Skip to main content
Sumo Logic

Install the AWS Lambda App and view the Dashboards

You can use the Sumo Logic App for AWS Lambda to monitor Lambda functions and report metrics through Amazon CloudWatch. It provides visibility into your function’s actual duration numbers for performance and activity indicators in the Duration Panels.

Install the Sumo Logic App

Now that you have set up collection for AWS Lambda, install the Sumo Logic App for AWS Lambda to use the preconfigured searches and Dashboards that provide insight into your data. 

To install the app:

Locate and install the app you need from the App Catalog. If you want to see a preview of the dashboards included with the app before installing, click Preview Dashboards.

  1. From the App Catalog, search for and select the app. 
  2. To install the app, click Add to Library and complete the following fields.
    1. App Name. You can retain the existing name, or enter a name of your choice for the app.

    2. Select either of these options for the CloudWatch Lambda Log Source.
      • Choose Source Category, and select the Source Category from the list.
      • Choose Enter a Custom Data Filter, and enter a custom source category beginning with an underscore. Example: (_sourceCategory=MyCategory).
    3. Select either of these options for the CloudTrail Lambda Data Events Source.
      • Choose Source Category, and select the Source Category from the list.
      • Choose Enter a Custom Data Filter, and enter a custom source category beginning with an underscore. Example: (_sourceCategory=MyCategory).
    4. Advanced. Select the Location in Library (the default is the Personal folder in the library), or click New Folder to add a new folder.
    5. Click Add to Library.

The Sumo Logic App for AWS Lambda uses the following definitions:

Duration (ms). Measures the elapsed wall clock time in milliseconds from when the function code starts executing as a result of an invocation to when it stops executing. This measurement is used to measure performance.

Billed Duration. This is rounded up to the nearest 100 millisecond.

Memory Size. This is the allocated memory for a function.

Max Memory (MB) Used. This is the actual amount of memory used by a function in MBs. This measurement is used to measure performance.

Compute Usage (GB-s). This is memory size x billed duration. Or, billed compute = memory configured on the function (in GB) x duration of the request (in seconds). In the actual query, Sumo Logic converts MB to GB and milliseconds to seconds to get the real billing numbers used. Actual cost varies by customer. This measurement is used to measure cost.

Unused Memory. This is Memory Size - Max Memory Used = Unused Memory. Because you are billed based on Memory Size (which you allocate), this is an indicator of not allocating appropriately.

Dashboards

AWS Lambda - Overview

The Overview Dashboard provides visibility into your function’s actual Duration numbers for performance and activity indicators in the Duration Panels. The Compute Usage Panels measure billing metrics.

AWSLambdaOverview.png

Location of Callers. See the count and location of callers in the last 24 hours on a world map.

Function Callers Details. See the details of function callers in the last 24 hours including the function name, function version, caller, caller type, source IP, AWS region and count, displayed in a table.

Invoke Breakdown by Function Version. See the count of the CloudTrail Lambda function invocation event by version in the last 24 hours on a line chart.

Duration (ms) by Function. Displays the duration in milliseconds by function in a pie chart for the last 12 hours.

Max Memory (MB) Used by Function. Shows the maximum memory used in MBs by function in a pie chart for the last 12 hours. 

Compute Usage (GB-s) by Function. Provides information on compute usage in GBs per second by function in a pie chart for the last 12 hours.

Errors by Function. Displays errors by function in a pie chart for the last 12 hours. 

Duration (ms) by Function - Timeline. Show the duration by function in milliseconds in a stacked column chart on a timeline for the last 12 hours.

Duration (ms) - Trend. Provides information on the duration of functions in milliseconds as a line on a chart, with the predicted duration as a trendline on a timeline for the last 12 hours. 

Max Memory Used (MB) - Timeline. Displays the max memory used in MBs by function in a stacked column chart on a timeline for the last 12 hours. 

Max Memory Used (MB) - Trend. Provides information on max memory in MBs used by functions as a line on a chart, with the predicted max memory as a trendline on a timeline for the last 12 hours. 

Compute Usage (GB-s) by Function - Timeline. Displays the compute usage by function in GBs per second on a stacked column chart on a timeline for the last 12 hours.

Compute Usage (GB-s) - Trend. Provides information on compute usage by functions in GBs per second as a line on a chart, with the predicted compute usage as a trendline on a timeline for the last 12 hours. 

AWS Lambda - CloudTrail Lambda Events - Overview

See the overview of AWS Lambda functions including the function name, version, user agent, and IAM users.

CloudTrailLambdaOverview.png

Function Name Invocation Over Time. See the count and trend of the CloudTrail Lambda function name invocation event in the last 24 hours on a column chart.

