Skip to main content
Sumo Logic

Install the Amazon VPC Flow Logs App and view the Dashboards

The Amazon VPC Flow Logs App provides Live and Interactive Dashboards that provide insight to rejections, traffic, activity and more.

Install the Sumo Logic App

Now that you have configured Amazon VPC Flow, install the Sumo Logic App for Amazon VPC Flow to take advantage of the preconfigured searches and dashboards to analyze your data. 

To install the app:

  1. Select App Catalog, search for and select the app, and click Add to Library. (In the classic UI, click Library, click Apps, select the app, and click Install. If you don't find the app under Apps, it might be a preview app. Try clicking Preview to find the app.)
  2. Click Preview Dashboards if you'd like to see a preview of the dashboards included with the app before installing.
  3. In the Install Application dialog box, select the installation path (the default is the Personal folder in the library), or click New Folder to add a new folder.
  4. Select either of these options for the log data source.
  • Choose Select from Existing Source Categories, and select the source catalog from the Source Category list.
  • Choose Enter a Custom Data Filter and enter a custom source category beginning with an underscore. Example: (_sourceCategory=MyCategory).
  1. Click Add to Library.

Once an app is installed, it will appear in your Personal folder, or other folder that you specified. From here, you can share it with your organization. See Welcome to the New Library for information on working with the library in the new UI.

Panels will start to fill automatically. It's important to note that each Panel slowly fills with data matching the time range query and received since the Panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps. 

Dashboards

Live Dashboards

Sumo Logic Live Dashboards constantly update as data comes in, providing a real time view of your systems. They display data from the time they are created going forward. This means that the data Panels do not “backfill”, but only fill up as new data comes in. Any change to the time range of a data Panel will reset it. For more information on Live Dashboards, see About Dashboards.

Overview

Source Address Locations. Performs a geo lookup operators and displays the number of source address locations on a map of the world by IP address for the last 24 hours.

Top 10 Source Addresses by MB. Displays the top 10 source address IPs by MBs in a bar chart for the last 24 hours.IPs by MBs in a bar chart for the last 24 hours.

Top 10 Destination Addresses by MB. Lists the top 10 destination address IPs by MBs in a bar chart for the last 24 hours.IPs by MBs in a bar chart for the last 24 hours.

Rejections per Minute. Shows the number of rejections per minute in a column chart on a timeline for the last hour.

Actions. Provides the number of accept and reject actions in a pie chart for the last 24 hours.

Log Status. Shows the log status as a pie chart for the last 24 hours.

Flow Records by InterfaceID. Displays the Flow Records by InterfaceID in a pie chart for the last 24 hours.

Top 10 Destination Ports by Flow Record. Lists the top 10 destination ports in a bar chart for the last 24 hours.

Flow Records per Protocol by Hour. Displays the Flow Records per protocol used in a bar chart on a timeline for the last 24 hours.

Rejections

Source Address Locations - REJECTs. Performs a geo lookup operators and displays the number of source address locations REJECT actions on a map of the world by IP address for the last 24 hours.

Top 10 REJECT Source Addresses. Displays the top 10 Source Addresses with REJECT actions in a pie chart for the last hour.

Top 10 REJECT Destination Addresses. Lists the top 10 Source Addresses with REJECT actions in a pie chart for the last hour.

Top 10 REJECT Source Addresses, Ports. Shows the top 10 Source Addresses with REJECT actions by Source Port in a pie chart for the last 24 hours.

Top 10 REJECT Destination Addresses, Ports. Displays the top 10 Destination Addresses with REJECT actions by Destination Port in a pie chart for the last 24 hours.

REJECTs by Source Address. Shows the number of REJECT actions by Source Address in a stacked column chart on a timeline for the last hour.

Top 10 REJECTs by InterfaceID. Lists the top 10 REJECT actions by InterfaceID in a pie chart for the last hour.

Top 10 REJECTs by Protocol. Lists the top 10 Source Addresses with REJECT actions by protocol in a pie chart for the last 24 hours.

REJECTs by Minute - Outlier. Displays REJECT actions by minute in an outlier chart on a timeline for the last hour.

REJECTs by Minute - Trend. Uses the predict operator to display a trendline of the REJECT actions by minute on a timeline for the last hour.

REJECTs by InterfaceID, Destination Address. Displays the number of REJECT actions by InterfaceID and Destination Address in an aggregation table for the last hour.

Traffic

Actions by Minute - Outlier. Displays actions by minute in an outlier chart on a timeline for the last hour.

Actions by Minute - Trend. Uses the predict operator to display a trendline of actions by minute on a timeline for the last hour.

Top 10 Actions by Protocol. Shows the top 10 actions by protocol in a pie chart for the last 24 hours.

Bytes by Minute - Outlier. Displays the number of bytes by minute in an outlier chart on a timeline for the last hour.

Bytes by Minute - Trend. Uses the predict operator to display a trendline of bytes by minute on a timeline for the last hour.

Top 10 Ports by Action. Displays the top 10 ports by accept and reject actions in a stacked bar chart for the last 24 hours.

Packets by Minute - Outlier. Displays the number of packets by minute in an outlier chart on a timeline for the last hour.

Packets by Minute - Trend. Uses the predict operator to display a trendline of packets by minute on a timeline for the last hour.

Packets Box Plot. Shows the number of packets by minute as a box plot chart, which depicts data using quartiles, on a timeline for the last hour. Hover over the chart to see quartile details in a pop up.

Interactive Dashboards

Sumo Logic Interactive Dashboards populate completely every time you launch them, including “backfilling” data. This means there will be a delay before you see all the data. If you change a time range, the data Panels will re-run the search. For more information on Interactive Dashboards, see About Dashboards.

Activity

Source Address Locations. Performs a geo lookup operators and displays the number of source address locations on a map of the world by IP address for the last hour.

Actions by InterfaceID. Provides the number of actions by InterfaceID in a pie chart for the last hour.

Actions by Source Address Over Time. Shows actions by Source Address in a stacked column chart on a timeline for the last hour.

Flow Record Count by Source Address. Displays the Flow Record count by Source Address in a pie chart for the last hour.

Actions by Destination Address Over Time. Shows actions by actions by Destination Address in a stacked column chart on a timeline for the last hour.

Flow Record Count by Destination Address. Displays the Flow Record count by Destination Address in a pie chart for the last hour.

Traffic

Actions by Minute - Outlier. Displays actions by minute in an outlier chart on a timeline for the last hour.

Actions by Minute - Trend. Uses the predict operator to display a trendline of actions by minute on a timeline for the last hour.

Bytes by Minute - Outlier. Displays the number of bytes by minute in an outlier chart on a timeline for the last hour.

Bytes by Minute - Trend. Uses the predict operator to display a trendline of bytes by minute on a timeline for the last hour.

Packets by Minute - Outlier. Displays the number of packets by minute in an outlier chart on a timeline for the last hour.

Packets by Minute - Trend. Uses the predict operator to display a trendline of packets by minute on a timeline for the last hour.