SumoLogic · sachin-sumologic · Apr 27, 2026 · Apr 27, 2026 · Apr 27, 2026 · May 7, 2026
@@ -3018,6 +3018,7 @@
   "/cid/1152": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dropbox-source/",
   "/cid/1155": "/docs/manage/data-masking/",
   "/cid/1153": "/docs/send-data/opentelemetry-collector/install-collector/docker",
+  "/cid/1170": "/docs/integrations/amazon-aws/amazon-overview",
   "/cid/1154": "/docs/send-data/hosted-collectors/krutrim-object-storage",
   "/cid/1156": "/docs/send-data/opentelemetry-collector/data-source-configurations/windows-active-directory-inventory",
   "/release-notes-collector/2026/04/11/hosted/": "/release-notes-collector/2026/05/11/hosted/",

@@ -0,0 +1,74 @@
+---
+id: amazon-overview
+title: Amazon Overview
+description: The Sumo Logic app for Amazon Overview provides a unified view of your AWS infrastructure with key metrics and logs from multiple AWS services in a single dashboard.
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<img src={useBaseUrl('img/integrations/amazon-aws/amazon-overview.png')} alt="Amazon Overview icon" width="50"/>
+
+**Amazon Overview**
+
+[Amazon Web Services (AWS)](https://aws.amazon.com/) provides secure, scalable cloud computing services and solutions. The Sumo Logic app for Amazon Overview gives you a unified view of your entire AWS infrastructure by aggregating key metrics and logs from multiple AWS services into consolidated dashboards.
+
+The Sumo Logic Amazon Overview app dashboards provide visibility into your overall AWS environment:
+* Monitor activity across all AWS services, including resource activity and geographic distribution of incoming requests.
+* Track performance metrics for Application Load Balancer (ALB), Classic Load Balancer (ELB), and Network Load Balancer (NLB), including requests served, errors, healthy/unhealthy hosts, and TLS negotiation errors.
+* View EC2 CPU utilization and free memory metrics.
+* Monitor RDS CPU utilization and freeable memory.
+* Track ElastiCache CPU utilization and freeable memory.
+* View Lambda invocations and errors.
+* Monitor DynamoDB requests by table and errors.
+* Track API Gateway requests by API name and errors.
+* Monitor SNS notifications delivered and failed.
+* Track SQS messages received and empty receives.
+* View ECS average CPU and memory utilization.
+
+## Installing the Amazon Overview app
+
+To install the app:
+
+1. Select **App Catalog**.
+1. In the 🔎 **Search Apps** field, run a search for your desired app, then select it.
+1. Click **Install App**.
+    :::note
+    Sometimes this button says **Add Integration**.
+    :::
+1. Click **Next**.
+1. Look for the dialog confirming that your app was installed successfully.<br/><img src={useBaseUrl('img/get-started/library/app-success.png')} alt="App success dialog" width="80%" />
+
+**Post-installation**
+
+Once your app is installed, it will appear in your **Personal** folder or the folder that you specified. From here, you can share it with other users in your organization. Dashboard panels will automatically start to fill with data matching the time range query received since you created the panel. Results won't be available immediately, but within about 20 minutes, you'll see completed graphs and maps.
+
+## Viewing the Amazon Overview dashboards
+
+The Sumo Logic app for Amazon Overview provides preconfigured dashboards that give you a unified view of your AWS infrastructure. These dashboards aggregate key metrics and logs from multiple AWS services, helping you monitor performance, track resource utilization, and identify issues across your entire AWS environment.
+
+### AWS Account Overview
+
+The **Amazon Overview - AWS Account Overview** dashboard provides a comprehensive view of your AWS account activity and resource performance across all services.
+
+Use this dashboard to:
+* Get a high-level view of your entire AWS infrastructure from a single dashboard.
+* Monitor incoming activity locations and AWS resource activity.
+* Track load balancer performance, including requests served, errors, and active connections across ALB, ELB, and NLB.
+* Monitor compute resource utilization for EC2, ECS, and Lambda.
+* View database performance metrics for RDS, DynamoDB, and ElastiCache.
+* Track messaging service health for SNS and SQS.
+* Monitor API Gateway requests and errors.
+
+<img src={useBaseUrl('img/integrations/amazon-aws/Amazon-Overview-AWS-Account-Overview.png')} alt="Amazon Overview - AWS Account Overview" style={{border: '1px solid gray'}} />
+
+### AWS Region Overview
+
+The **Amazon Overview - AWS Region Overview** dashboard provides detailed information about your AWS infrastructure filtered by region.
+
+Use this dashboard to:
+* View AWS resource activity and performance metrics for a specific region.
+* Compare service performance across different regions.
+* Identify region-specific issues with load balancers, compute, databases, or messaging services.
+* Monitor regional resource utilization trends.
+
+<img src={useBaseUrl('img/integrations/amazon-aws/Amazon-Overview-AWS-Region-Overview.png')} alt="Amazon Overview - AWS Region Overview" style={{border: '1px solid gray'}} />
@@ -133,33 +133,9 @@ account={{account}} region={{region}} namespace={{namespace}} "\"eventSource\":\
 2. Click **Save**.
 
