 +12,7 @@ Metadata: - Section1bSumoAccessID - Section1cSumoAccessKey - Section1dRemoveSumoResourcesOnDeleteStack + - Section1eOrgId - Label: default: "App Details - Sumo Logic App Configuration" @@ -31,6 +32,12 @@ Metadata: - Section4bTemplatesBucketName - Section4cNestedTemplateVersion + - Label: + default: "App Installation and sharing" + Parameters: + - Section5aAppInstallLocation + - Section5bShare + ParameterLabels: Section1aSumoDeployment: default: "Sumo Logic Deployment Name" @@ -40,6 +47,8 @@ Metadata: default: "Sumo Logic Access Key" Section1dRemoveSumoResourcesOnDeleteStack: default: "Delete Sumo Logic Resources when stack is deleted" + Section1eOrgId: + default: "Sumo Logic Organization Id" Section2aInstallApp: default: "Install Sumo Logic App" @@ -56,6 +65,11 @@ Metadata: Section4cNestedTemplateVersion: default: "Nested Templates Version" + Section5aAppInstallLocation: + default: "App Installation location" + Section5bShare: + default: "Share" + Parameters: Section1aSumoDeployment: Type: String @@ -80,6 +94,11 @@ Parameters: Description: "To delete collectors, sources and apps when the stack is deleted, set this parameter to True. Default is True. Deletes the resources created by the stack. Deletion of updated resources will be skipped." Type: String + Section1eOrgId: + Description: "Appears on the Account Overview page that displays information about your Sumo Logic organization. Used for IAM Role in Sumo Logic AWS Sources. Visit https://help.sumologic.com/01Start-Here/05Customize-Your-Sumo-Logic-Experience/Preferences-Page" + Type: String + AllowedPattern: ".+" + ConstraintDescription: "Sumo Logic Organization Id can not be empty." Section2aInstallApp: Type: String @@ -116,6 +135,23 @@ Parameters: Description: "Provide the version for the nested templates. Default is the latest version." AllowedPattern: ".+" + Section5aAppInstallLocation: + Type: String + Description: "Personal - Installs App in user's Personal folder. + admin - Installs App in admin Recommended Folder" + Default: 'Personal' + AllowedValues: + - 'Personal' + - 'admin' + Section5bShare: + Type: String + Description: "True - Installed App will be visible to all members of the organisation. + False - Installed App will be visible to you only." + Default: 'True' + AllowedValues: + - 'True' + - 'False' + Conditions: install_app: !Equals [!Ref Section2aInstallApp, 'Yes'] @@ -149,6 +185,9 @@ Resources: SumoAccessKey: !Ref Section1cSumoAccessKey SumoDeployment: !Ref Section1aSumoDeployment AppJsonS3Url: !Sub "https://${Section4bTemplatesBucketName}.s3.amazonaws.com/aws-observability-versions/${Section4cNestedTemplateVersion}/appjson/Ecs-App.json" + location: !Ref Section5aAppInstallLocation + share: !Ref Section5bShare + orgid: !Ref Section1eOrgId FieldExtractionRule: Type: Custom::SumoLogicFieldExtractionRule diff --git a/aws-observability/apps/elasticache/elasticache_app.template.yaml b/aws-observability/apps/elasticache/elasticache_app.template.yaml index 33e9e080..56effc0a 100755 --- a/aws-observability/apps/elasticache/elasticache_app.template.yaml +++ b/aws-observability/apps/elasticache/elasticache_app.template.yaml @@ -12,6 +12,7 @@ Metadata: - Section1bSumoAccessID - Section1cSumoAccessKey - Section1dRemoveSumoResourcesOnDeleteStack + - Section1eOrgId - Label: default: "App Details - Sumo Logic App Configuration" @@ -31,6 +32,12 @@ Metadata: - Section4bTemplatesBucketName - Section4cNestedTemplateVersion + - Label: + default: "App Installation and sharing" + Parameters: + - Section5aAppInstallLocation + - Section5bShare + ParameterLabels: Section1aSumoDeployment: default: "Sumo Logic Deployment Name" @@ -40,6 +47,8 @@ Metadata: default: "Sumo Logic Access Key" Section1dRemoveSumoResourcesOnDeleteStack: default: "Delete Sumo Logic Resources when stack is deleted" + Section1eOrgId: + default: "Sumo Logic Organization Id" Section2aInstallApp: default: "Install Sumo Logic App" @@ -56,6 +65,11 @@ Metadata: Section4cNestedTemplateVersion: default: "Nested Templates Version" + Section5aAppInstallLocation: + default: "App Installation location" + Section5bShare: + default: "Share" + Parameters: Section1aSumoDeployment: Type: String @@ -80,6 +94,11 @@ Parameters: Description: "To delete collectors, sources and apps when the stack is deleted, set this parameter to True. Default is True. Deletes the resources created by the stack. Deletion of updated resources will be skipped." Type: String + Section1eOrgId: + Description: "Appears on the Account Overview page that displays information about your Sumo Logic organization. Used for IAM Role in Sumo Logic AWS Sources. Visit https://help.sumologic.com/01Start-Here/05Customize-Your-Sumo-Logic-Experience/Preferences-Page" + Type: String + AllowedPattern: ".+" + ConstraintDescription: "Sumo Logic Organization Id can not be empty." Section2aInstallApp: Type: String @@ -116,6 +135,23 @@ Parameters: Description: "Provide the version for the nested templates. Default is the latest version." AllowedPattern: ".+" + Section5aAppInstallLocation: + Type: String + Description: "Personal - Installs App in user's Personal folder. + admin - Installs App in admin Recommended Folder" + Default: 'Personal' + AllowedValues: + - 'Personal' + - 'admin' + Section5bShare: + Type: String + Description: "True - Installed App will be visible to all members of the organisation. + False - Installed App will be visible to you only." + Default: 'True' + AllowedValues: + - 'True' + - 'False' + Conditions: install_app: !Equals [!Ref Section2aInstallApp, 'Yes'] @@ -139,6 +175,9 @@ Resources: SumoAccessKey: !Ref Section1cSumoAccessKey SumoDeployment: !Ref Section1aSumoDeployment AppJsonS3Url: !Sub "https://${Section4bTemplatesBucketName}.s3.amazonaws.com/aws-observability-versions/${Section4cNestedTemplateVersion}/appjson/ElastiCache-App.json" + location: !Ref Section5aAppInstallLocation + share: !Ref Section5bShare + orgid: !Ref Section1eOrgId FieldExtractionRule: Type: Custom::SumoLogicFieldExtractionRule diff --git a/aws-observability/apps/elb/elb_app.template.yaml b/aws-observability/apps/elb/elb_app.template.yaml index 69c5865a..c74e51f4 100755 --- a/aws-observability/apps/elb/elb_app.template.yaml +++ b/aws-observability/apps/elb/elb_app.template.yaml @@ -12,6 +12,7 @@ Metadata: - Section1bSumoAccessID - Section1cSumoAccessKey - Section1dRemoveSumoResourcesOnDeleteStack + - Section1eOrgId - Label: default: "Sumo Logic AWS Resources Tagging Configuration (Required)" @@ -42,6 +43,12 @@ Metadata: - Section6bTemplatesBucketName - Section6cNestedTemplateVersion + - Label: + default: "App Installation and sharing" + Parameters: + - Section7aAppInstallLocation + - Section7bShare + ParameterLabels: Section1aSumoDeployment: default: "Sumo Logic Deployment Name" @@ -51,6 +58,8 @@ Metadata: default: "Sumo Logic Access Key" Section1dRemoveSumoResourcesOnDeleteStack: default: "Delete Sumo Logic Resources when stack is deleted" + Section1eOrgId: + default: "Sumo Logic Organization Id" Section2aAccountAlias: default: "Alias for AWS Account Identification. Please leave this blank if you are using CloudFormation StackSets to deploy the solution in multiple AWS accounts." @@ -76,6 +85,11 @@ Metadata: Section6cNestedTemplateVersion: default: "Nested Templates Version" + Section7aAppInstallLocation: + default: "App Installation location" + Section7bShare: + default: "Share" + Parameters: Section1aSumoDeployment: Type: String @@ -100,6 +114,11 @@ Parameters: Description: "To delete collectors, sources and apps when the stack is deleted, set this parameter to True. Default is True. Deletes the resources created by the stack. Deletion of updated resources will be skipped." Type: String + Section1eOrgId: + Description: "Appears on the Account Overview page that displays information about your Sumo Logic organization. Used for IAM Role in Sumo Logic AWS Sources. Visit https://help.sumologic.com/01Start-Here/05Customize-Your-Sumo-Logic-Experience/Preferences-Page" + Type: String + AllowedPattern: ".+" + ConstraintDescription: "Sumo Logic Organization Id can not be empty." Section2aAccountAlias: Type: String @@ -149,6 +168,23 @@ Parameters: Description: "Provide the version for the nested templates. Default is the latest version." AllowedPattern: ".+" + Section7aAppInstallLocation: + Type: String + Description: "Personal - Installs App in user's Personal folder. + admin - Installs App in admin Recommended Folder" + Default: 'Personal' + AllowedValues: + - 'Personal' + - 'admin' + Section7bShare: + Type: String + Description: "True - Installed App will be visible to all members of the organisation. + False - Installed App will be visible to you only." + Default: 'True' + AllowedValues: + - 'True' + - 'False' + Conditions: install_app: !Equals [!Ref Section3aInstallApp, 'Yes'] @@ -281,6 +317,9 @@ Resources: SumoAccessKey: !Ref Section1cSumoAccessKey SumoDeployment: !Ref Section1aSumoDeployment AppJsonS3Url: !Sub "https://${Section6bTemplatesBucketName}.s3.amazonaws.com/aws-observability-versions/${Section6cNestedTemplateVersion}/appjson/Classic-lb-App.json" + location: !Ref Section7aAppInstallLocation + share: !Ref Section7bShare + orgid: !Ref Section1eOrgId SumoELBLogsUpdateSource: Type: Custom::SumoLogicUpdateFields diff --git a/aws-observability/apps/lambda/lambda_app.template.yaml b/aws-observability/apps/lambda/lambda_app.template.yaml index 9cc89deb..6394fb4e 100755 --- a/aws-observability/apps/lambda/lambda_app.template.yaml +++ b/aws-observability/apps/lambda/lambda_app.template.yaml @@ -12,6 +12,7 @@ Metadata: - Section1bSumoAccessID - Section1cSumoAccessKey - Section1dRemoveSumoResourcesOnDeleteStack + - Section1eOrgId - Label: default: "Sumo Logic AWS Resources Tagging Configuration (Required)" @@ -48,6 +49,12 @@ Metadata: - Section7bTemplatesBucketName - Section7cNestedTemplateVersion + - Label: + default: "App Installation and sharing" + Parameters: + - Section8aAppInstallLocation + - Section8bShare + ParameterLabels: Section1aSumoDeployment: default: "Sumo Logic Deployment Name" @@ -57,6 +64,8 @@ Metadata: default: "Sumo Logic Access Key" Section1dRemoveSumoResourcesOnDeleteStack: default: "Delete Sumo Logic Resources when stack is deleted" + Section1eOrgId: + default: "Sumo Logic Organization Id" Section2aAccountAlias: default: "Alias for AWS Account Identification. Please leave this blank if you are using CloudFormation StackSets to deploy the solution in multiple AWS accounts." @@ -87,6 +96,11 @@ Metadata: Section7cNestedTemplateVersion: default: "Nested Templates Version" + Section8aAppInstallLocation: + default: "App Installation location" + Section8bShare: + default: "Share" + Parameters: Section1aSumoDeployment: Type: String @@ -111,6 +125,11 @@ Parameters: Description: "To delete collectors, sources and apps when the stack is deleted, set this parameter to True. Default is True. Deletes the resources created by the stack. Deletion of updated resources will be skipped." Type: String + Section1eOrgId: + Description: "Appears on the Account Overview page that displays information about your Sumo Logic organization. Used for IAM Role in Sumo Logic AWS Sources. Visit https://help.sumologic.com/01Start-Here/05Customize-Your-Sumo-Logic-Experience/Preferences-Page" + Type: String + AllowedPattern: ".+" + ConstraintDescription: "Sumo Logic Organization Id can not be empty." Section2aAccountAlias: Type: String @@ -169,6 +188,23 @@ Parameters: Description: "Provide the version for the nested templates. Default is the latest version." AllowedPattern: ".