Collect Logs and Metrics for the Amazon DynamoDB App

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Steps to collect logs and metrics from DynamoDB and to ingest them into Sumo.

Collect Metrics for Amazon DynamoDB

Configure a Hosted Collector.
Configure an Amazon CloudWatch Source for Metrics.
1. Name. Enter a name to display for the new Source.
2. Description. Enter an optional description.
3. Regions. Select your Amazon Regions for DynamoDB.
4. Namespaces. Select AWS/DynamoDB.
5. Source Category. Enter dynamodb_metrics.
6. Access Key ID and Secret Access Key. Enter your Amazon Access Key ID and Secret Access Key.
7. Scan Interval. Use the default of 5 minutes, or enter the frequency Sumo Logic will scan your CloudWatch Sources for new data.
Click Save.

Collect Amazon DynamoDB Events using CloudTrail

To your Hosted Collector, add an AWS CloudTrail Source.
1. Name. Enter a name to display for the new Source.
2. Description. Enter an optional description.
3. S3 Region. Select the Amazon Region for your DynamoDB S3 bucket.
4. Bucket Name. Enter the exact name of your DynamoDB S3 bucket.
5. Path Expression. Enter the string that matches the S3 objects you'd like to collect. You can use a wildcard (*) in this string. (DO NOT use a leading forward slash. See Amazon Path Expressions.)
  The S3 bucket name is not part of the path. Don’t include the bucket name when you are setting the Path Expression.
6. Source Category. Enter dynamodb_event.
7. Access Key ID and Secret Access Key. Enter your Amazon Access Key ID and Secret Access Key.
8. Scan Interval. Use the default of 5 minutes. Alternately, enter the frequency Sumo Logic will scan your S3 bucket for new data.
9. Enable Timestamp Parsing. Select the check box.
10. Time Zone. Select Ignore time zone from log file and instead use, and select UTC.
11. Timestamp Format. Select Automatically detect the format.
12. Enable Multiline Processing. Select the check box, and select Infer Boundaries.
Click Save.

Sample Log Message

{
  "eventVersion":"1.05",
  "userIdentity":{
     "type":"IAMUser",
     "principalId":"AIDAIBF5TU7HNYUE7V676",
     "arn":"arn:aws:iam::568388783903:user/ankit",
     "accountId":"568388783903",
     "accessKeyId":"ASIAI3Q5RU4FIZFHFJZA",
     "userName":"ankit",
     "sessionContext":{
        "attributes":{
           "mfaAuthenticated":"false",
           "creationDate":"2017-10-10T23:01:45+0000"
        }
     },
     "invokedBy":"signin.amazonaws.com"
  },
  "eventTime":"2017-10-10T23:01:45+0000",
  "eventSource":"dynamodb.amazonaws.com",
  "eventName":"DescribeTable",
  "awsRegion":"us-east-1",
  "sourceIPAddress":"38.99.50.98",
  "userAgent":"signin.amazonaws.com",
  "requestParameters":{
     "tableName":"users3"
  },
  "responseElements":null,
  "requestID":"AIFQQ1I27ASKDSAQ4L9L4DTQPVVV4KQNSO5AEMVJF66Q9ASUAAJG",
  "eventID":"f2bec08c-a56a-4f04-be92-0cac7aaabe9b",
  "eventType":"AwsApiCall",
  "apiVersion":"2012-08-10",
  "recipientAccountId":"568388783903"
}

Query Sample

Count of Events

_sourceCategory=dynamodb/cloudtrail "dynamodb.amazonaws.com" | json "eventName" as event_name | json field=_raw "awsRegion" as region | json field=_raw "userIdentity.userName" as user | count by event_name