Skip to main content
Sumo Logic

Install the Amazon Redshift ULM App and View the Dashboards

Instructions for installing the Sumo Logic App for Amazon Redshift,  and descriptions of the app dashboards.

Install the Sumo Logic App

Now that you have configured log and metric collection , install the Sumo Logic App for Amazon Redshift to take advantage of the pre-configured searches and Dashboards

To install the app:

Locate and install the app you need from the App Catalog. If you want to see a preview of the dashboards included with the app before installing, click Preview Dashboards.

  1. From the App Catalog, search for and select the app. 
  2. To install the app, click Add to Library and complete the following fields.
    1. App Name. You can retain the existing name, or enter a name of your choice for the app.

    2. Data Source. Select either of these options for the data source.

      • Choose Source Category, and select a source category from the list.

      • Choose Enter a Custom Data Filter, and enter a custom source category beginning with an underscore. Example: (_sourceCategory=MyCategory).

    3. Advanced. Select the Location in Library (the default is the Personal folder in the library), or click New Folder to add a new folder.
    4. Click Add to Library.

Once an app is installed, it will appear in your Personal folder, or other folder that you specified. From here, you can share it with your organization. See Welcome to the New Library for information on working with the library in the new UI.

Panels will start to fill automatically. It's important to note that each panel slowly fills with data matching the time range query and received since the panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps. 

Dashboards

This section describes each of the dashboards in the Sumo Logic App for Amazon Redshift.

Amazon Redshift - Overview

See overviews of connections, user activity, CloudTrail events, and resource utilization. 

amazon-redshift-overview.png

Authentication Success. Shows the total number of successful authentications in the last 24 hours. 

Authentication Failures. Shows the total number of failed authentications in the last 24 hours. 

Connection Sessions. Shows the total number of connection sessions in the last 24 hours. 

Authentication Method Used. Shows a count of authentication methods used on a pie chart with a slice for each kind of method, for the last 24 hours. 

SSL Used. Shows a count of SSLs used on a pie chart with a slice for each kind of SSL version, for the last 24 hours.

Top Remote Hosts. Shows a list of the top remote hosts along with the number of requests in the last 24 hours. 

Top Users. Shows a list of the top users along with the number of requests in the last 24 hours. 

Top Databases. Shows a list of the top databases along with the number of requests in the last 24 hours. 

Session Duration Stats. Shows an aggregation table with statistics on the duration of sessions, along with username, session count, average session time, minimum session time, maximum session time, 90 percentile, and 95 percentile. 

Top SQL Commands. Shows a list of the top SQL commands along with the number of events in the last 24 hours. 

Top Users. Shows a list of the top users along with the number of events in the last 24 hours. 

Top Databases. Shows a list of the top databases along with the number of events in the last 24 hours. 

SQL Command Execution Trend. Shows trends in SQL commands executed on a column chart for the last 24 hours. 

Top Successful Events. Shows a list of the top successful events along with the number of events in the last 24 hours. 

Top Users by Type. Shows a list of the top users by type along with the type, user, number of events, and rank in the last 24 hours. 

Top Cluster Identifiers. Shows a list of the top SQL commands along with the number of events in the last 24 hours. 

Events by AccountId. Shows a count of events by account id on a bar chart, broken up into the type of events for the last 24 hours. 

CPU Utilization. Shows trends in CPU utilization on a line chart for the last 24 hours. 

Network Receive and Transmit Throughput. Shows trends in network throughput on a line chart for the last 24 hours. 

Database Connections. Shows trends in database connections on a line chart for the last 24 hours. 

Percentage Disk Space Utilization. Shows trends in percentage disk space utilization on a line chart for the last 24 hours. 

Health Status. Shows trends in health status on a line chart for the last 24 hours. 

Maintenance Mode. Shows trends in maintenance mode on a line chart for the last 24 hours. 

Amazon Redshift - Audit - Connection Log Analysis

See information about database connections, including authentication failure counts and trends; session statistics and details; and top remote hosts, users, databases, and applications.

amazon-redshift-connection-log-analysis.png

Authentication Status. Shows the statuses of authentications (successful/failed) on a pie chart for the last 24 hours. 

Authentication Status Trend. Shows trends in authentication statuses (successful/failed) on a column chart for the last 24 hours. 

Authentication Failures. Shows an aggregation table with failed authentications in the last three days, along with the time it was recorded, remote host, remote port, port id, database name, username, authentication method, ssl cipher, and event count. 