+" + Section8aAppInstallLocation: + Type: String + Description: "Personal - Installs App in user's Personal folder. + admin - Installs App in admin Recommended Folder" + Default: 'Personal' + AllowedValues: + - 'Personal' + - 'admin' + Section8bShare: + Type: String + Description: "True - Installed App will be visible to all members of the organisation. + False - Installed App will be visible to you only." + Default: 'True' + AllowedValues: + - 'True' + - 'False' + Conditions: install_app: !Equals [!Ref Section3aInstallApp, 'Yes'] @@ -214,6 +250,9 @@ Resources: SumoAccessKey: !Ref Section1cSumoAccessKey SumoDeployment: !Ref Section1aSumoDeployment AppJsonS3Url: !Sub "https://${Section7bTemplatesBucketName}.s3.amazonaws.com/aws-observability-versions/${Section7cNestedTemplateVersion}/appjson/Lambda-App.json" + location: !Ref Section8aAppInstallLocation + share: !Ref Section8bShare + orgid: !Ref Section1eOrgId SumoCloudTrailLogsUpdateSource: Type: Custom::SumoLogicUpdateFields diff --git a/aws-observability/apps/nlb/nlb_app.template.yaml b/aws-observability/apps/nlb/nlb_app.template.yaml index c852a8b3..5311e1dd 100755 --- a/aws-observability/apps/nlb/nlb_app.template.yaml +++ b/aws-observability/apps/nlb/nlb_app.template.yaml @@ -12,6 +12,7 @@ Metadata: - Section1bSumoAccessID - Section1cSumoAccessKey - Section1dRemoveSumoResourcesOnDeleteStack + - Section1eOrgId - Label: default: "App Details - Sumo Logic App Configuration" @@ -31,6 +32,12 @@ Metadata: - Section4bTemplatesBucketName - Section4cNestedTemplateVersion + - Label: + default: "App Installation and sharing" + Parameters: + - Section5aAppInstallLocation + - Section5bShare + ParameterLabels: Section1aSumoDeployment: default: "Sumo Logic Deployment Name" @@ -40,6 +47,8 @@ Metadata: default: "Sumo Logic Access Key" Section1dRemoveSumoResourcesOnDeleteStack: default: "Delete Sumo Logic Resources when stack is deleted" + Section1eOrgId: + default: "Sumo Logic Organization Id" Section2aInstallApp: default: "Install Sumo Logic App" @@ -56,6 +65,11 @@ Metadata: Section4cNestedTemplateVersion: default: "Nested Templates Version" + Section5aAppInstallLocation: + default: "App Installation location" + Section5bShare: + default: "Share" + Parameters: Section1aSumoDeployment: Type: String @@ -80,6 +94,11 @@ Parameters: Description: "To delete collectors, sources and apps when the stack is deleted, set this parameter to True. Default is True. Deletes the resources created by the stack. Deletion of updated resources will be skipped." Type: String + Section1eOrgId: + Description: "Appears on the Account Overview page that displays information about your Sumo Logic organization. Used for IAM Role in Sumo Logic AWS Sources. Visit https://help.sumologic.com/01Start-Here/05Customize-Your-Sumo-Logic-Experience/Preferences-Page" + Type: String + AllowedPattern: ".+" + ConstraintDescription: "Sumo Logic Organization Id can not be empty." Section2aInstallApp: Type: String @@ -116,6 +135,23 @@ Parameters: Description: "Provide the version for the nested templates. Default is the latest version." AllowedPattern: ".+" + Section5aAppInstallLocation: + Type: String + Description: "Personal - Installs App in user's Personal folder. + admin - Installs App in admin Recommended Folder" + Default: 'Personal' + AllowedValues: + - 'Personal' + - 'admin' + Section5bShare: + Type: String + Description: "True - Installed App will be visible to all members of the organisation. + False - Installed App will be visible to you only." + Default: 'True' + AllowedValues: + - 'True' + - 'False' + Conditions: install_app: !Equals [!Ref Section2aInstallApp, 'Yes'] @@ -163,6 +199,9 @@ Resources: SumoAccessKey: !Ref Section1cSumoAccessKey SumoDeployment: !Ref Section1aSumoDeployment AppJsonS3Url: !Sub "https://${Section4bTemplatesBucketName}.s3.amazonaws.com/aws-observability-versions/${Section4cNestedTemplateVersion}/appjson/Nlb-App.json" + location: !Ref Section5aAppInstallLocation + share: !Ref Section5bShare + orgid: !Ref Section1eOrgId FieldExtractionRule: Type: Custom::SumoLogicFieldExtractionRule diff --git a/aws-observability/apps/permissionchecker/permissioncheck.nested.template.yaml b/aws-observability/apps/permissionchecker/permissioncheck.nested.template.yaml index 83e0a744..87deda98 100644 --- a/aws-observability/apps/permissionchecker/permissioncheck.nested.template.yaml +++ b/aws-observability/apps/permissionchecker/permissioncheck.nested.template.yaml @@ -12,6 +12,7 @@ Metadata: - Section1bSumoLogicAccessID - Section1cSumoLogicAccessKey - Section1dSumoLogicOrganizationId + - Section1eOrgId - Label: default: "Local Parameters. Do Not Edit the values." @@ -19,6 +20,12 @@ Metadata: - TemplatesBucketName - NestedTemplateVersion + - Label: + default: "App Installation and sharing" + Parameters: + - Section3aAppInstallLocation + - Section3bShare + ParameterLabels: Section1aSumoLogicDeployment: default: "Sumo Logic Deployment Name" @@ -28,12 +35,19 @@ Metadata: default: "Sumo Logic Access Key" Section1dSumoLogicOrganizationId: default: "Sumo Logic Organization Id" + Section1eOrgId: + default: "Sumo Logic Organization Id" TemplatesBucketName: default: "Nested Templates Bucket Name" NestedTemplateVersion: default: "Nested Templates Version" + Section3aAppInstallLocation: + default: "App Installation location" + Section3bShare: + default: "Share" + Parameters: Section1aSumoLogicDeployment: Type: String @@ -64,6 +78,11 @@ Parameters: Type: String AllowedPattern: ".+" ConstraintDescription: "Sumo Logic Organization Id can not be empty." + Section1eOrgId: + Description: "Appears on the Account Overview page that displays information about your Sumo Logic organization. Used for IAM Role in Sumo Logic AWS Sources. Visit https://help.sumologic.com/01Start-Here/05Customize-Your-Sumo-Logic-Experience/Preferences-Page" + Type: String + AllowedPattern: ".+" + ConstraintDescription: "Sumo Logic Organization Id can not be empty." TemplatesBucketName: Type: String @@ -74,6 +93,23 @@ Parameters: Description: "Provide the version for the nested templates. Default is the latest version." AllowedPattern: ".