A Sumo Logic CloudWatch Source allows you to gather metrics data from an Amazon resource.
To set up an Amazon CloudWatch Source for metrics:
- Before you begin, grant permission for Sumo Logic to list available metrics and get metric data points. See Grant Access to Read CloudWatch Metrics for details.
- In Sumo Logic select Manage > Collection > Collection (Manage > Collection in the classic UI).
- Click Add Source next to a Hosted Collector.
- Select AWS CloudWatch.
- Configure the following:
- Name. Enter a name to display for the new Source.
- Description. Optional description.
- Regions. Select one or more Amazon regions.
- Namespaces. Select one or more Amazon namespaces.
- EC2 Filters.
This setting is visible only if you select an EC2 namespace.
To restrict the CloudWatch Source to particular EC2 instances, enter AWS tags for the instances in key=value format.
- Use semicolons if you want to include multiple values for an individual key (OR match).
- You can specify multiple key/value pairs. Additional entry fields are added as needed, up to the maximum allowed number of pairs.
- Custom Namespaces. Enter a comma-separated list of any custom namespaces from which you want to collect custom metrics. For more information about custom metrics, see http://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/publishingMetrics.html.
- Source Category. Enter any string to tag the output collected from this Source. (Category metadata is stored in a searchable field called _sourceCategory.)
- Access Key ID. Enter the AWS Access Key ID number granted to Sumo Logic. (See Grant Access to Read CloudWatch Metrics for more information.)
- Secret Access Key. Enter the AWS Secret Access Key for Sumo Logic to access the CloudWatch Source. (See Grant Access to Read CloudWatch Metrics for more information.)
- Scan Interval. Use the default of 5 minutes, or enter the frequency Sumo Logic will scan your CloudWatch Sources for new data. To learn more about polling interval considerations, see AWS CloudWatch Polling Interval for Sources in this topic.
- Total Metrics. This field displays the total number of metrics that will be collected if the Source is created with the current configuration. The field automatically refreshes the count when there are changes to the following fields: Regions, Namespaces, Access Key ID, and Secret Access Key.
- Click Save.
AWS CloudWatch Scan Interval for Sources
The scan interval defines the waiting time between scans of the available CloudWatch metrics and affects the granularity at which CloudWatch metrics are reported in Sumo Logic.
AWS reports CloudWatch metrics at different granularities (1-minute, 3-minute, and 5-minute intervals), so setting a scan interval that's too short could lead to excessive querying. Setting an interval that's too long can delay the update frequency of new metrics appearing in Sumo Logic.
Querying AWS CloudWatch metrics can incur data transfer charges from AWS as well. See https://www.sumologic.com/pricing/ for information.
Throttling of CloudWatch data
AWS automatically throttles CloudWatch data if the limits that Amazon sets for the associated APIs are exceeded. If you have a high volume of metrics data points in your account, it is likely that Amazon will throttle your CloudWatch data.
If no adjustments are made on the Sumo Logic side, throttling on the Amazon side can cause metrics data to be dropped. To prevent this from occurring, Sumo Logic automatically doubles the CloudWatch scan interval if more than one throttling message is received in a single interval. However, the change in scan interval isn't reflected in the Sumo Logic UI. The original configured interval is still shown.
If the scan interval is automatically changed, a message similar to the following is added to the audit log. No action is required by the Sumo Logic user.
CloudWatch source ui-cw-oldPrimary received throttling exception from AWS while querying for metrics. Increasing scan interval to 20 minutes.
CloudWatch data point aggregation
AWS pre-aggregates CloudWatch data points using these aggregators:
You can query CloudWatch data points on the Metrics page using a
Statistic=<aggregator> query. See Create a Metrics Visualization for details.
For details on Amazon CloudWatch collected metrics, refer to: