diff --git a/cid-redirects.json b/cid-redirects.json index 94a13c3a01..da4a36be4e 100644 --- a/cid-redirects.json +++ b/cid-redirects.json @@ -3018,6 +3018,7 @@ "/cid/1152": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dropbox-source/", "/cid/1155": "/docs/manage/data-masking/", "/cid/1153": "/docs/send-data/opentelemetry-collector/install-collector/docker", + "/cid/1170": "/docs/integrations/amazon-aws/amazon-overview", "/cid/1154": "/docs/send-data/hosted-collectors/krutrim-object-storage", "/cid/1156": "/docs/send-data/opentelemetry-collector/data-source-configurations/windows-active-directory-inventory", "/release-notes-collector/2026/04/11/hosted/": "/release-notes-collector/2026/05/11/hosted/", diff --git a/docs/integrations/amazon-aws/amazon-overview.md b/docs/integrations/amazon-aws/amazon-overview.md new file mode 100644 index 0000000000..41db16b9da --- /dev/null +++ b/docs/integrations/amazon-aws/amazon-overview.md @@ -0,0 +1,74 @@ +--- +id: amazon-overview +title: Amazon Overview +description: The Sumo Logic app for Amazon Overview provides a unified view of your AWS infrastructure with key metrics and logs from multiple AWS services in a single dashboard. +--- + +import useBaseUrl from '@docusaurus/useBaseUrl'; + +Amazon Overview icon + +**Amazon Overview** + +[Amazon Web Services (AWS)](https://aws.amazon.com/) provides secure, scalable cloud computing services and solutions. The Sumo Logic app for Amazon Overview gives you a unified view of your entire AWS infrastructure by aggregating key metrics and logs from multiple AWS services into consolidated dashboards. + +The Sumo Logic Amazon Overview app dashboards provide visibility into your overall AWS environment: +* Monitor activity across all AWS services, including resource activity and geographic distribution of incoming requests. +* Track performance metrics for Application Load Balancer (ALB), Classic Load Balancer (ELB), and Network Load Balancer (NLB), including requests served, errors, healthy/unhealthy hosts, and TLS negotiation errors. +* View EC2 CPU utilization and free memory metrics. +* Monitor RDS CPU utilization and freeable memory. +* Track ElastiCache CPU utilization and freeable memory. +* View Lambda invocations and errors. +* Monitor DynamoDB requests by table and errors. +* Track API Gateway requests by API name and errors. +* Monitor SNS notifications delivered and failed. +* Track SQS messages received and empty receives. +* View ECS average CPU and memory utilization. + +## Installing the Amazon Overview app + +To install the app: + +1. Select **App Catalog**. +1. In the 🔎 **Search Apps** field, run a search for your desired app, then select it. +1. Click **Install App**. + :::note + Sometimes this button says **Add Integration**. + ::: +1. Click **Next**. +1. Look for the dialog confirming that your app was installed successfully.
App success dialog + +**Post-installation** + +Once your app is installed, it will appear in your **Personal** folder or the folder that you specified. From here, you can share it with other users in your organization. Dashboard panels will automatically start to fill with data matching the time range query received since you created the panel. Results won't be available immediately, but within about 20 minutes, you'll see completed graphs and maps. + +## Viewing the Amazon Overview dashboards + +The Sumo Logic app for Amazon Overview provides preconfigured dashboards that give you a unified view of your AWS infrastructure. These dashboards aggregate key metrics and logs from multiple AWS services, helping you monitor performance, track resource utilization, and identify issues across your entire AWS environment. + +### AWS Account Overview + +The **Amazon Overview - AWS Account Overview** dashboard provides a comprehensive view of your AWS account activity and resource performance across all services. + +Use this dashboard to: +* Get a high-level view of your entire AWS infrastructure from a single dashboard. +* Monitor incoming activity locations and AWS resource activity. +* Track load balancer performance, including requests served, errors, and active connections across ALB, ELB, and NLB. +* Monitor compute resource utilization for EC2, ECS, and Lambda. +* View database performance metrics for RDS, DynamoDB, and ElastiCache. +* Track messaging service health for SNS and SQS. +* Monitor API Gateway requests and errors. + +Amazon Overview - AWS Account Overview + +### AWS Region Overview + +The **Amazon Overview - AWS Region Overview** dashboard provides detailed information about your AWS infrastructure filtered by region. + +Use this dashboard to: +* View AWS resource activity and performance metrics for a specific region. +* Compare service performance across different regions. +* Identify region-specific issues with load balancers, compute, databases, or messaging services. +* Monitor regional resource utilization trends. + +Amazon Overview - AWS Region Overview diff --git a/docs/integrations/amazon-aws/elasticache.md b/docs/integrations/amazon-aws/elasticache.md index 85b7315187..92b8102deb 100644 --- a/docs/integrations/amazon-aws/elasticache.md +++ b/docs/integrations/amazon-aws/elasticache.md @@ -133,33 +133,9 @@ account={{account}} region={{region}} namespace={{namespace}} "\"eventSource\":\ 2. Click **Save**. -### Field in Field Schema - -1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Data Management**, and then under **Logs** select **Fields**. You can also click the **Go To...** menu at the top of the screen and select **Fields**.
[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Logs > Fields**. -1. Search for the “**cacheclusterid**” field. -1. If not present, create it. Learn how to create and manage fields [here](/docs/manage/fields.md#manage-fields). - - ### Field Extraction Rule(s) -Create a Field Extraction Rule for CloudTrail Logs. Learn how to create a Field Extraction Rule [here](/docs/manage/field-extractions/create-field-extraction-rule). - -```sql -Rule Name: AwsObservabilityElastiCacheCloudTrailLogsFER -Applied at: Ingest Time -Scope (Specific Data): account=* eventname eventsource "elasticache.amazonaws.com" -``` - -**Parse Expression** - -```sumo -| json "eventSource", "awsRegion", "requestParameters.cacheClusterId", "responseElements.cacheClusterId", "recipientAccountId" as eventSource, region, req_cacheClusterId, res_cacheClusterId, accountid nodrop -| where eventSource = "elasticache.amazonaws.com" -| if (!isEmpty(req_cacheClusterId), req_cacheClusterId, res_cacheClusterId) as cacheclusterid -| "aws/elasticache" as namespace -| tolowercase(cacheclusterid) as cacheclusterid -| fields region, namespace, cacheclusterid, accountid -``` +The FER **AwsObservabilityElastiCacheCloudTrailLogsFER** to extract fields `eventSource`, `region`, `req_cacheClusterId`, `res_cacheClusterId`, and `accountid` will be created as a part of app installation. ### Centralized AWS CloudTrail Log Collection @@ -190,10 +166,18 @@ This section has instructions for installing the Sumo Logic app for **Amazon Ela Now that you have set up a collection for **Amazon ElastiCache**, install the Sumo Logic app to use the pre-configured dashboards that provide visibility into your environment for real-time analysis of overall usage. -import AppInstall from '../../reuse/apps/app-install.md'; +import AppInstall from '../../reuse/apps/app-install-v2.md'; +As part of the app installation process, the following fields will be created by default: + +- `account` Name / alias to the AWS account. +- `accountid` AWS account id. +- `region` The region to which the resource name belongs to. +- `namespace` Namespace for Amazon ElastiCache service is AWS/ElastiCache. +- `cacheclusterid` A cache cluster ID is a user-supplied, unique name used to identify and manage an Amazon ElastiCache cluster. + ## Viewing Amazon ElastiCache dashboards @@ -280,3 +264,32 @@ Use this dashboard to: If high latency commands are not being processed frequently, you will want to look into monitoring and potentially allocating more CPU resources. Amazon ElastiCache + +## Create monitors for Amazon ElastiCache app + +import CreateMonitors from '../../reuse/apps/create-monitors.md'; + + + +### Amazon ElastiCache alerts + +| Alert Name | Alert Description and Conditions | Alert Condition | Recover Condition | +|:--|:--|:--|:--| +| `Amazon Elasticache - High CPU Utilization` | This alert fires when the average CPU utilization within a 5 minute interval for a host is high (>=90%). The CPUUtilization metric includes total CPU utilization across application, operating system and management processes. We highly recommend monitoring CPU utilization for hosts with two vCPUs or less. | Count >= 90 | Count < 90 | +| `Amazon Elasticache - High Engine CPU Utilization` | This alert fires when the average CPU utilization for the Redis engine process within a 5 minute interval is high (>=90%). For larger node types with four vCPUs or more, use the EngineCPUUtilization metric to monitor and set thresholds for scaling. | Count >= 90 | Count < 90 | +| `Amazon Elasticache - High Redis Database Memory Usage` | This alert fires when the average database memory usage within a 5 minute interval for the Redis engine is high (>=95%). When the value reaches 100%, eviction may happen or write operations may fail based on ElastiCache policies thereby impacting application performance. | Count >= 95 | Count < 95 | +| `Amazon Elasticache - High Redis Memory Fragmentation Ratio` | This alert fires when the average Redis memory fragmentation ratio within a 5 minute interval is high (>=1.5). Value equal to or greater than 1.5 indicates significant memory fragmentation. | Count >= 1.5 | Count < 1.5 | +| `Amazon Elasticache - Low Redis Cache Hit Rate` | This alert fires when the average cache hit rate for Redis within a 5 minute interval is low (<=80%). This indicates low efficiency of the Redis instance. If cache ratio is lower than 80%, that indicates a significant amount of keys are either evicted, expired, or don't exist. | Count <= 80 | Count > 80 | +| `Amazon Elasticache - Multiple Failed Operations` | This alert fires when we detect multiple failed operations within a 15 minute interval for an ElastiCache service. | Count >= 10 | Count < 10 | + +## Upgrade/Downgrade the AWS API Gateway app (Optional) + +import AppUpdate from '../../reuse/apps/app-update.md'; + + + +## Uninstalling the AWS API Gateway app (Optional) + +import AppUninstall from '../../reuse/apps/app-uninstall.md'; + + \ No newline at end of file diff --git a/docs/integrations/amazon-aws/lambda.md b/docs/integrations/amazon-aws/lambda.md index b25ae89dc0..8e81cad043 100644 --- a/docs/integrations/amazon-aws/lambda.md +++ b/docs/integrations/amazon-aws/lambda.md @@ -211,37 +211,11 @@ These metrics can then be queried using Sumo Logic [Metrics queries](/docs/metri Search Provisioned Concurrency Metrics -### Field in Field Schema - -1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Data Management**, and then under **Logs** select **Fields**. You can also click the **Go To...** menu at the top of the screen and select **Fields**.
[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Logs > Fields**. -1. Search for the “**functionname**” field. -1. If not present, create it. Learn how to create and manage fields [here](/docs/manage/fields.md#manage-fields). - - ### Field Extraction Rule(s) -Create a Field Extraction Rule for AWS Lambda. Learn how to create a Field Extraction Rule [here](/docs/manage/field-extractions/create-field-extraction-rule). - - -### Cloud Trail FER - -```sql -Rule Name: AwsObservabilityFieldExtractionRule -Applied at: Ingest Time -Scope (Specific Data): account=* eventname eventsource "lambda.amazonaws.com" -``` +The FER **AwsObservabilityLambdaCloudTrailLogsFER** to extract fields `region`, `namespace`, `accountid`, and `functionname` will be created as a part of app installation. -```sumo title="Parse Expression" -| json "eventSource", "awsRegion", "requestParameters", "recipientAccountId" as eventSource, region, requestParameters, accountid nodrop -| where eventSource = "lambda.amazonaws.com" -| json field=requestParameters "functionName", "resource" as functionname, resource nodrop -| parse regex field=functionname "\w+:\w+:\S+:[\w-]+:\S+:\S+:(?[\S]+)$" nodrop -| parse field=resource "arn:aws:lambda:*:function:*" as f1, functionname2 nodrop -| if (isEmpty(functionname), functionname2, functionname) as functionname -| "aws/lambda" as namespace -| tolowercase(functionname) as functionname -| fields region, namespace, functionname, accountid -``` +The FER **AwsObservabilityLambdaCloudWatchLogsFER** to extract fields `functionname` and `namespace` will be created as a part of app installation. ### Centralized AWS CloudTrail Log Collection @@ -266,27 +240,22 @@ Enter a parse expression to create an “account” field that maps to the alias | fields account ``` -### Cloud Watch FER - -```yml -Rule Name: AwsObservabilityLambdaCloudWatchLogsFER -Applied at: Ingest Time -Scope (Specific Data): account=* region* _sourceHost=/aws/lambda/* -Parse Expression: -| parse field=_sourceHost "/aws/lambda/*" as functionname -| tolowercase(functionname) as functionname -| "aws/lambda" as namespace -| fields functionname, namespace -``` - ## Installing the AWS Lambda App Now that you have set up collection for AWS Lambda, install the Sumo Logic App to use the pre-configured searches and dashboards that provide visibility into your environment for real-time analysis of overall usage. -import AppInstall from '../../reuse/apps/app-install.md'; +import AppInstall from '../../reuse/apps/app-install-v2.md'; +As part of the app installation process, the following fields will be created by default: + +- `account` Name / alias to the AWS account. +- `accountid` AWS account id. +- `region` The region to which the resource name belongs to. +- `namespace` Namespace for Amazon Lambda Service is AWS/Lambda. +- `functionname` Lambda resource function name. + ## Viewing AWS Lambda dashboards The following measurements and calculations drive the information shown in the dashboard panels: @@ -317,7 +286,7 @@ Use this dashboard to: ### Request Analysis -**The AWS Lambda - Request Analysis** dashboard provides deeper insights into the invocations, operations, and performance of your AWS Lambda functions. +The **AWS Lambda - Request Analysis** dashboard provides deeper insights into the invocations, operations, and performance of your AWS Lambda functions. Use this dashboard to: * Monitor the invocation of an AWS Lambda function against all other functions. @@ -331,7 +300,7 @@ Use this dashboard to: ### Usage Analysis -**AWS Lambda - Usage Analysis** dashboard offers insights into function usage, including invocations, calling AWS services, user agents, IAM users, and detailed information about function callers. +The **AWS Lambda - Usage Analysis** dashboard offers insights into function usage, including invocations, calling AWS services, user agents, IAM users, and detailed information about function callers. :::note This dashboard provides analysis of AWS CloudTrail Data Events. By default, AWS CloudTrail does not log data events. To enable AWS CloudTrail data events, refer to [AWS Lambda Data Event](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#logging-data-events-console) @@ -367,7 +336,7 @@ Use this dashboard to: ### Resource Usage -**AWS Lambda - Resource Usage** dashboard provides insights on recent AWS Lambda request details, memory usage trends, function duration, claimed concurrency, and compute usage. +The **AWS Lambda - Resource Usage** dashboard provides insights on recent AWS Lambda request details, memory usage trends, function duration, claimed concurrency, and compute usage. Use this dashboard to: * Monitor the memory usage pattern of a Lambda function during its execution. @@ -380,7 +349,7 @@ Use this dashboard to: ### Performance Trends -**AWS Lambda - Performance Trends** dashboard displays log data analytics to provide insights on memory usage, function duration, recent request details, and compute usage. +The **AWS Lambda - Performance Trends** dashboard displays log data analytics to provide insights on memory usage, function duration, recent request details, and compute usage. Use this dashboard to: * Monitor concurrent executions of an AWS Lambda function and understand trends over time. @@ -393,10 +362,38 @@ Use this dashboard to: ### Threat Intel -**AWS Lambda - Threat Intel** dashboard provides insights into incoming requests to your AWS Lambda functions from malicious sources determined via Sumo Logic [threat intelligence](/docs/security/threat-intelligence/). Panels show detailed information on malicious IPs and the malicious confidence of each threat. +The **AWS Lambda - Threat Intel** dashboard provides insights into incoming requests to your AWS Lambda functions from malicious sources determined via Sumo Logic [threat intelligence](/docs/security/threat-intelligence/). Panels show detailed information on malicious IPs and the malicious confidence of each threat. Use this dashboard to: * Identify known malicious IPs that are accessing your load-balancers and use firewall access control lists to prevent them from sending you traffic going forward * Monitor the malicious confidence level for all incoming malicious IP address threats. AWS Lambda + + +## Create monitors for AWS Lambda app + +import CreateMonitors from '../../reuse/apps/create-monitors.md'; + + + +### AWS Lambda alerts + +| Alert Name | Alert Description and Conditions | Alert Condition | Recover Condition | +|:--|:--|:--|:--| +| `AWS Lambda - High Memory Utilization` | This alert fires when we detect a Lambda execution with memory usage of more than 85% within an interval of 10 minutes. | Count > 0 | Count <= 0 | +| `AWS Lambda - High Percentage of Failed Requests` | This alert fires when we detect a large number of failed Lambda requests (>5%) within an interval of 5 minutes. | Count >= 5 | Count < 5 | +| `AWS Lambda - Low Provisioned Concurrency Utilization` | This alert fires when the average provisioned concurrency utilization for 5 minutes is low (<= 50%). This indicates low provisioned concurrency utilization efficiency. | Count <= 50 | Count > 50 | +| `AWS Lambda - Throttling` | This alert fires when we detect a Lambda running into throttling within an interval of 10 minutes. | Count > 0 | Count <= 0 | + +## Upgrade/Downgrade the AWS API Gateway app (Optional) + +import AppUpdate from '../../reuse/apps/app-update.md'; + + + +## Uninstalling the AWS API Gateway app (Optional) + +import AppUninstall from '../../reuse/apps/app-uninstall.md'; + + \ No newline at end of file diff --git a/docs/integrations/amazon-aws/network-load-balancer.md b/docs/integrations/amazon-aws/network-load-balancer.md index 213460afd2..8d07ef461c 100644 --- a/docs/integrations/amazon-aws/network-load-balancer.md +++ b/docs/integrations/amazon-aws/network-load-balancer.md @@ -50,57 +50,31 @@ When you create an AWS Source, you'll need to identify the Hosted Collector you Namespace for AWS Network Load Balancer Service is AWS/NetworkELB. ::: -## Field in field schema - -1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Data Management**, and then under **Logs** select **Fields**. You can also click the **Go To...** menu at the top of the screen and select **Fields**.