+" + Section3aAppInstallLocation: + Type: String + Description: "Personal - Installs App in user's Personal folder. + admin - Installs App in admin Recommended Folder" + Default: 'Personal' + AllowedValues: + - 'Personal' + - 'admin' + Section3bShare: + Type: String + Description: "True - Installed App will be visible to all members of the organisation. + False - Installed App will be visible to you only." + Default: 'True' + AllowedValues: + - 'True' + - 'False' + Mappings: # Bucket names where the Lambda Zip and Nested Templates are kept. Buckets are present in region, with region as suffix. # Some buckets names have 's' in the region suffix. It is kept intentional as bucket names were not available. @@ -555,6 +591,9 @@ Resources: SumoAccessKey: !Ref Section1cSumoLogicAccessKey SumoDeployment: !Ref Section1aSumoLogicDeployment AppJsonS3Url: !Sub "https://${TemplatesBucketName}.s3.amazonaws.com/aws-observability-versions/${NestedTemplateVersion}/appjson/Overview-App.json" + location: !Ref Section3aAppInstallLocation + share: !Ref Section3bShare + orgid: !Ref Section1eOrgId sumoMonitorAlerts: Type: Custom::AlertsMonitor diff --git a/aws-observability/apps/rds/rds_app.template.yaml b/aws-observability/apps/rds/rds_app.template.yaml index 9def809c..0b399de9 100755 --- a/aws-observability/apps/rds/rds_app.template.yaml +++ b/aws-observability/apps/rds/rds_app.template.yaml @@ -12,6 +12,7 @@ Metadata: - Section1bSumoAccessID - Section1cSumoAccessKey - Section1dRemoveSumoResourcesOnDeleteStack + - Section1eOrgId - Label: default: "App Details - Sumo Logic App Configuration" @@ -31,6 +32,12 @@ Metadata: - Section4bTemplatesBucketName - Section4cNestedTemplateVersion + - Label: + default: "App Installation and sharing" + Parameters: + - Section5aAppInstallLocation + - Section5bShare + ParameterLabels: Section1aSumoDeployment: default: "Sumo Logic Deployment Name" @@ -40,6 +47,8 @@ Metadata: default: "Sumo Logic Access Key" Section1dRemoveSumoResourcesOnDeleteStack: default: "Delete Sumo Logic Resources when stack is deleted" + Section1eOrgId: + default: "Sumo Logic Organization Id" Section2aInstallApp: default: "Install Sumo Logic App" @@ -56,6 +65,11 @@ Metadata: Section4cNestedTemplateVersion: default: "Nested Templates Version" + Section5aAppInstallLocation: + default: "App Installation location" + Section5bShare: + default: "Share" + Parameters: Section1aSumoDeployment: Type: String @@ -80,6 +94,11 @@ Parameters: Description: "To delete collectors, sources and apps when the stack is deleted, set this parameter to True. Default is True. Deletes the resources created by the stack. Deletion of updated resources will be skipped." Type: String + Section1eOrgId: + Description: "Appears on the Account Overview page that displays information about your Sumo Logic organization. Used for IAM Role in Sumo Logic AWS Sources. Visit https://help.sumologic.com/01Start-Here/05Customize-Your-Sumo-Logic-Experience/Preferences-Page" + Type: String + AllowedPattern: ".+" + ConstraintDescription: "Sumo Logic Organization Id can not be empty." Section2aInstallApp: Type: String @@ -116,6 +135,23 @@ Parameters: Description: "Provide the version for the nested templates. Default is the latest version." AllowedPattern: ".+" + Section5aAppInstallLocation: + Type: String + Description: "Personal - Installs App in user's Personal folder. + admin - Installs App in admin Recommended Folder" + Default: 'Personal' + AllowedValues: + - 'Personal' + - 'admin' + Section5bShare: + Type: String + Description: "True - Installed App will be visible to all members of the organisation. + False - Installed App will be visible to you only." + Default: 'True' + AllowedValues: + - 'True' + - 'False' + Conditions: install_app: !Equals [!Ref Section2aInstallApp, 'Yes'] @@ -167,6 +203,9 @@ Resources: SumoAccessKey: !Ref Section1cSumoAccessKey SumoDeployment: !Ref Section1aSumoDeployment AppJsonS3Url: !Sub "https://${Section4bTemplatesBucketName}.s3.amazonaws.com/aws-observability-versions/${Section4cNestedTemplateVersion}/appjson/Rds-App.json" + location: !Ref Section5aAppInstallLocation + share: !Ref Section5bShare + orgid: !Ref Section1eOrgId FieldExtractionRule: Type: Custom::SumoLogicFieldExtractionRule diff --git a/aws-observability/apps/rootcause/rootcauseexplorer.template.yaml b/aws-observability/apps/rootcause/rootcauseexplorer.template.yaml index 157a8e8b..73715c46 100755 --- a/aws-observability/apps/rootcause/rootcauseexplorer.template.yaml +++ b/aws-observability/apps/rootcause/rootcauseexplorer.template.yaml @@ -13,6 +13,7 @@ Metadata: - Section1cSumoAccessKey - Section1dSumoOrganizationId - Section1eRemoveSumoResourcesOnDeleteStack + - Section1fOrgId - Label: default: "App Details - Sumo Logic Collector Configuration" @@ -45,6 +46,12 @@ Metadata: - Section5bTemplatesBucketName - Section5cNestedTemplateVersion + - Label: + default: "App Installation and sharing" + Parameters: + - Section6aAppInstallLocation + - Section6bShare + ParameterLabels: Section1aSumoDeployment: default: "Sumo Logic Deployment Name" @@ -56,6 +63,8 @@ Metadata: default: "Sumo Logic Organization Id" Section1eRemoveSumoResourcesOnDeleteStack: default: "Delete Sumo Logic Resources when stack is deleted" + Section1fOrgId: + default: "Sumo Logic Organization Id" Section2aInstallApp: default: "Create AWS Root Cause Explorer App" @@ -91,6 +100,11 @@ Metadata: Section5cNestedTemplateVersion: default: "Nested Templates Version" + Section6aAppInstallLocation: + default: "App Installation location" + Section6bShare: + default: "Share" + Parameters: Section1aSumoDeployment: Type: String @@ -120,6 +134,11 @@ Parameters: Description: "To delete collectors, sources and apps when the stack is deleted, set this parameter to True. Default is True. Deletes the resources created by the stack. Deletion of updated resources will be skipped." Type: String + Section1fOrgId: + Description: "Appears on the Account Overview page that displays information about your Sumo Logic organization. Used for IAM Role in Sumo Logic AWS Sources. Visit https://help.sumologic.com/01Start-Here/05Customize-Your-Sumo-Logic-Experience/Preferences-Page" + Type: String + AllowedPattern: ".+" + ConstraintDescription: "Sumo Logic Organization Id can not be empty." Section2aInstallApp: Type: String @@ -200,6 +219,23 @@ Parameters: Description: "Provide the version for the nested templates. Default is the latest version." AllowedPattern: ".