Skip to main content
Sumo Logic

AWS Elastic Load Balancing ULM - Application

The AWS Application Load Balancer functions at the application layer, receives requests, evaluates the listener rules in priority order to determine which rule to apply, and then selects a target from the target group. The Sumo Logic App for AWS Elastic Load Balancing ULM - Application is a unified logs and metrics (ULM) App that gives you visibility into the health of your Application Load Balancer and target groups. Use the preconfigured dashboards to understand the latency, request and host status, threat intel, and HTTP backend codes by availability zone and target group.

Metrics and Log Types

The App uses:

  • The metrics included in the AWS/ApplicationELB namespace. For more details, see here.
  • The Application Load Balancer Access Log introduces two new fields in addition to the fields contained in Classic ELB Access log:
    1. Type. This is the type of request or connection (HTTP, HTTPS, H2, ws, wss)
    2. Target_group_arn. This is the Amazon Resource Name (ARN) of the target group

    The logs are stored in a .gzip format in the specified S3 bucket and contain these fields in this order:

    timestamp, elb, client:port, target:port, request_processing_time, target_processing_time, response_processing_time, elb_status_code, target_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol, target_group_arn, trace_id

    For more details on the ALB Access log, see the AWS documentation.