AWS Metadata (Tag) Source
A Sumo Logic AWS Metadata Source allows you to collect tags from EC2 instances running on AWS. Tags are returned in your search results and can be referenced in queries. For information about assigning tags to EC2 instances, see Tagging Your Amazon EC2 Resources in AWS help. Only one AWS Metadata Source is required to collect tags from multiple hosts.
Collecting AWS Metadata requires Collector version 19.162+.
Tags are automatically applied to:
- Metrics ingested by host metric sources on Installed Collectors.
- Graphite and Carbon 2.0 metrics ingested by streaming metric sources on Installed Collectors.
You can also apply AWS tags to Graphite and Carbon 2.0 metrics ingested by an HTTP source. To enable tagging of metrics from an HTTP source, you must specify the
Region tags in the header using
X-Sumo-Metadata as well as to the metric itself. For reference see Supported HTTP Headers.
A Sumo Logic AWS Metadata Source collects custom tags from EC2 instances running on AWS. An Installed Collector automatically pulls AWS instance identity documents (IMDSv2) from instances to get their accountID, availabilityZone, instanceId, instanceType, and region.
Logs ingested by Installed Collectors on EC2 instances will be tagged as long as the tag, including instance information tags, exists in the organization's Fields table. See how to define fields in the manage fields section. EC2 resource tags take precedence over EC2 instance information. Only one AWS Metadata Source is required to collect tags from multiple hosts.
Tags are returned in your search results and can be referenced in queries. For information about assigning tags to EC2 instances, see Tagging Your Amazon EC2 Resources in AWS help.
Set up an AWS Metadata Source
Grant permission for Sumo Logic to describe EC2 instances. See Grant Access to an AWS Product for details.
In Sumo Logic, select Manage Data > Collection > Collection.
Next to a Hosted Collector, click Add Source.
Select AWS Metadata.
Configure the following:
Name. Enter a name to display for the new Source.
Description. Optional description.
Regions. Select one or more Amazon regions.
Tag Filters. Leave this field blank to collect all tags configured for the EC2 instance. To collect a subset of tags, follow the instructions in Define EC2 tag filters. Review the above Metrics and Logs sections for important information.
AWS Access. Choose between two Access Method options. Select Role-based access or Key access based on the AWS authentication you are providing. Role-based access is preferred, this was completed in step 1, see Grant Sumo Logic access to an AWS Product.
For Role-based access enter the Role ARN that was provided by AWS after creating the role.
For Key access enter the Access Key ID and Secret Access Key. See AWS Access Key ID and AWS Secret Access Key for details.
After creating an AWS Metadata Source, it may take up to 10 minutes for EC2 tags to appear in search results.
Define EC2 tag filters
Define your filter to match against your tag. For instance, in a key value pair define the filter to match against the key, not the value. If you do not define tag filters, all tags configured for your EC2 instances will be collected.
We recommend filtering tags whose values change more than once every 10 minutes. We do not support metadata tags whose values change frequently per time series. In the case of metrics, the metrics source may be blocked until the volatile metadata issue is resolved.
If you want to collect a subset of tags, you can enter a comma-separated list of one or more of the following types of filters:
- One or more specific tag names, for example, “Cluster, Deployment, Name”
- A wildcard filter, for example, “dev-*”
- An exclusion (denylist) filter, which begins with an exclamation mark, for example, ”!master-container” or “!prod-*”
For example, assume that the tags configured for your EC2 instances are:
The table below shows the results of several example tag filters
|This tag filter value||Results in collection of these tags|