+" + Section6aAppInstallLocation: + Type: String + Description: "Personal - Installs App in user's Personal folder. + admin - Installs App in admin Recommended Folder" + Default: 'Personal' + AllowedValues: + - 'Personal' + - 'admin' + Section6bShare: + Type: String + Description: "True - Installed App will be visible to all members of the organisation. + False - Installed App will be visible to you only." + Default: 'True' + AllowedValues: + - 'True' + - 'False' + Conditions: install_app: !Equals [!Ref Section2aInstallApp, 'Yes'] @@ -336,6 +372,9 @@ Resources: SumoAccessKey: !Ref Section1cSumoAccessKey SumoDeployment: !Ref Section1aSumoDeployment AppJsonS3Url: !Sub "https://${Section5bTemplatesBucketName}.s3.amazonaws.com/aws-observability-versions/${Section5cNestedTemplateVersion}/appjson/Rce-App.json" + location: !Ref Section6aAppInstallLocation + share: !Ref Section6bShare + orgid: !Ref Section1fOrgId CloudTrailDevOps: Type: Custom::App @@ -353,6 +392,9 @@ Resources: SumoAccessID: !Ref Section1bSumoAccessID SumoAccessKey: !Ref Section1cSumoAccessKey SumoDeployment: !Ref Section1aSumoDeployment + location: !Ref Section6aAppInstallLocation + share: !Ref Section6bShare + orgid: !Ref Section1fOrgId SumoLogicHostedCollector: Type: Custom::Collector diff --git a/aws-observability/templates/sumologic_observability.master.template.yaml b/aws-observability/templates/sumologic_observability.master.template.yaml index 0b315180..1fc5b7cd 100755 --- a/aws-observability/templates/sumologic_observability.master.template.yaml +++ b/aws-observability/templates/sumologic_observability.master.template.yaml @@ -70,6 +70,12 @@ Metadata: - Section9dELBS3LogsBucketName - Section9eELBS3BucketPathExpression + - Label: + default: "10. App Installation and Sharing" + Parameters: + - Section10aAppInstallLocation + - Section10bShare + ParameterLabels: Section1aSumoLogicDeployment: default: "Sumo Logic Deployment Name" @@ -140,6 +146,11 @@ Metadata: Section9eELBS3BucketPathExpression: default: "Path Expression for existing ELB logs" + Section10aAppInstallLocation: + default: "Location where you want the App to be Installed" + Section10bShare: + default: "Do you want to share App with whole organisation" + Parameters: Section1aSumoLogicDeployment: Type: String @@ -347,6 +358,23 @@ Parameters: Description: "This is required in case the above existing bucket is already configured to receive ELB access logs. If this is blank, Sumo Logic will store logs in the path expression: *AWSLogs/*/elasticloadbalancing/*" Default: "*AWSLogs/*/classicloadbalancing/*" + Section10aAppInstallLocation: + Type: String + Description: "Personal - Installs App in user's Personal folder. + admin - Installs App in admin Recommended Folder" + Default: 'Personal' + AllowedValues: + - 'Personal' + - 'admin' + Section10bShare: + Type: String + Description: "True - Installed App will have view permission to all members of the organisation. + False - Installed App will be visible to user installing the solution." + Default: 'True' + AllowedValues: + - 'True' + - 'False' + Conditions: # Condition for Metrics Source install_inventory_source: !Or @@ -538,6 +566,9 @@ Resources: Section3cNestedTemplateVersion: !FindInMap [CommonData, NestedTemplate, Version] Section4aCloudTrailLogsSourceName: !If [create_cloudtrail_source, "*cloudtrail-logs*", !If [update_cloudtrail_logs_source, !GetAtt sumoLambdaMetricsAppStack.Outputs.ExistingCloudTrailLogSourceName, "" ] ] Section4bCloudTrailSourceUpdated: !If [update_cloudtrail_logs_source, "Yes", "No"] + Section5aAppInstallLocation: !Ref Section10aAppInstallLocation + Section5bShare: !Ref Section10bShare + Section1eOrgId: !Ref Section1dSumoLogicOrganizationId sumoAlbMetricsAppStack: Type: AWS::CloudFormation::Stack @@ -560,6 +591,9 @@ Resources: Section6aParentStackLambdaARN: !GetAtt CreateCommonResources.Outputs.LambdaHelperARN Section6bTemplatesBucketName: !FindInMap [CommonData, NestedTemplate, BucketName] Section6cNestedTemplateVersion: !FindInMap [CommonData, NestedTemplate, Version] + Section7aAppInstallLocation: !Ref Section10aAppInstallLocation + Section7bShare: !Ref Section10bShare + Section1eOrgId: !Ref Section1dSumoLogicOrganizationId sumoElbMetricsAppStack: Type: AWS::CloudFormation::Stack @@ -582,6 +616,9 @@ Resources: Section6aParentStackLambdaARN: !GetAtt CreateCommonResources.Outputs.LambdaHelperARN Section6bTemplatesBucketName: !FindInMap [CommonData, NestedTemplate, BucketName] Section6cNestedTemplateVersion: !FindInMap [CommonData, NestedTemplate, Version] + Section7aAppInstallLocation: !Ref Section10aAppInstallLocation + Section7bShare: !Ref Section10bShare + Section1eOrgId: !Ref Section1dSumoLogicOrganizationId sumoDynamoDBMetricsAppStack: Type: AWS::CloudFormation::Stack @@ -602,6 +639,9 @@ Resources: Section4aParentStackLambdaARN: !GetAtt CreateCommonResources.Outputs.LambdaHelperARN Section4bTemplatesBucketName: !FindInMap [CommonData, NestedTemplate, BucketName] Section4cNestedTemplateVersion: !FindInMap [CommonData, NestedTemplate, Version] + Section5aAppInstallLocation: !Ref Section10aAppInstallLocation + Section5bShare: !Ref Section10bShare + Section1eOrgId: !Ref Section1dSumoLogicOrganizationId sumoRdsMetricsAppStack: Type: AWS::CloudFormation::Stack @@ -622,6 +662,9 @@ Resources: Section4aParentStackLambdaARN: !GetAtt CreateCommonResources.Outputs.LambdaHelperARN Section4bTemplatesBucketName: !FindInMap [CommonData, NestedTemplate, BucketName] Section4cNestedTemplateVersion: !FindInMap [CommonData, NestedTemplate, Version] + Section5aAppInstallLocation: !Ref Section10aAppInstallLocation + Section5bShare: !Ref Section10bShare + Section1eOrgId: !Ref Section1dSumoLogicOrganizationId sumoApiGatewayMetricsAppStack: Type: AWS::CloudFormation::Stack @@ -642,6 +685,9 @@ Resources: Section4aParentStackLambdaARN: !GetAtt CreateCommonResources.Outputs.LambdaHelperARN Section4bTemplatesBucketName: !FindInMap [CommonData, NestedTemplate, BucketName] Section4cNestedTemplateVersion: !FindInMap [CommonData, NestedTemplate, Version] + Section5aAppInstallLocation: !Ref Section10aAppInstallLocation + Section5bShare: !Ref Section10bShare + Section1eOrgId: !Ref Section1dSumoLogicOrganizationId RootCauseAppStack: Type: AWS::CloudFormation::Stack @@ -672,6 +718,9 @@ Resources: Section5aParentStackLambdaARN: !GetAtt CreateCommonResources.Outputs.LambdaHelperARN Section5bTemplatesBucketName: !FindInMap [CommonData, NestedTemplate, BucketName] Section5cNestedTemplateVersion: !FindInMap [CommonData, NestedTemplate, Version] + Section6aAppInstallLocation: !Ref Section10aAppInstallLocation + Section6bShare: !Ref Section10bShare + Section1fOrgId: !Ref Section1dSumoLogicOrganizationId sumoLambdaMetricsAppStack: Type: AWS::CloudFormation::Stack @@ -695,6 +744,9 @@ Resources: Section7aParentStackLambdaARN: !GetAtt CreateCommonResources.Outputs.LambdaHelperARN Section7bTemplatesBucketName: !FindInMap [CommonData, NestedTemplate, BucketName] Section7cNestedTemplateVersion: !FindInMap [CommonData, NestedTemplate, Version] + Section8aAppInstallLocation: !Ref Section10aAppInstallLocation + Section8bShare: !Ref Section10bShare + Section1eOrgId: !Ref Section1dSumoLogicOrganizationId sumoECSMetricsAppStack: Type: AWS::CloudFormation::Stack @@ -715,6 +767,9 @@ Resources: Section4aParentStackLambdaARN: !GetAtt CreateCommonResources.Outputs.LambdaHelperARN Section4bTemplatesBucketName: !FindInMap [CommonData, NestedTemplate, BucketName] Section4cNestedTemplateVersion: !FindInMap [CommonData, NestedTemplate, Version] + Section5aAppInstallLocation: !Ref Section10aAppInstallLocation + Section5bShare: !Ref Section10bShare + Section1eOrgId: !Ref Section1dSumoLogicOrganizationId sumoElasticCacheMetricsAppStack: Type: AWS::CloudFormation::Stack @@ -735,6 +790,9 @@ Resources: Section4aParentStackLambdaARN: !GetAtt CreateCommonResources.Outputs.LambdaHelperARN Section4bTemplatesBucketName: !FindInMap [CommonData, NestedTemplate, BucketName] Section4cNestedTemplateVersion: !FindInMap [CommonData, NestedTemplate, Version] + Section5aAppInstallLocation: !Ref Section10aAppInstallLocation + Section5bShare: !Ref Section10bShare + Section1eOrgId: !Ref Section1dSumoLogicOrganizationId sumoNlbMetricsAppStack: Type: AWS::CloudFormation::Stack @@ -754,4 +812,7 @@ Resources: Section3bNLBSourceUpdated: "No" Section4aParentStackLambdaARN: !GetAtt CreateCommonResources.Outputs.LambdaHelperARN Section4bTemplatesBucketName: !FindInMap [CommonData, NestedTemplate, BucketName] - Section4cNestedTemplateVersion: !FindInMap [CommonData, NestedTemplate, Version] \ No newline at end of file + Section4cNestedTemplateVersion: !FindInMap [CommonData, NestedTemplate, Version] + Section5aAppInstallLocation: !Ref Section10aAppInstallLocation + Section5bShare: !Ref Section10bShare + Section1eOrgId: !Ref Section1dSumoLogicOrganizationId \ No newline at end of file From 4dd17f713ea671113da92e0fbe60afb8ac027125 Mon Sep 17 00:00:00 2001 From: Himanshu Sharma Date: Fri, 28 Jan 2022 15:53:39 +0530 Subject: [PATCH 15/44] Updating to new v2.4.0 --- aws-observability/apps/alb/alb_app.template.yaml | 2 +- aws-observability/apps/common/resources.template.yaml | 4 ++-- aws-observability/apps/elb/elb_app.template.yaml | 2 +- .../hostmetricsfields/host_metrics_add_fields.template.yaml | 2 +- .../apps/rootcause/rootcauseexplorer.template.yaml | 2 +- .../templates/sumologic_observability.master.template.yaml | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/aws-observability/apps/alb/alb_app.template.yaml b/aws-observability/apps/alb/alb_app.template.yaml index 6ce82d14..4a2ce281 100755 --- a/aws-observability/apps/alb/alb_app.template.yaml +++ b/aws-observability/apps/alb/alb_app.template.yaml @@ -283,7 +283,7 @@ Resources: Runtime: python3.7 CodeUri: Bucket: !FindInMap [ RegionMap, !Ref 'AWS::Region', bucketname ] - Key: "sumologic-aws-observability/apps/SumoLogicAWSObservabilityHelper/SumoLogicAWSObservabilityHelperv2.0.13.zip" + Key: "sumologic-aws-observability/apps/SumoLogicAWSObservabilityHelper/SumoLogicAWSObservabilityHelperv2.0.14.zip" MemorySize: 128 Timeout: 900 Role: diff --git a/aws-observability/apps/common/resources.template.yaml b/aws-observability/apps/common/resources.template.yaml index aee3ddb2..9a46355f 100755 --- a/aws-observability/apps/common/resources.template.yaml +++ b/aws-observability/apps/common/resources.template.yaml @@ -466,7 +466,7 @@ Resources: Runtime: python3.7 CodeUri: Bucket: !FindInMap [ RegionMap, !Ref 'AWS::Region', bucketname ] - Key: "sumologic-aws-observability/apps/SumoLogicAWSObservabilityHelper/SumoLogicAWSObservabilityHelperv2.0.13.zip" + Key: "sumologic-aws-observability/apps/SumoLogicAWSObservabilityHelper/SumoLogicAWSObservabilityHelperv2.0.14.zip" MemorySize: 128 Timeout: 900 Role: @@ -509,7 +509,7 @@ Resources: Runtime: python3.7 CodeUri: Bucket: !FindInMap [ RegionMap, !Ref 'AWS::Region', bucketname ] - Key: "sumologic-aws-observability/apps/SumoLogicAWSObservabilityHelper/SumoLogicAWSObservabilityHelperv2.0.13.zip" + Key: "sumologic-aws-observability/apps/SumoLogicAWSObservabilityHelper/SumoLogicAWSObservabilityHelperv2.0.14.zip" MemorySize: 128 Timeout: 900 Role: diff --git a/aws-observability/apps/elb/elb_app.template.yaml b/aws-observability/apps/elb/elb_app.template.yaml index c74e51f4..147b584d 100755 --- a/aws-observability/apps/elb/elb_app.template.yaml +++ b/aws-observability/apps/elb/elb_app.template.yaml @@ -283,7 +283,7 @@ Resources: Runtime: python3.7 CodeUri: Bucket: !FindInMap [ RegionMap, !Ref 'AWS::Region', bucketname ] - Key: "sumologic-aws-observability/apps/SumoLogicAWSObservabilityHelper/SumoLogicAWSObservabilityHelperv2.0.13.zip" + Key: "sumologic-aws-observability/apps/SumoLogicAWSObservabilityHelper/SumoLogicAWSObservabilityHelperv2.0.14.zip" MemorySize: 128 Timeout: 900 Role: diff --git a/aws-observability/apps/hostmetricsfields/host_metrics_add_fields.template.yaml b/aws-observability/apps/hostmetricsfields/host_metrics_add_fields.template.yaml index c870ee02..85c6943e 100644 --- a/aws-observability/apps/hostmetricsfields/host_metrics_add_fields.template.yaml +++ b/aws-observability/apps/hostmetricsfields/host_metrics_add_fields.template.yaml @@ -175,7 +175,7 @@ Resources: Runtime: python3.7 Code: S3Bucket: !FindInMap [RegionMap, !Ref 'AWS::Region', bucketname] - S3Key: "sumologic-aws-observability/apps/SumoLogicAWSObservabilityHelper/SumoLogicAWSObservabilityHelperv2.0.13.zip" + S3Key: "sumologic-aws-observability/apps/SumoLogicAWSObservabilityHelper/SumoLogicAWSObservabilityHelperv2.0.14.zip" MemorySize: 128 Timeout: 900 Role: !GetAtt LambdaRole.Arn diff --git a/aws-observability/apps/rootcause/rootcauseexplorer.template.yaml b/aws-observability/apps/rootcause/rootcauseexplorer.template.yaml index 73715c46..c0dc5243 100755 --- a/aws-observability/apps/rootcause/rootcauseexplorer.template.yaml +++ b/aws-observability/apps/rootcause/rootcauseexplorer.template.yaml @@ -338,7 +338,7 @@ Resources: Runtime: python3.7 CodeUri: Bucket: !FindInMap [ RegionMap, !Ref 'AWS::Region', bucketname ] - Key: "sumologic-aws-observability/apps/SumoLogicAWSObservabilityHelper/SumoLogicAWSObservabilityHelperv2.0.13.zip" + Key: "sumologic-aws-observability/apps/SumoLogicAWSObservabilityHelper/SumoLogicAWSObservabilityHelperv2.0.14.zip" MemorySize: 128 Timeout: 900 Role: diff --git a/aws-observability/templates/sumologic_observability.master.template.yaml b/aws-observability/templates/sumologic_observability.master.template.yaml index 1fc5b7cd..bbac8211 100755 --- a/aws-observability/templates/sumologic_observability.master.template.yaml +++ b/aws-observability/templates/sumologic_observability.master.template.yaml @@ -459,7 +459,7 @@ Mappings: CommonData: NestedTemplate: BucketName: "sumologic-appdev-aws-sam-apps" - Version: "v2.3.1" + Version: "v2.4.0" CollectorDetails: SumoLogicAccountID: 926226587429 CollectorNamePrefix: "aws-observability" From 0a2b401fd32b08b1d1c87447f4504c7da6e852c2 Mon Sep 17 00:00:00 2001 From: Himanshu Sharma Date: Wed, 2 Feb 2022 15:30:24 +0530 Subject: [PATCH 16/44] adding dependency to resolve concurrency --- .../templates/sumologic_observability.master.template.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/aws-observability/templates/sumologic_observability.master.template.yaml b/aws-observability/templates/sumologic_observability.master.template.yaml index bbac8211..c3efcfb7 100755 --- a/aws-observability/templates/sumologic_observability.master.template.yaml +++ b/aws-observability/templates/sumologic_observability.master.template.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: '2010-09-09' -Description: "Version - v2.3.1. Note: Before deploying this template, please select the appropriate region. This CloudFormation template will automate the setup of the AWS Observability Solution. For more information on each parameter, please see the AWS Observability Setup Guide: https://help.sumologic.com/Observability_Solution/AWS_Observability_Solution/01_Deploy_and_Use_AWS_Observability/05_Deploy_AWS_Observability" +Description: "Version - v2.4.0. Note: Before deploying this template, please select the appropriate region. This CloudFormation template will automate the setup of the AWS Observability Solution. For more information on each parameter, please see the AWS Observability Setup Guide: https://help.sumologic.com/Observability_Solution/AWS_Observability_Solution/01_Deploy_and_Use_AWS_Observability/05_Deploy_AWS_Observability" Metadata: 'AWS::CloudFormation::Interface': @@ -597,6 +597,7 @@ Resources: sumoElbMetricsAppStack: Type: AWS::CloudFormation::Stack + DependsOn: sumoAlbMetricsAppStack Properties: TemplateURL: !Sub - "https://${BucketName}.s3.amazonaws.com/aws-observability-versions/${Version}/elb/elb_app.template.yaml" @@ -724,6 +725,7 @@ Resources: sumoLambdaMetricsAppStack: Type: AWS::CloudFormation::Stack + DependsOn: sumoAlbMetricsAppStack Properties: TemplateURL: !Sub - "https://${BucketName}.s3.amazonaws.com/aws-observability-versions/${Version}/lambda/lambda_app.template.yaml" From 86bca8cd2c9fc65b94fe0f1404735c07557f4881 Mon Sep 17 00:00:00 2001 From: soagarwal07 Date: Thu, 3 Feb 2022 17:30:46 +0530 Subject: [PATCH 17/44] addee cold start panels --- aws-observability/json/Lambda-App.json | 161 +++++++++++++++++-------- 1 file changed, 112 insertions(+), 49 deletions(-) diff --git a/aws-observability/json/Lambda-App.json b/aws-observability/json/Lambda-App.json index e110f034..01108fb3 100644 --- a/aws-observability/json/Lambda-App.json +++ b/aws-observability/json/Lambda-App.json @@ -736,7 +736,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -750,7 +751,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -764,7 +766,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" }, { "id": null, @@ -778,7 +781,8 @@ }, "allowMultiSelect": false, "includeAllOption": true, - "hideFromUI": false + "hideFromUI": false, + "valueType": "Any" } ], "coloringRules": [] @@ -884,29 +888,39 @@ { "id": null, "key": "panelpane-3c5b34dda0bbb840", - "title": "Invocations Trend", - "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"markerSize\":\"0\",\"lineThickness\":\"3\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Requests\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{functionname}}\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Average Across All entities\"}}]}", + "title": "Invocations Trend and Cold Starts Trends", + "visualSettings": "{\"general\":{\"mode\":\"timeSeries\",\"markerSize\":\"0\",\"lineThickness\":\"3\"},\"legend\":{\"enabled\":true},\"axes\":{\"axisY\":{\"title\":\"Requests\"}},\"overrides\":[{\"series\":[],\"queries\":[\"A\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"{{functionname}}\"}},{\"series\":[],\"queries\":[\"B\"],\"userProvidedChartType\":false,\"properties\":{\"type\":\"line\",\"name\":\"Average Across All entities\"}},{\"series\":[],\"queries\":[\"C\"],\"properties\":{\"type\":\"column\",\"axisYType\":\"secondary\",\"color\":\"#dfbe2e\",\"name\":\"Cold Starts\"}}],\"series\":{}}", "keepVisualSettingsConsistentWithParent": true, "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "Namespace={{namespace}} metric=Invocations statistic=Sum account={{account}} region={{region}} functionname={{functionname}} Resource=* | avg by functionname, namespace, region, account", + "queryString": "Namespace={{namespace}} metric=Invocations statistic=Sum account={{account}} region={{region}} functionname={{functionname}} application={{application}} Resource=* | avg by functionname, namespace, region, account,application", "queryType": "Metrics", "queryKey": "A", "metricsQueryMode": "Advanced", "metricsQueryData": null, "tracesQueryData": null, - "parseMode": "Manual", + "parseMode": "Auto", "timeSource": "Message" }, { - "queryString": "Namespace={{namespace}} metric=Invocations statistic=Sum account={{account}} region={{region}} functionname=* Resource=* | avg", + "queryString": "Namespace={{namespace}} metric=Invocations statistic=Sum