Function Version Invocation Over Time. See the count and trend of the CloudTrail Lambda function version invocation event in the last 24 hours on a line chart.

User Agent Breakdown. See the count of function invoke event by user agent in the last 24 hours on a column chart.

Invoke Breakdown by Function Name. See the count of the CloudTrail Lambda function invocation event by name in the last 24 hours on a pie chart.

Invoke Breakdown by Function Version. See the count of the CloudTrail Lambda function invocation event by version in the last 24 hours on a line chart.

Function Callers Details. See the details of function callers in the last 24 hours including the function name, function version, caller, caller type, source IP, AWS region, and count, displayed in a table.

IAM User Invoking Functions Over Time. See the count and trend of IAM users invoking functions over time in the last 24 hours on a line chart.

AWS Services Invoking Functions Over Time. See the count and trend of AWS services invoking functions over time in the last 24 hours on a line chart.

IAM User Invoking Functions. See the count of IAM users invoking functions in the last 24 hours on a line chart.

AWS Services Invoking Functions. See the count of AWS services invoking functions in the last 24 hours on a line chart.

Location of Callers. See the count and location of callers in the last 24 hours on a world map.

AWS Lambda - CloudTrail Events - Security

See the details of AWS services, and IAM users invoking Lambda functions, and the threat details based on caller IP address.

Security.png

AWS Services Invoking Functions - Outlier. See the outlier in the AWS services invoking functions in the last 24 hours on a column chart.

Time Compare - Yesterday Vs Today. See the comparison between the number of calls made by AWS services today and yesterday.

IAM User Invoking Functions - Outlier. See the outlier in the IAM users invoking functions in the last 24 hours on a column chart.

Time Compare - Yesterday Vs Today. See the comparison between the number of calls made by IAM users today and yesterday.

Threat Table based on Caller IP Address. See the threat details based on caller IP address in the last 24 hours including the source IP, malicious confidence, actor, function name, caller, user agent, label name, and count.

AWS Lambda - CloudWatch - Durations (ms) and Memory (MB)

See the outliers and trends in the duration, memory, and billed duration, in your AWS Lambda functions with CloudWatch logs.

DurationsandMemory.png

Duration by Hour (Sum) - Outlier. Displays the duration and threshold of functions by the hour using the sum as an outlier chart. The duration is the line on the chart and the threshold is the area, displayed on a timeline for the last 24 hours.

Duration by Hour (Average) - Outlier. Shows the duration and threshold of functions by the hour using the average as an outlier chart. The duration is the line on the outlier chart and the threshold is the area, displayed on a timeline for the last 24 hours.

Billed Duration by Hour - Trend. Provides information on the billed duration of functions by the hour as a line chart juxtaposed with a trendline for the predicted billed duration on a timeline for the last 24 hours.

Unused Memory - Trend. Displays information on functions’ unused memory for memory size, memory used, and unused memory as a line chart, and juxtaposed with a trendline showing the predicted unused memory on a timeline for the last 24 hours.

Max Memory Used by Hour - Outlier. Shows the maximum memory used by functions as a the line on an outlier chart, with the threshold displayed as the area, on a timeline for the last 24 hours.

Max Memory Used - Box Plot. Displays the maximum memory used by functions as a box plot chart on a timeline for the last 24 hours.

AWS Lambda - CloudWatch - Usage

See the details of Lambda usage including the requests, and duration by function and version alias, with CloudWatch logs.

Usage.png

Requests by Function. Displays the number of requests by function in a pie chart for the last 24 hours.

Requests by Version_Alias. Shows the number of requests by version alias in a pie chart for the last 24 hours.

Duration (ms) by Function. Provides information on duration in milliseconds by function in a pie chart for the last 24 hours. 

MaxMemoryUsed (MB) by Function. Displays the maximum memory used in MBs by function in a pie chart for the last 24 hours. 

Requests by Function, Version_Alias. Shows the number of requests by function and version alias in a stacked bar chart for the last 24 hours.

Compute Usage (GB-s) by Hour - Trend. Provides information on the compute usage of your functions in GBs per second as the line on the chart, juxtaposed by a trendline of the predicted compute usage, on a timeline for the last 24 hours.

Requests by Function, Version_Alias Counts. Provides information on requests by function and version alias counts in a table chart including details on function, version, $latest, and deployment for the last 24 hours.

Function by Version_Alias, RequestID. Displays details on the functions, version alias, and requestID in a table chart for the last 24 hours.

Detailed. Shows information on all functions in a table chart including details on requestID, duration, billed duration, memory size, max memory used, and time for the last 24 hours.