[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Logs > Fields**. -1. Search for the “**networkloadbalancer**” field. -1. If not present, create it. Learn how to create and manage fields [here](/docs/manage/fields.md#manage-fields). - ## Field Extraction Rule(s) -Create a Field Extraction Rule for AWS Network Load Balancer Cloudtrail Logs. Learn how to create Field Extraction Rule [here](/docs/manage/field-extractions/create-field-extraction-rule). - -**AWS Network Load Balancer CloudTrail Logs** -```sql -Rule Name: AwsObservabilityNLBCloudTrailLogsFER -Applied at: Ingest Time -Scope (Specific Data): account=* eventSource eventName "elasticloadbalancing.amazonaws.com" "2015-12-01" -``` +The FER **AwsObservabilityNLBCloudTrailLogsFER** to extract fields `region`, `namespace`, `accountid`, and `networkloadbalancer` will be created as a part of app installation. -```sumo title="Parse Expression" -json "eventSource", "awsRegion", "recipientAccountId", "requestParameters.name", "requestParameters.type", "requestParameters.loadBalancerArn", "requestParameters.listenerArn", "apiVersion" as event_source, region, accountid, networkloadbalancer, loadbalancertype, loadbalancerarn, listenerarn, api_version nodrop -| where event_source = "elasticloadbalancing.amazonaws.com" and api_version matches "2015-12-01" -| "" as namespace -| parse field=loadbalancerarn ":loadbalancer/*/*/*" as balancertype1, networkloadbalancer1, f1 nodrop -| parse field=listenerarn ":listener/*/*/*/*" as balancertype2, networkloadbalancer2, f1, f2 nodrop -| if(loadbalancertype matches "network", "aws/networkelb", if(balancertype1 matches "net", "aws/networkelb", if(balancertype2 matches "net", "aws/networkelb", namespace))) as namespace -| if(loadbalancertype matches "application", "aws/applicationelb", if(balancertype1 matches "app", "aws/applicationelb", if(balancertype2 matches "app", "aws/applicationelb", namespace))) as namespace -| where namespace="aws/networkelb" or isEmpty(namespace) -| if (!isEmpty(networkloadbalancer), networkloadbalancer, if (!isEmpty(networkloadbalancer1), networkloadbalancer1, networkloadbalancer2)) as networkloadbalancer -| toLowerCase(networkloadbalancer) as networkloadbalancer -| fields region, namespace, networkloadbalancer, accountid -``` -## Metric rules +## Metric rule(s) -Create the following Metric Rule for the AWS/NetworkELB namespace if not already created. Learn how to create a Metrics Rule [here](/docs/metrics/metric-rules-editor#create-a-metrics-rule). - -```sql title="Rule 1*" -Rule name: AwsObservabilityNLBMetricsAddonEntityRule -Metric match expression: Namespace=AWS/NetworkELB LoadBalancer=* -Variable name: networkloadbalancer -Tag sequence: $LoadBalancer._1 -Save it -``` +The Metric Rule **AwsObservabilityNLBMetricsRule** for the AWS/NetworkELB namespace will be created as a part of app installation. ## Installing the AWS Network Load Balancer app Now that you have set up a collection for **AWS Network Load Balancer**, install the Sumo Logic app to use the pre-configured dashboards that provide visibility into your environment for real-time analysis of overall usage. -import AppInstall from '../../reuse/apps/app-install.md'; +import AppInstall from '../../reuse/apps/app-install-v2.md'; +As part of the app installation process, the following fields will be created by default: + +- `account` Name / alias to the AWS account. +- `accountid` AWS account id. +- `region` The region to which the resource name belongs to. +- `namespace` Namespace for AWS Network Load Balancer Service is AWS/NetworkELB. +- `networkloadbalancer` Network Load Balancer name. + ## Viewing AWS Network Load Balancer dashboards import FilterDashboards from '../../reuse/filter-dashboards.md'; @@ -109,7 +83,7 @@ import FilterDashboards from '../../reuse/filter-dashboards.md'; ### Overview -The **The AWS Network Load Balancer - Overview** dashboard provides detailed insights into a view of network utilization and performance. The dashboard provides information about the errors, health, and traffic handled by the load balancer. +The **AWS Network Load Balancer - Overview** dashboard provides detailed insights into a view of network utilization and performance. The dashboard provides information about the errors, health, and traffic handled by the load balancer. Use this dashboard to: * Get an at-a-glance view of the number of errors and status of backend hosts. @@ -185,3 +159,33 @@ Use this dashboard to: * Identify the most common error types and the users experiencing highest failure rates, facilitating targeted improvements and user support. AWS Network Load Balancer dashboards + +## Create monitors for AWS Network Load Balancer app + +import CreateMonitors from '../../reuse/apps/create-monitors.md'; + + + +### AWS Network Load Balancer alerts + +These alerts are available for the AWS Network Load Balancer app. + +| Alert Name | Alert Description and Conditions | Alert Condition | Recover Condition | +|:--|:--|:--|:--| +| `AWS Network Load Balancer - Deletion Alert` | This alert fires when we detect greater than or equal to 2 network load balancers are deleted over a 5 minute time-period. | Count >= 2 | Count < 2 | +| `AWS Network Load Balancer - High TLS Negotiation Errors` | This alert fires when we detect that there are too many TLS Negotiation Errors (>=10%) within an interval of 5 minutes for a given network load balancer. | Percentage >= 10% | Percentage < 10% | +| `AWS Network Load Balancer - High Unhealthy Hosts` | This alert fires when we detect that there are too many unhealthy hosts (>=10%) within an interval of 5 minutes for a given network load balancer. | Percentage >= 10% | Percentage < 10% | +| `AWS Network Load Balancer - Targets Deregistered` | This alert fires when we detect greater than or equal to 1 target is de-registered over a 5 minute time-period. | Count >= 1 | Count < 1 | + + +## Upgrade/Downgrade the AWS API Gateway app (Optional) + +import AppUpdate from '../../reuse/apps/app-update.md'; + + + +## Uninstalling the AWS API Gateway app (Optional) + +import AppUninstall from '../../reuse/apps/app-uninstall.md'; + + diff --git a/docs/integrations/amazon-aws/rds.md b/docs/integrations/amazon-aws/rds.md index e105ebc9d6..7af797e985 100644 --- a/docs/integrations/amazon-aws/rds.md +++ b/docs/integrations/amazon-aws/rds.md @@ -424,37 +424,12 @@ Sumo Logic supports several methods for collecting logs from Amazon CloudWatch. Fields -### Field in Field Schema - -1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Data Management**, and then under **Logs** select **Fields**. You can also click the **Go To...** menu at the top of the screen and select **Fields**.
