AWS DynamoDB
AWS DynamoDB is a fast and flexible NoSQL database service that provides consistent, single-digit millisecond latency at any scale.
The Sumo Logic app for AWS Observability DynamoDB is a unified logs and metrics (ULM) app that provides operational insights into DynamoDB instances across your infrastructure. Preconfigured app dashboards allow you to monitor key metrics, view the throttle events, errors, latency and help you plan the capacity of DynamoDB instances in your environment.
Log and metrics types
Sample log messages
{
"eventVersion":"1.05",
"userIdentity":{
"type":"IAMUser",
"principalId":"AIDAIBF5TU7HNYUE7V676",
"arn":"arn:aws:iam::568388783903:user/ankit",
"accountId":"568388783903",
"accessKeyId":"ASIAI3Q5RU4FIZFHFJZA",
"userName":"ankit",
"sessionContext":{
"attributes":{
"mfaAuthenticated":"false",
"creationDate":"2017-10-10T23:01:45+0000"
}
},
"invokedBy":"signin.amazonaws.com"
},
"eventTime":"2017-10-10T23:01:45+0000",
"eventSource":"dynamodb.amazonaws.com",
"eventName":"DescribeTable",
"awsRegion":"us-east-1",
"sourceIPAddress":"38.99.50.98",
"userAgent":"signin.amazonaws.com",
"requestParameters":{
"tableName":"users3"
},
"responseElements":null,
"requestID":"AIFQQ1I27ASKDSAQ4L9L4DTQPVVV4KQNSO5AEMVJF66Q9ASUAAJG",
"eventID":"f2bec08c-a56a-4f04-be92-0cac7aaabe9b",
"eventType":"AwsApiCall",
"apiVersion":"2012-08-10",
"recipientAccountId":"568388783903"
}
Sample queries
_sourceCategory=Labs/AWS/DynamoDB account=* namespace=* "\"eventSource\":\"dynamodb.amazonaws.com\""
| json "eventName", "awsRegion", "requestParameters.tableName", "sourceIPAddress", "userIdentity.userName" as event_name, Region, entity, ip_address, user
| where Region matches "*" and tolowercase(entity) matches "*"
| where ip_address != "0.0.0.0" and ip_address != "127.0.0.1"
| count as ip_count by ip_address
| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=ip_address
| json field=raw "labels[*].name" as label_name
| replace(label_name, "\\/","->") as label_name
| replace(label_name, "\""," ") as label_name
| where type="ip_address" and !isNull(malicious_confidence)
| if (isEmpty(actor), "Unassigned", actor) as Actor
| sum (ip_count) as threat_count
Viewing AWS DynamoDB dashboards
We highly recommend you view these dashboards in the AWS Observability view of our AWS Observability solution.
All dashboards have a set of filters that you can apply to the entire dashboard. Use these filters to drill down and examine the data to a granular level.
- You can change the time range for a dashboard or panel by selecting a predefined interval from a drop-down list, choosing a recently used time range, or specifying custom dates and times. Learn more.
- If required, configure the refresh interval rate for a dashboard or panel by clicking the drop-down arrow next to the refresh icon.
- Click the funnel icon in the dashboard top menu bar to filter dashboard with Template Variables.