Collect Logs and Metrics for the Amazon DynamoDB App
Steps to collect logs and metrics from DynamoDB and to ingest them into Sumo.
Collect Metrics for Amazon DynamoDB
- Configure a Hosted Collector.
- Configure an Amazon CloudWatch Source for Metrics.
- Name. Enter a name to display for the new Source.
- Description. Enter an optional description.
- Regions. Select your Amazon Regions for DynamoDB.
- Namespaces. Select AWS/DynamoDB.
- Source Category. Enter dynamodb_metrics.
- Access Key ID and Secret Access Key. Enter your Amazon Access Key ID and Secret Access Key.
- Scan Interval. Use the default of 5 minutes, or enter the frequency Sumo Logic will scan your CloudWatch Sources for new data.
- Click Save.
Collect Amazon DynamoDB Events using CloudTrail
- To your Hosted Collector, add an AWS CloudTrail Source.
- Name. Enter a name to display for the new Source.
- Description. Enter an optional description.
- S3 Region. Select the Amazon Region for your DynamoDB S3 bucket.
- Bucket Name. Enter the exact name of your DynamoDB S3 bucket.
- Path Expression. Enter the string that matches the S3 objects you'd like to collect. You can use a wildcard (*) in this string. (DO NOT use a leading forward slash. See Amazon Path Expressions.)
- Source Category. Enter dynamodb_event.
- Access Key ID and Secret Access Key. Enter your Amazon Access Key ID and Secret Access Key.
- Scan Interval. Use the default of 5 minutes. Alternately, enter the frequency Sumo Logic will scan your S3 bucket for new data.
- Enable Timestamp Parsing. Select the check box.
- Time Zone. Select Ignore time zone from log file and instead use, and select UTC.
- Timestamp Format. Select Automatically detect the format.
- Enable Multiline Processing. Select the check box, and select Infer Boundaries.
- Click Save.
Sample Log Message
{ "eventVersion":"1.05", "userIdentity":{ "type":"IAMUser", "principalId":"AIDAIBF5TU7HNYUE7V676", "arn":"arn:aws:iam::568388783903:user/ankit", "accountId":"568388783903", "accessKeyId":"ASIAI3Q5RU4FIZFHFJZA", "userName":"ankit", "sessionContext":{ "attributes":{ "mfaAuthenticated":"false", "creationDate":"2017-10-10T23:01:45+0000" } }, "invokedBy":"signin.amazonaws.com" }, "eventTime":"2017-10-10T23:01:45+0000", "eventSource":"dynamodb.amazonaws.com", "eventName":"DescribeTable", "awsRegion":"us-east-1", "sourceIPAddress":"38.99.50.98", "userAgent":"signin.amazonaws.com", "requestParameters":{ "tableName":"users3" }, "responseElements":null, "requestID":"AIFQQ1I27ASKDSAQ4L9L4DTQPVVV4KQNSO5AEMVJF66Q9ASUAAJG", "eventID":"f2bec08c-a56a-4f04-be92-0cac7aaabe9b", "eventType":"AwsApiCall", "apiVersion":"2012-08-10", "recipientAccountId":"568388783903" }
Query Sample
Count of Events
_sourceCategory=dynamodb/cloudtrail "dynamodb.amazonaws.com"
| json "eventName" as event_name
| json field=_raw "awsRegion" as region
| json field=_raw "userIdentity.userName" as user
| count by event_name