[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Logs > Fields**. -1. Search for the `dbidentifier`, `proxyname` fields. -1. If not present, create it. Learn how to create and manage fields [here](/docs/manage/fields#manage-fields). - ### Field Extraction Rule(s) -Create a Field Extraction Rule for CloudTrail Logs. Learn how to create a Field Extraction Rule [here](/docs/manage/field-extractions/create-field-extraction-rule). +The FER **AwsObservabilityRDSCloudTrailLogsFER** to extract fields `region`, `namespace`, `dBInstanceIdentifier`, `dBClusterIdentifier`, `dbidentifier`, `proxyname`, and `accountid` will be created as a part of app installation. -```sql -Rule Name: AwsObservabilityRdsCloudTrailLogsFER -Applied at: Ingest Time -Scope (Specific Data): account=* eventname eventsource "rds.amazonaws.com" -``` +The FER **AwsObservabilityRDSCloudWatchLogsFER** to extract fields `namespace`, `dbidentifier`, and `proxyname` will be created as a part of app installation. -```sumo title="Parse Expression" -| json "eventSource", "awsRegion", "requestParameters", "responseElements", "recipientAccountId" as eventSource, region, requestParameters, responseElements, accountid nodrop -| where eventSource = "rds.amazonaws.com" | "aws/rds" as namespace -| json field=requestParameters "dBInstanceIdentifier", "resourceName", "dBClusterIdentifier", "dBProxyName" as dBInstanceIdentifier1, resourceName, dBClusterIdentifier1, dBProxyName1 nodrop -| json field=responseElements "dBInstanceIdentifier", "dBClusterIdentifier", "dBProxy.dBProxyName", "dBProxyTargetGroup.dBProxyName" as dBInstanceIdentifier3, dBClusterIdentifier3, dBProxyName2, dBProxyName3 nodrop -| parse field=resourceName "arn:aws:rds:*:db:*" as f1, dBInstanceIdentifier2 nodrop -| parse field=resourceName "arn:aws:rds:*:cluster:*" as f1, dBClusterIdentifier2 nodrop -| if (resourceName matches "arn:aws:rds:*:db:*", dBInstanceIdentifier2, if (!isEmpty(dBInstanceIdentifier1), dBInstanceIdentifier1, dBInstanceIdentifier3) ) as dBInstanceIdentifier -| if (resourceName matches "arn:aws:rds:*:cluster:*", dBClusterIdentifier2, if (!isEmpty(dBClusterIdentifier1), dBClusterIdentifier1, dBClusterIdentifier3) ) as dBClusterIdentifier -| if (isEmpty(dBInstanceIdentifier), dBClusterIdentifier, dBInstanceIdentifier) as dbidentifier -| tolowercase(dbidentifier) as dbidentifier -| if (!isEmpty(dBProxyName1), dBProxyName1, if (!isEmpty(dBProxyName2), dBProxyName2, dBProxyName3)) as proxyname -| tolowercase(proxyname) as proxyname -| fields region, namespace, dBInstanceIdentifier, dBClusterIdentifier, dbidentifier, proxyname, accountid -``` ### Centralized AWS CloudTrail log collection @@ -479,60 +454,29 @@ Enter a parse expression to create an “account” field that maps to the alias | fields account ``` -#### Create/Update Field Extraction Rule(s) for RDS CloudWatch logs - - -``` -Rule Name: AwsObservabilityGenericCloudWatchLogsFER -Applied at: Ingest Time -Scope (Specific Data): -account=* region=* (_sourceHost=/aws/* or _sourceHost=API*Gateway*Execution*Logs*) -Parse Expression: -if (isEmpty(namespace),"unknown",namespace) as namespace -| if (_sourceHost matches "/aws/lambda/*", "aws/lambda", namespace) as namespace -| if (_sourceHost matches "/aws/rds/*", "aws/rds", namespace) as namespace -| if (_sourceHost matches "/aws/ecs/containerinsights/*", "aws/ecs", namespace) as namespace -| if (_sourceHost matches "/aws/kinesisfirehose/*", "aws/firehose", namespace) as namespace -| if (_sourceHost matches "/aws/apigateway/*", "aws/apigateway", namespace) as namespace -| if (_sourceHost matches "API-Gateway-Execution-Logs*", "aws/apigateway", namespace) as namespace -| parse field=_sourceHost "/aws/lambda/*" as functionname nodrop | tolowercase(functionname) as functionname -| parse field=_sourceHost "/aws/rds/proxy/*" as proxyname nodrop -| parse field=_sourceHost "/aws/rds/instance/*/" as dbidentifier nodrop -| parse field=_sourceHost "/aws/rds/cluster/*/" as dbidentifier nodrop -| parse field=_sourceHost "/aws/apigateway/*/*" as apiid, stage nodrop -| parse field=_sourceHost "API-Gateway-Execution-Logs_*/*" as apiid, stage nodrop | apiid as apiName -| tolowercase(dbidentifier) as dbidentifier -| fields namespace, functionname, proxyname, dbidentifier, apiid, apiName -``` - ### Metric Rules -Create the following two Metric Rules for the aws/rds namespace if not already created. Learn how to create a Metrics Rule [here](/docs/metrics/metric-rules-editor#create-a-metrics-rule). - -```sql title="Rule 1" -Rule name: AwsObservabilityRDSClusterMetricsEntityRule -Metric match expression: Namespace=AWS/RDS DBClusterIdentifier=* -Variable name: dbidentifier -Tag sequence: $DBClusterIdentifier._1 -Save it -``` - -```sql title="Rule 2" -Rule name: AwsObservabilityRDSInstanceMetricsEntityRule -Metric match expression: Namespace=AWS/RDS DBInstanceIdentifier=* -Variable name: dbidentifier -Tag sequence: $DBInstanceIdentifier._1 -Save it -``` +The Metric Rules **AwsObservabilityRDSClusterMetricsRule** and **AwsObservabilityRDSInstanceMetricsRule** for the aws/rds namespace will be created as a part of app installation. ## Installing the RDS app Now that you have set up a collection for **Amazon RDS**, install the Sumo Logic app to use the pre-configured [dashboards](#viewing-the-rds-dashboards) that provide visibility into your environment for real-time analysis of overall usage. -import AppInstall from '../../reuse/apps/app-install.md'; +import AppInstall from '../../reuse/apps/app-install-v2.md'; +As part of the app installation process, the following fields will be created by default: + +- `account` Name / alias to the AWS account. +- `accountid` AWS account id. +- `region` The region to which the resource name belongs to. +- `namespace` Namespace for Amazon RDS service is aws/rds. +- `dbidentifier` The RDS database instance identifier. +- `dBInstanceIdentifier` The identifier of the RDS DB instance. +- `dBClusterIdentifier` The identifier of the RDS DB cluster. +- `proxyname` The name of the RDS