account={{account}} region={{region}} application={{application}} functionname=* Resource=* | avg", "queryType": "Metrics", "queryKey": "B", "metricsQueryMode": "Advanced", "metricsQueryData": null, "tracesQueryData": null, - "parseMode": "Manual", + "parseMode": "Auto", + "timeSource": "Message" + }, + { + "queryString": "account={{account}} region={{region}} Namespace={{namespace}} application={{application}} \"init duration\"\n\n| _sourceName as logStream | _sourceHost as logGroup\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| parse \"REPORT RequestId: *\\tDuration: * ms\\tBilled Duration: * ms\\tMemory Size: * MB\\tMax Memory Used: * MB\\tInit Duration: * ms\\t\\nXRAY TraceId: *\\tSegmentId: *: *\\t\" as reqId, duration, bill_duration, mem_total, mem_used, initDur, traceId, segmentId, isSampled\n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| timeslice 5m \n| count by functionname, _timeslice\n| fillmissing timeslice (5m) in _timeslice, values all in functionname\n| transpose row _timeslice column functionname", + "queryType": "Logs", + "queryKey": "C", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "parseMode": "Auto", "timeSource": "Message" } ], @@ -924,7 +938,7 @@ "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "\"lambda.amazonaws.com\" account={{account}} Namespace={{namespace}} region={{region}} sourceIPAddress\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as events by src_ip\n| top 10 src_ip by events, src_ip asc", + "queryString": "\"lambda.amazonaws.com\" account={{account}} Namespace={{namespace}} region={{region}} application={{application}} sourceIPAddress\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as events by src_ip\n| top 10 src_ip by events, src_ip asc", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -948,7 +962,7 @@ "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "\"lambda.amazonaws.com\" \"\\\"eventName\\\":\\\"Invoke\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| where event_name = \"Invoke\"\n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as invocations by function_version\n| top 10 function_version by invocations, function_version asc", + "queryString": "\"lambda.amazonaws.com\" \"\\\"eventName\\\":\\\"Invoke\\\"\" account={{account}} Namespace={{namespace}} region={{region}} application={{application}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| where event_name = \"Invoke\"\n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as invocations by function_version\n| top 10 function_version by invocations, function_version asc", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -972,7 +986,7 @@ "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "\"lambda.amazonaws.com\" (\"\\\"eventName\\\":\\\"Invoke\\\"\" OR \"\\\"eventName\\\":\\\"AssumedRole\\\"\") account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| where event_name in (\"Invoke\", \"AssumedRole\")\n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| timeslice 15m\n| count as InvokeFrequency by function_version, _timeslice\n| transpose row _timeslice column function_version", + "queryString": "\"lambda.amazonaws.com\" (\"\\\"eventName\\\":\\\"Invoke\\\"\" OR \"\\\"eventName\\\":\\\"AssumedRole\\\"\") account={{account}} Namespace={{namespace}} region={{region}} application={{application}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| where event_name in (\"Invoke\", \"AssumedRole\")\n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| timeslice 15m\n| count as InvokeFrequency by function_version, _timeslice\n| transpose row _timeslice column function_version", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -996,7 +1010,7 @@ "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "\"lambda.amazonaws.com\" \"\\\"eventName\\\":\\\"Invoke\\\"\" account={{account}} Namespace={{namespace}} region={{region}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| where event_name = \"Invoke\"\n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as activities by caller_type, caller\n| top 10 caller_type, caller by activities, caller_type asc, caller", + "queryString": "\"lambda.amazonaws.com\" \"\\\"eventName\\\":\\\"Invoke\\\"\" account={{account}} Namespace={{namespace}} region={{region}} application={{application}}\n| json \"eventName\", \"eventSource\", \"awsRegion\", \"userAgent\", \"sourceIPAddress\", \"recipientAccountId\", \"userIdentity\", \"requestParameters\", \"additionalEventData\" as event_name, event_source, Region, user_agent, src_ip, accountId, userIdentity, requestParameters, additionalEventData nodrop\n| json field=userIdentity \"type\", \"userName\", \"invokedBy\", \"arn\" as caller_type, user_name, invoked_by, arn nodrop | json field=requestParameters \"functionName\", \"resource\" as functionname, resource nodrop | json field=additionalEventData \"functionVersion\" as func_version nodrop \n| where event_name = \"Invoke\"\n| parse regex field=functionname \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?[\\S]+)$\" nodrop\n| parse field=resource \"arn:aws:lambda:*:function:*\" as f1, functionname2 nodrop\n| if (isEmpty(functionname), functionname2, functionname) as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=func_version \"\\w+:\\w+:\\S+:[\\w-]+:\\S+:\\S+:(?[\\S]+:[\\S ]+)$\" nodrop\n| parse field=arn \"arn:aws:*::*:*\" as f1, f2, assumedroleuser nodrop\n| if (isNull(user_name), invoked_by, user_name) as caller\n| if (isNull(invoked_by), user_name, invoked_by) as caller\n| if (isNull(caller), assumedroleuser, caller) as caller\n| count as activities by caller_type, caller\n| top 10 caller_type, caller by activities, caller_type asc, caller", "queryType": "Logs", "queryKey": "A", "metricsQueryMode": null, @@ -1020,7 +1034,7 @@ "panelType": "SumoSearchPanel", "queries": [ { - "queryString": "account={{account}} region={{region}} Namespace={{namespace}}\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n// | json \"logStream\", \"logGroup\" nodrop\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?[^\\s]+)\\s+Duration:\\s+(?[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?[^\\s]+)\\s+MB\" nodrop\n| parse field=logstream \"*/[*]*\" as logstreamDate,version,logstreamID\n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| where tolowercase(functionname) matches tolowercase(\"{{functionname}}\")\n| parse regex field=message \"^(?