 
-### Field in Field Schema
-
-1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Data Management**, and then under **Logs** select **Fields**. You can also click the **Go To...** menu at the top of the screen and select **Fields**. <br/>[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Logs > Fields**. 
-1. Search for the “**cacheclusterid**” field. 
-1. If not present, create it. Learn how to create and manage fields [here](/docs/manage/fields.md#manage-fields).
-
-
 ### Field Extraction Rule(s)
 
-Create a Field Extraction Rule for CloudTrail Logs. Learn how to create a Field Extraction Rule [here](/docs/manage/field-extractions/create-field-extraction-rule).
-
-```sql
-Rule Name: AwsObservabilityElastiCacheCloudTrailLogsFER
-Applied at: Ingest Time
-Scope (Specific Data): account=* eventname eventsource "elasticache.amazonaws.com"
-```
-
-**Parse Expression**
-
-```sumo
-| json "eventSource", "awsRegion", "requestParameters.cacheClusterId", "responseElements.cacheClusterId", "recipientAccountId" as eventSource, region, req_cacheClusterId, res_cacheClusterId, accountid nodrop
-| where eventSource = "elasticache.amazonaws.com"
-| if (!isEmpty(req_cacheClusterId), req_cacheClusterId, res_cacheClusterId) as cacheclusterid
-| "aws/elasticache" as namespace
-| tolowercase(cacheclusterid) as cacheclusterid
-| fields region, namespace, cacheclusterid, accountid
-```
+The FER **AwsObservabilityElastiCacheCloudTrailLogsFER** to extract fields `eventSource`, `region`, `req_cacheClusterId`, `res_cacheClusterId`, and `accountid` will be created as a part of app installation.
 
 ### Centralized AWS CloudTrail Log Collection
 
@@ -190,10 +166,18 @@ This section has instructions for installing the Sumo Logic app for **Amazon Ela
 
 Now that you have set up a collection for **Amazon ElastiCache**, install the Sumo Logic app to use the pre-configured dashboards that provide visibility into your environment for real-time analysis of overall usage.
 
-import AppInstall from '../../reuse/apps/app-install.md';
+import AppInstall from '../../reuse/apps/app-install-v2.md';
 
 <AppInstall/>
 
+As part of the app installation process, the following fields will be created by default:
+
+- `account` Name / alias to the AWS account.
+- `accountid` AWS account id.
+- `region` The region to which the resource name belongs to.
+- `namespace` Namespace for Amazon ElastiCache service is AWS/ElastiCache.
+- `cacheclusterid` A cache cluster ID is a user-supplied, unique name used to identify and manage an Amazon ElastiCache cluster.
+
 ## Viewing Amazon ElastiCache dashboards  
 
 
@@ -280,3 +264,32 @@ Use this dashboard to:
 If high latency commands are not being processed frequently, you will want to look into monitoring and potentially allocating more CPU resources.
 