Proxy. + ## Viewing the RDS dashboards We highly recommend you view these dashboards in the [AWS Observability view](/docs/dashboards/explore-view/#aws-observability) of the AWS Observability solution. @@ -915,3 +859,47 @@ Use this dashboard to: * Troubleshoot proxy operations effectively using log insights. Amazon RDS dashboard + +## Create monitors for Amazon RDS app + +import CreateMonitors from '../../reuse/apps/create-monitors.md'; + + + +### Amazon RDS alerts + +These alerts are available for the Amazon RDS app. + +| Alert Name | Alert Description and Conditions | Alert Condition | Recover Condition | +|:--|:--|:--|:--| +| `Amazon RDS - High CPU Utilization` | This alert fires when we detect that the average CPU utilization for a database is high (>=85%) for an interval of 5 minutes. | Percentage >= 85% | Percentage < 85% | +| `Amazon RDS - High Disk Queue Depth` | This alert fires when the average disk queue depth for a database is high (>=5) for an interval of 5 minutes. Higher this value, higher will be the number of outstanding I/Os (read/write requests) waiting to access the disk, which will impact the performance of your application. | Count >= 5 | Count < 5 | +| `Amazon RDS - High Read Latency` | This alert fires when the average read latency of a database within a 5 minutes time interval is high (>=5 seconds). High read latency will affect the performance of your application. | Seconds >= 5 | Seconds < 5 | +| `Amazon RDS - High Write Latency` | This alert fires when the average write latency of a database within a 5 minute interval is high (>=5 seconds). High write latencies will affect the performance of your application. | Seconds >= 5 | Seconds < 5 | +| `Amazon RDS - Low Aurora Buffer Cache Hit Ratio` | This alert fires when the average RDS Aurora buffer cache hit ratio within a 5 minute interval is low (<= 50%). This indicates that a lower percentage of requests were served by the buffer cache, which could further indicate a degradation in application performance. | Percentage <= 50% | Percentage > 50% | +| `Amazon RDS - Low Burst Balance` | This alert fires when we observe a low burst balance (<= 50%) for a given database. A low burst balance indicates you won't be able to scale up as fast for burstable database workloads on gp2 volumes. | Percentage <= 50% | Percentage > 50% | +| `Amazon RDS - Low Free Storage` | This alert fires when the average free storage space of a RDS instance is low (< 512MB) for an interval of 15 minutes. | MB < 512 | MB >= 512 | +| `Amazon RDS - Low Freeable Memory` | This alert fires when the average Freeable memory of an RDS instance is < 128 MB for an interval of 15 minutes. If this value is lower you may need to scale up to a larger instance class. | MB <= 128 | MB > 128 | +| `Amazon RDS MSSQL - Authentication failures from the same client IP on multiple databases` | This alert fires when we detect a specific client IP attempting authentication failures on more than or equal to 10 databases over a 15 minute time-period. | Count >= 1 | Count < 1 | +| `Amazon RDS MSSQL - Database observing authentication failures from multiple client IPs` | This alert fires when we detect more than or equal to 10 client IPs attempting authentication failures on the database over a 15-minute period. | Count >= 1 | Count < 1 | +| `Amazon RDS MySQL - Excessive Slow Query Detected` | This alert fires when we detect the average time to execute a query is more than 5 seconds over last 10 minutes. | Count >= 1 | Count < 1 | +| `Amazon RDS MySQL - High Authentication Failure` | This alert fires when we detect more than 10 authentication failures over a 5 minute time-period. | Count > 10 | Count <= 10 | +| `Amazon RDS - Oracle Logs - DB Crash` | This alert fires when we detect greater than or equal to 1 Oracle DB crash over a 5 minute time-period. | Count >= 1 | Count < 1 | +| `Amazon RDS - Oracle Logs - Failed Connection Attempts` | This alert fires when we detect greater than or equal to 25 failed connection attempts over a 5 minute time-period. | Count >= 25 | Count < 25 | +| `Amazon RDS PostgreSQL - Excessive Slow Query Detected` | This alert fires when we detect the average time to execute a query is more than 5 seconds over a 10 minutes. | Count > 0 | Count <= 0 | +| `Amazon RDS PostgreSQL - High Authentication Failure` | This alert fires when we detect more than 10 authentication failures in Postgres logs over a 5 minute time-period. | Count > 10 | Count <= 10 | +| `Amazon RDS PostgreSQL - High Errors` | This alert fires when we detect high number (>10) of error/fatal logs in Postgres logs over a 5 minutes time period. | Count > 10 | Count <= 10 | +| `Amazon RDS PostgreSQL - Statement Timeouts` | This alert fires when we detect Postgres logs show statement timeouts. | Count > 0 | Count <= 0 | +| `Amazon RDS - Unencrypted RDS resources created` | This alert fires when an rds:CreateDBCluster or rds:CreateDBInstance CloudTrail event is detected where StorageEncrypted is not set to true, indicating an unencrypted RDS resource was created. | Count >= 1 | Count < 1 | + +## Upgrade/Downgrade the AWS API Gateway app (Optional) + +import AppUpdate from '../../reuse/apps/app-update.md'; + + + +## Uninstalling the AWS API Gateway app (Optional) + +import AppUninstall from '../../reuse/apps/app-uninstall.md'; + + diff --git a/docs/integrations/amazon-aws/sns.md b/docs/integrations/amazon-aws/sns.md index a4d9504ea1..ac4fc28e90 100644 --- a/docs/integrations/amazon-aws/sns.md +++ b/docs/integrations/amazon-aws/sns.md @@ -103,41 +103,9 @@ account={{account}} region={{region}} namespace={{namespace}} TopicName={{topicn * **Enable Multiline Processing**. Select the **Detect messages spanning multiple lines** check box, and select **Infer Boundaries**. 2. Click **Save**. -### Field in Field Schema - -1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Data Management**, and then under **Logs** select **Fields**. You can also click the **Go To...** menu at the top of the screen and select **Fields**.