Connection Session Stats. Shows an aggregation table with statistics on connection sessions in the last six hours, along with port id, remote host, remote port, username, duration of the connections, the time it was recorded connecting, the time it was recorded disconnecting, and the event count. 

Session Duration Stats. Shows an aggregation table with statistics on the duration of sessions in the last 24 hours, along with username, sessions count, total session time, average sessions time, minimum session time, maximum session time, 90 percentile, and 95 percentile. 

90%ile Session Duration by User. Shows a count of 90 percentile session time on a line chart with a different line for each user in the last 24 hours. 

Top Remote Hosts. Shows a list of the top remote hosts along with the number of requests made in the last six hours. 

Top Users. Shows a list of the top users along with the number of requests made in the last six hours. 

Top Databases. Shows a list of the top databases along with the number of requests made in the last six hours. 

Top Applications. Shows a list of the top applications along with the number of requests made in the last six hours. 

Authentication Method Used. Shows a count of authentication methods used on a pie chart with a slice for each kind of method, for the last six hours. 

Authentication Method Used - Trend. Shows trends in authentication methods used (password/identity) on a column chart for the last 24 hours. 

SSL Used. Shows a count of SSLs used on a pie chart with a slice for each kind of SSL version, for the last six hours. 

SSL Cipher Used. Shows a count of authentication methods used on a pie chart with a slice for each kind of SSL cipher used, for the last six hours. 

Top Events. Shows a list of the top events along with the number of requests made in the last six hours. 

Event Trend. Shows trends in events on a column chart with a count for each type of event for the last 24 hours. 

Amazon Redshift - Audit - User Activity Log Analysis

See information about SQL command and statement execution, including top databases, users, SQL statements and commands; and tabular listings of the top 20 delete, truncate, vacuum, create, grant, drop, revoke, and alter command executions. 

amazon-redshift-user-activity-log-analysis.png

Top Databases. Shows a list of the top databases along with the number of events in the last 24 hours.

Top SQL Statements. Shows a list of the top SQL statements along with the number of events in the last 24 hours. 

Top Users. Shows a list of the top users along with the number of events in the last 24 hours. 

Top SQL Commands. Shows a list of the top SQL commands along with the number of events in the last 24 hours. 

SQL Command Execution Trend. Shows trends in SQL commands executed on a column chart for the last 24 hours. 

Top Delete Command Execution. Shows an aggregation table with the top delete commands in the last 24 hours, along with the sql statement, command, database name, and event count. 

Top Truncate Command Execution. Shows an aggregation table with the top truncate commands in the last 24 hours, along with the sql statement, command, database name, and event count. 

Top Vacuum Command Execution. Shows an aggregation table with the top vacuum commands in the last 24 hours, along with the sql statement, command, database name, and event count. 

Top Create Command Execution. Shows an aggregation table with the top create commands in the last 24 hours, along with the sql statement, command, database name, and event count. 

Top Grant Command Execution. Shows an aggregation table with the top grant commands in the last 24 hours, along with the sql statement, command, database name, and event count. 

Top Drop Command Execution. Shows an aggregation table with the top drop commands in the last 24 hours, along with the sql statement, command, database name, and event count. 

Top Revoke Command Execution. Shows an aggregation table with the top revoke commands in the last 24 hours, along with the sql statement, command, database name, and event count. 

Top Alter Command Execution. Shows an aggregation table with the top alter commands in the last 24 hours, along with the sql statement, command, database name, and event count. 

Amazon Redshift - Audit - User Log Analysis

See information about database user account events, including database user database accounts that were created, dropped, or altered.

amazon-redshift-user-log-analysis.png

Events. Shows the events executed (drop/alter/create) on a pie chart for the last 24 hours. 

Event Trend. Shows trends in events on a column chart with a count for each type of event for the last 24 hours. 

Create User Events. Shows an aggregation table with user creation events in the last 24 hours, along with time, command, database name, username, port id, x id, sql statement, and a count of events. 

Drop User Events. Shows an aggregation table with drop user events in the last 24 hours, along with time, command, database name, username, port id, x id, sql statement, and a count of events. 

Alter User Events. Shows an aggregation table with alter user events in the last 24 hours, along with time, command, database name, username, port id, x id, sql statement, and a count of events. 

Recent User Related Events. Shows an aggregation table with all user related events in the last 24 hours, along with time, command, database name, username, port id, x id, sql statement, and a count of events. 

