Evaluate your SIEM
Get the guideComplete visibility for DevSecOps
Reduce downtime and move from reactive to proactive monitoring.
March 6, 2014
Back to blog results
After the successful launch of the Sumo Logic Application for AWS CloudTrail last November and with numerous customers now using this application, we were really excited to work again on a new logging service from AWS, this time providing analytics around log files generated by the AWS Load Balancers.
Our integration with AWS CloudTrail targets use cases relevant to security, usage and operations. With our new application for AWS Elastic Load Balancing, we provide our customers with dashboards that provide real-time insights into operational data. You will also be able to add additional use cases based on your requirements by parsing the log entries and visualizing the data using our visualization tools.
Insights from ELB Log Data
Sumo Logic runs natively on the AWS infrastructure and uses AWS load balancers, so we had plenty of raw data to work with during the development of the content. You will find 12 fields in the ELB logs covering the entire request/response lifecycle. By adding the request, backend and response processing time, we can highlight the total time (latency) from when the load balancer started reading the request headers to when the load balancer started sending the response headers to the client. The Latency Analysis dashboard presents a granular analysis per domain, client IP and backend instance (EC2).
The Application also provides analysis of the status codes based on the ELB and backend instances status codes. Please note that the total count for the status codes will be similar for both the ELB and the instances most of the time, unless there are issues, such as no backend response or client rejected request. Additionally, for ELBs that have been configured with a TCP listener (layer 4) rather than HTTP, the TCP requests will be logged. In this case, you will see that the URL has three dashes and there are no values for the HTTP status codes.
Alerting Frequency
Often during my discussions with Sumo Logic users, the topic of scheduled searches and alerting comes up. Based on our work with ELB logs, there is no specific threshold that we recommend that covers every single use case scenario. The threshold should be based on the application - e.g., tiny beacon requests versus downloading huge files cause different latencies. Sumo Logic provides you with the flexibility to set threshold in the scheduled search or just to change the color in the graph for monitoring purpose, based on the value range.
Visualization
I want to talk a little bit about machine data visualization. While skiing last week in Steamboat Colorado, I kept thinking about the relevance of the beautiful Rocky Mountain landscape with the somewhat more mundane world of load balancer data visualization. So here is what we did to present the load balancers data in a more compelling way:
You can slice and dice the data using our Transpose operator as we did in the Latency by Load Balancer monitor, but I would like to focus on a different feature that was built by our UI team and share how we used it in this application. This feature combines data about the number of requests, the size of the total requests, the client IP address and integrates these data elements into the Total Requests and Data Volume monitor.
We first used this visualization approach in our Nginx app (Traffic Volume and Bytes Served monitor). We received very positive feedback and decided it made sense to incorporate this approach into this application as well.
Combining three fields in a single view enables you to get faster overview of your environment and also provides you with the ability to drill-down and investigate any activity.
It reminds one of the landscape above, right? :-)
To get this same visualization, click on the gear icon in the Search screen and choose the Change Series option.
For each data series, you can choose how you would like to represent the data. We used Column Chart for the total requests and Line Chart for the received and sent data.
I find it beautiful and useful. I hope you plan to use this visualization approach in your dashboards, and please let us know if any help is required.
One more thing…
Please stay tuned and check our posts next week… we can’t wait to share with you where we’re going next in the world of Sumo Logic Applications.
Categories
Sumo Logic cloud-native SaaS analytics
Build, run, and secure modern applications and cloud infrastructures.
Start free trial
Bruno Kurtic
Founding Chief Strategy Officer
Bruno leads strategy and solutions for Sumo Logic, pioneering machine-learning technology to address growing volumes of machine data across enterprise networks. Before Sumo Logic, he served as Vice President of Product Management for SIEM and log management products at SenSage. Before joining SenSage, Bruno developed and implemented growth strategies for large high-tech clients at the Boston Consulting Group (BCG). He spent six years at webMethods, where he was a Product Group Director for two product lines, started the west coast engineering team and played a key role in the acquisition of Active Software Inc. Bruno also served at Andersen Consulting’s Center for Strategic Technology in Palo Alto and founded a software company that developed handwriting and voice recognition software. Bruno holds an MBA from Massachusetts Institute of Technology (MIT) and B.A. in Quantitative Methods and Computer Science from University of St. Thomas, St.Paul, MN.
More posts by Bruno Kurtic.
Around the web
People who read this also enjoyed
Please check your inbox
To start using Sumo Logic, please click the activation link in the email sent from us. We sent an email to:
email@domain.comemail@domain.comemail@domain.com
Start your free trial today
No credit card required. Up and running in minutes.
You're in good company
More than 2,100 enterprises around the world rely on Sumo Logic to build, run, and secure their modern applications and cloud infrastructures.