[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Logs > Fields**. -1. Search for the `"topicname"` field. -1. If not present, create it. Learn how to create and manage fields [here](/docs/manage/fields#manage-fields). - ### Field Extraction Rule(s) -Create a Field Extraction Rule for CloudTrail Logs. Learn how to create a Field Extraction Rule [here](/docs/manage/field-extractions/create-field-extraction-rule). - -```sql -Rule Name: AwsObservabilitySNSCloudTrailLogsFER -Applied at: Ingest Time -Scope (Specific Data): account=* eventname eventsource \"sns.amazonaws.com\" -``` - -**Parse Expression**: - -```sumo -| json "userIdentity", "eventSource", "eventName", "awsRegion", "recipientAccountId", "requestParameters", "responseElements" as userIdentity, event_source, event_name, region, recipient_account_id, requestParameters, responseElements nodrop -| where event_source = "sns.amazonaws.com" -| json field=userIdentity "accountId", "type", "arn", "userName" as accountid, type, arn, username nodrop -| parse field=arn ":assumed-role/*" as user nodrop -| parse field=arn "arn:aws:iam::*:*" as accountid, user nodrop -| json field=requestParameters "topicArn", "name", "resourceArn", "subscriptionArn" as req_topic_arn, req_topic_name, resource_arn, subscription_arn nodrop -| json field=responseElements "topicArn" as res_topic_arn nodrop -| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn -| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn -| parse field=topic_arn "arn:aws:sns:*:*:*" as region_temp, accountid_temp, topic_arn_name_temp nodrop -| parse field=subscription_arn "arn:aws:sns:*:*:*:*" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop -| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname -| if (isBlank(accountid), recipient_account_id, accountid) as accountid -| "aws/sns" as namespace -| fields region, namespace, topicname, accountid -``` +The FER **AwsObservabilitySNSCloudTrailLogsFER** to extract fields `region`, `namespace`, `accountid`, and `topicname` will be created as a part of app installation. ## Centralized AWS CloudTrail Log Collection In case, you have a centralized collection of CloudTrail logs and are ingesting them from all accounts into a single Sumo Logic CloudTrail log source, create the following **Field Extraction Rule** to map a proper AWS account(s) friendly name/alias. Create it if not already present or update it as required. @@ -160,10 +128,18 @@ In case, you have a centralized collection of CloudTrail logs and are ingesting Now that you have set up collection for Amazon SNS, install the Sumo Logic app to use the pre-configured searches and dashboards that provide visibility into your environment for real-time analysis of overall usage. -import AppInstall from '../../reuse/apps/app-install.md'; +import AppInstall from '../../reuse/apps/app-install-v2.md'; +As part of the app installation process, the following fields will be created by default: + +- `account` Name / alias to the AWS account. +- `accountid` AWS account id. +- `region` The region to which the resource name belongs to. +- `namespace` Namespace for Amazon SNS service is aws/sns. +- `topicname` Amazon SNS a Topic Name. + ## Viewing Amazon SNS dashboards ### Overview @@ -226,3 +202,34 @@ Use this dashboard to: * Get details of all read only and non read only events. Amazon SNS + +## Create monitors for AWS SNS app + +import CreateMonitors from '../../reuse/apps/create-monitors.md'; + + + +### AWS SNS alerts + +These alerts are available for the AWS SNS app. + +| Alert Name | Alert Description and Conditions | Alert Condition | Recover Condition | +|:--|:--|:--|:--| +| `AWS SNS - Access from Highly Malicious Sources` | This alert fires when an Application AWS - SNS is accessed from highly malicious IP addresses within last 5 minutes. | Count > 0 | Count <= 0 | +| `AWS SNS - Failed Events` | This alert fires when an SNS app has high number of failed events (>5) within last 5 minutes. | Count > 5 | Count <= 5 | +| `AWS SNS - Failed Notifications` | This alert fires where there are many failed notifications (>=5) within an interval of 5 minutes. | Count > 2 | Count <= 2 | +| `AWS SNS - Notification to DLQ` | This alert fires when an SNS topic messages are moved to a dead-letter queue. | Count > 0 | Count <= 0 | +| `AWS SNS - Notification to DLQ Failure` | This alert fires when an SNS topic messages that couldn't be moved to a dead-letter queue. | Count > 0 | Count <= 0 | + + +## Upgrade/Downgrade the AWS API Gateway app (Optional) + +import AppUpdate from '../../reuse/apps/app-update.md'; + + + +## Uninstalling the AWS API Gateway app (Optional) + +import AppUninstall from '../../reuse/apps/app-uninstall.md'; + + \ No newline at end of file diff --git a/docs/integrations/amazon-aws/sqs.md b/docs/integrations/amazon-aws/sqs.md index 57c34e69a3..f71c6e4078 100644 --- a/docs/integrations/amazon-aws/sqs.md +++ b/docs/integrations/amazon-aws/sqs.md @@ -126,33 +126,9 @@ Sumo Logic supports collecting metrics using two source types: * **Enable Multiline Processing**. Select the **Detect messages spanning multiple lines** check box, and select **Infer Boundaries**. 2. Click **Save**. -## Field in Field Schema - -1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Data Management**, and then under **Logs** select **Fields**. You can also click the **Go To...** menu at the top of the screen and select **Fields**.