Amazon Redshift - CloudTrail Events Overview

See information about CloudTrail events for Amazon Redshift, including event locations and  event status and trend; event counts by event name, cluster, account ID, region, and user agent; and failed event locations, error codes, and details.

amazon-redshift-cloudtrail-events-overview.png

Successful Event Locations. Performs a geo lookup query and displays the location and number of successful CloudTrail events on a map of the world for the last 24 hours. 

Event Status. Shows the statuses of CloudTrail events on a pie chart for the last 24 hours. 

Successful Events. Shows a list of successful events along with a count of events in the last 24 hours. 

Event Status Trend. Shows trends in event statuses on a column chart with a count for each type of event for the last 7 days. 

Recent Successful Event Details. Shows an aggregation table with recent successful events in the last three hours, along with time, event name, aws region, source ip address, username, type, request id, user agent, cluster identifier, and a count of events. 

Top Users by Type. Shows a list of the top users by type along with the type, user, number of events, and rank in the last 24 hours. 

User Type Trend. Shows trends in user types on a column chart with a count for each type of user type for the last 7 days. 

Events by User. Shows trends in events by users on a bar chart with a count for each type of event for the last 24 hours. 

Top Cluster Identifiers. Shows a list of the top cluster identifiers along with the number of events in the last 24 hours. 

Events Trend by Event Name. Shows trends in events by the event name on a column chart with a count for each event name for the last 24 hours.

Events by AccountId. Shows a count of events by account id on a bar chart, broken up into the type of events for the last 24 hours. 

Events by Regions. Shows a count of events by region on a bar chart, broken up into the type of events for the last 24 hours. 

Events by User Agents. Shows trends in events by user agents on a bar chart with a count for each type of event for the last 24 hours. 

Failed Event Locations. Shows locations of failed events over the last 24 hours.

Failed Events. Shows failed events for the last 24 hours.

Top Error Codes. Shows top error codes in the last 24 hours.

Recent Failed Event Details. Shows a detailed list of failed events for the last 24 hours.

Amazon Redshift - Resource Utilization by ClusterIdentifier

See cluster-level resource utilization metrics, including CPU, network receive and transmit throughput, database connections, and disk.  

amazon-redshift-resource-utilization-clusteridentifier.png

CPU Utilization. Shows trends in CPU utilization by cluster identifier on a line chart for the last 24 hours.

Network Receive Throughput. Shows trends in network received throughput by cluster identifier on a line chart for the last 24 hours. 

Database Connections. Shows trends in database connections by cluster identifier on a line chart for the last 24 hours. 

Network Transmit Throughput. Shows trends in network transmitted throughput by cluster identifier on a line chart for the last 24 hours. 

Percentage Disk Space Utilization. Shows trends in percentage disk space utilized by cluster identifier on a line chart for the last 24 hours. 

Health Status. Shows trends in health status by cluster identifier on a line chart for the last 24 hours.

Maintenance Mode. Shows trends in maintenance mode by cluster identifier on a line chart for the last 24 hours.

Amazon Redshift - Resource Utilization by NodeID

See node-level resource utilization metrics, including CPU; disk; network; and read/write latency, throughput and I/O operations per second.

amazon-redshift-resource-utilization-nodeid.png

CPU Utilization. Shows trends in CPU utilization by NodeID on a line chart for the last 24 hours.

Network Receive Throughput. Shows trends in network received throughput by NodeID on a line chart for the last 24 hours. 

Percentage Disk Space Utilization. Shows trends in percentage disk space utilized by NodeID on a line chart for the last 24 hours. 

Network Transmit Throughput. Shows trends in network transmit throughput by NodeID on a line chart for the last 24 hours. 

Read IOPS. Shows trends in read IOPS by NodeID on a line chart for the last three hours. 

Write IOPS. Shows trends in write IOPS by NodeID on a line chart for the last three hours.

Read Latency. Shows trends in read latency by NodeID on a line chart for the last three hours.

Write Latency. Shows trends in write latency by NodeID on a line chart for the last three hours.

Read Throughput. Shows trends in read throughput by NodeID on a line chart for the last three hours.

Write Throughput. Shows trends in write throughput by NodeID on a line chart for the last three hours.

Commit Queue Length. Shows trends in commit queue length by NodeID on a line chart for the last three hours.

WLM Queue Length. Shows trends in WLM queue length by NodeID on a line chart for the last three hours.