AWS Elastic Load Balancer - Classic
The Amazon Web Services (AWS) Elastic Load Balancer - Classic distributes incoming application traffic across multiple Amazon EC2 instances in the AWS Cloud. The Sumo Logic App for Elastic Load Balancer - Classic ingests logs generated by this activity, providing greater visibility into events that, in turn, help you understand the overall health of your EC2 deployment.
For example, you can use the Sumo Logic App to analyze raw Elastic Load Balancing data to investigate the availability of applications running behind Elastic Load Balancers. Or, by correlating Elastic Load Balancer data with other data sets, you can get a broader understanding of the fault tolerance of your applications across multiple AWS Availability Zones.
If you are just beginning with AWS ELB, for background see the Sumo Logic DevOps blog, "AWS Elastic Load Balancing: Load Balancer Best Practices".
Log types
ELB logs are stored as .log files in the buckets you specify when you enable logging.
The process to enable collection for these logs is described in AWS ELB Enable Access Logs.
The logs themselves contain these fields in this order:
datetime, ELB_Server, clientIP, port, backend, \
backend_port, requestProc, ba_Response, cli_Response, \
ELB_StatusCode, be_StatusCode, rcvd, send, method, \
protocol, domain, server_port, path
The log format is described in AWS ELB Access Log Collection. For information on unified logs and metrics for AWS Elastic Load Balancing - Classic, see AWS Elastic Load Balancing ULM - Classic.
Prerequisites
Follow the below section, and then use the in-product instructions in Sumo Logic to set up the app. For information on collecting unified logs and metrics for AWS Elastic Load Balancing - Classic, see AWS Elastic Load Balancing ULM - Classic.
- Enable Elastic Load Balancing logging in your AWS account and configure a Sumo Logic ELB Source using these instructions.
- If you have more than one environment that generates Elastic Load Balancing data (such as ops, dev, and so on), you’ll need to configure a separate S3 Source for each environment. This means that you’ll have the three App Dashboards for each environment. To avoid confusion, and in order to identify which environment is generating data, you should name each S3 Source with the environment's name. For example, you might name Sources as ELB-prod, ELB-dev, ELB-test, and so on.
- Finally, make copies of each Panel in the Elastic Load Balancing Dashboards, and modify the search logic in each Panel so that you select the appropriate source for each environment. For example, for a production environment, you will add the string
_source=ELB-production
to the beginning of each search. If you have three environments then you will have three copies of the application for each of them (nine dashboards in total).