[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Logs > Fields**. -1. Search for the `queuename` field. -1. If not present, create it. Learn how to create and manage fields [here](/docs/manage/fields/#manage-fields). - ## Field Extraction Rule(s) -Create a Field Extraction Rule for CloudTrail Logs. Learn how to create a Field Extraction Rule [here](/docs/manage/field-extractions/create-field-extraction-rule). -* **Rule Name**: AwsObservabilitySQSCloudTrailLogsFER -* **Applied at**: Ingest Time -* **Scope (Specific Data)**: account=* eventname eventsource "sqs.amazonaws.com" -* **Parse Expression**: - -```sumo -json "userIdentity", "eventSource", "eventName", "awsRegion", "recipientAccountId", "requestParameters", "responseElements", "sourceIPAddress" as userIdentity, event_source, event_name, region, recipient_account_id, requestParameters, responseElements, src_ip nodrop -| json field=userIdentity "accountId", "type", "arn", "userName" as accountid, type, arn, username nodrop -| json field=requestParameters "queueUrl" as queueUrlReq nodrop -| json field=responseElements "queueUrl" as queueUrlRes nodrop -| where event_source="sqs.amazonaws.com" -| if(event_name="CreateQueue", queueUrlRes, queueUrlReq) as queueUrl -| parse regex field=queueUrl "(?[^\/]*$)" -| if (isBlank(recipient_account_id), accountid, recipient_account_id) as accountid -|! toLowerCase(queuename) as queuename -| "aws/sqs" as namespace -| fields region, namespace, queuename, accountid -``` +The FER **AwsObservabilitySQSCloudTrailLogsFER** to extract fields `region`, `namespace`, `accountid`, and `queuename` will be created as a part of app installation. ## Centralized AWS CloudTrail Log Collection @@ -176,10 +152,18 @@ In case you have a centralized collection of CloudTrail logs and are ingesting t Now that you have set up collection for Amazon SQS, install the Sumo Logic app to use the pre-configured dashboards that provide visibility into your environment for real-time analysis of overall usage. -import AppInstall from '../../reuse/apps/app-install.md'; +import AppInstall from '../../reuse/apps/app-install-v2.md'; +As part of the app installation process, the following fields will be created by default: + +- `account` Name / alias to the AWS account. +- `accountid` AWS account id. +- `region` The region to which the resource name belongs to. +- `namespace` Namespace for Amazon SQS Service is AWS/SQS. +- `queuename` Amazon SQS Service Queue Name. + ## Viewing Amazon SQS dashboards Amazon Simple Queue Service (Amazon SQS) is a fully managed message queuing service that makes it easy to decouple and scale microservices, distributed systems, and serverless applications. @@ -231,3 +215,45 @@ Use this dashboard to: * Get details of all threats by IPs. 3. Amazon SQS - Threat Intel + +### Performance Trends + +The **1. Amazon SQS - Performance Trends** dashboard provides derived performance insights including true consumer lag, empty receive rate trends, and cross-queue rankings by backlog and message staleness. + +Use this dashboard to: +* Monitor true consumer lag by tracking combined visible and delayed messages in the backlog. +* Identify queues with high empty receive rates to optimize polling behavior and reduce costs. +* Rank queues by consumer backlog size to prioritize capacity planning. +* Identify message staleness risks by tracking the age of the oldest message per queue. + +1. Amazon SQS - Performance Trends + +## Create monitors for AWS SQS app + +import CreateMonitors from '../../reuse/apps/create-monitors.md'; + + + +### AWS SQS alerts + +These alerts are available for the AWS SQS app. + +| Alert Name | Alert Description and Conditions | Alert Condition | Recover Condition | +|:--|:--|:--|:--| +| `AWS SQS - Access from Highly Malicious Sources` | This alert fires when an Application AWS - SQS is accessed from highly malicious IP addresses within last 5 minutes. | Count > 0 | Count <= 0 | +| `AWS SQS - Message processing not fast enough` | This alert fires when we detect message processing is not fast enough. That is, the average approximate age of the oldest non-deleted message in the queue is more than 5 seconds for an interval of 5 minutes. | Seconds > 5 | Seconds <= 5 | +| `AWS SQS - Messages not processed` | This alert fires when we detect messages that have been received by a consumer, but have not been processed (deleted/failed). That is, the average number of messages that are in flight are >=20 for an interval of 5 minutes. | Count >= 20 | Count < 20 | +| `AWS SQS - Queue has stopped receiving messages` | This alert fires when we detect that the queue has stopped receiving messages. That is, the average number of messages received in the queue <1 for an interval of 30 minutes. | Count < 1 | Count >= 1 | + + +## Upgrade/Downgrade the AWS API Gateway app (Optional) + +import AppUpdate from '../../reuse/apps/app-update.md'; + + + +## Uninstalling the AWS API Gateway app (Optional) + +import AppUninstall from '../../reuse/apps/app-uninstall.md'; + + \ No newline at end of file diff --git a/sidebars.ts b/sidebars.ts index d1b757a8b7..f7c644a769 100644 --- a/sidebars.ts +++ b/sidebars.ts @@ -2153,6 +2153,7 @@ integrations: [ collapsed: true, link: {type: 'doc', id: 'integrations/amazon-aws/index'}, items: [ + 'integrations/amazon-aws/amazon-overview', 'integrations/amazon-aws/amazon-appflow', 'integrations/amazon-aws/amazon-appstream2', 'integrations/amazon-aws/amazon-athena', diff --git a/static/img/integrations/amazon-aws/Amazon-Overview-AWS-Account-Overview.png b/static/img/integrations/amazon-aws/Amazon-Overview-AWS-Account-Overview.png new file mode 100644 index 0000000000..7c22989358 Binary files /dev/null and b/static/img/integrations/amazon-aws/Amazon-Overview-AWS-Account-Overview.png differ diff --git a/static/img/integrations/amazon-aws/Amazon-Overview-AWS-Region-Overview.png b/static/img/integrations/amazon-aws/Amazon-Overview-AWS-Region-Overview.png new file mode 100644 index 0000000000..f18b6ed9b0 Binary files /dev/null and b/static/img/integrations/amazon-aws/Amazon-Overview-AWS-Region-Overview.png differ diff --git a/static/img/integrations/amazon-aws/amazon-overview.png b/static/img/integrations/amazon-aws/amazon-overview.png new file mode 100644 index 0000000000..b3e069a749 Binary files /dev/null and b/static/img/integrations/amazon-aws/amazon-overview.png differ