 <img src={useBaseUrl('img/integrations/amazon-aws/Amazon-ElastiCache-Redis-Command-Stats.png')} alt="Amazon ElastiCache" />
+
+## Create monitors for Amazon ElastiCache app
+
+import CreateMonitors from '../../reuse/apps/create-monitors.md';
+
+<CreateMonitors/>
+
+### Amazon ElastiCache alerts
+
+| Alert Name | Alert Description and Conditions | Alert Condition | Recover Condition |
+|:--|:--|:--|:--|
+| `Amazon Elasticache - High CPU Utilization` | This alert fires when the average CPU utilization within a 5 minute interval for a host is high (&gt;=90%). The CPUUtilization metric includes total CPU utilization across application, operating system and management processes. We highly recommend monitoring CPU utilization for hosts with two vCPUs or less. | Count &gt;= 90 | Count &lt; 90 |
+| `Amazon Elasticache - High Engine CPU Utilization` | This alert fires when the average CPU utilization for the Redis engine process within a 5 minute interval is high (&gt;=90%). For larger node types with four vCPUs or more, use the EngineCPUUtilization metric to monitor and set thresholds for scaling. | Count &gt;= 90 | Count &lt; 90 |
+| `Amazon Elasticache - High Redis Database Memory Usage` | This alert fires when the average database memory usage within a 5 minute interval for the Redis engine is high (&gt;=95%). When the value reaches 100%, eviction may happen or write operations may fail based on ElastiCache policies thereby impacting application performance. | Count &gt;= 95 | Count &lt; 95 |
+| `Amazon Elasticache - High Redis Memory Fragmentation Ratio` | This alert fires when the average Redis memory fragmentation ratio within a 5 minute interval is high (&gt;=1.5). Value equal to or greater than 1.5 indicates significant memory fragmentation. | Count &gt;= 1.5 | Count &lt; 1.5 |
+| `Amazon Elasticache - Low Redis Cache Hit Rate` | This alert fires when the average cache hit rate for Redis within a 5 minute interval is low (&lt;=80%). This indicates low efficiency of the Redis instance. If cache ratio is lower than 80%, that indicates a significant amount of keys are either evicted, expired, or don't exist. | Count &lt;= 80 | Count &gt; 80 |
+| `Amazon Elasticache - Multiple Failed Operations` | This alert fires when we detect multiple failed operations within a 15 minute interval for an ElastiCache service. | Count &gt;= 10 | Count &lt; 10 |
+
+## Upgrade/Downgrade the AWS API Gateway app (Optional)
+
+import AppUpdate from '../../reuse/apps/app-update.md';
+
+<AppUpdate/>
+
+## Uninstalling the AWS API Gateway app (Optional)
+
+import AppUninstall from '../../reuse/apps/app-uninstall.md';
+
+<AppUninstall/>
@@ -211,37 +211,11 @@ These metrics can then be queried using Sumo Logic [Metrics queries](/docs/metri
 
 <img src={useBaseUrl('img/integrations/amazon-aws/AWS-Lambda-Search-Provisioned-Concurrency-Metrics.png')} alt="Search Provisioned Concurrency Metrics" />
 
-### Field in Field Schema
-
-1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Data Management**, and then under **Logs** select **Fields**. You can also click the **Go To...** menu at the top of the screen and select **Fields**.<br/>[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Logs > Fields**. 
-1. Search for the “**functionname**” field.
-1. If not present, create it. Learn how to create and manage fields [here](/docs/manage/fields.md#manage-fields).
-
-
 ### Field Extraction Rule(s)
 
-Create a Field Extraction Rule for AWS Lambda. Learn how to create a Field Extraction Rule [here](/docs/manage/field-extractions/create-field-extraction-rule).
-
-
-### Cloud Trail FER
-
-```sql
-Rule Name: AwsObservabilityFieldExtractionRule
-Applied at: Ingest Time
-Scope (Specific Data): account=* eventname eventsource "lambda.amazonaws.com"
-```
+The FER **AwsObservabilityLambdaCloudTrailLogsFER** to extract fields `region`, `namespace`, `accountid`, and `functionname` will be created as a part of app installation.
 
-```sumo title="Parse Expression"
-| json "eventSource", "awsRegion", "requestParameters", "recipientAccountId" as eventSource, region, requestParameters, accountid nodrop
-| where eventSource = "lambda.amazonaws.com"
-| json field=requestParameters "functionName", "resource" as functionname, resource nodrop
-| parse regex field=functionname "\w+:\w+:\S+:[\w-]+:\S+:\S+:(?<functionname>[\S]+)$" nodrop
-| parse field=resource "arn:aws:lambda:*:function:*" as f1, functionname2 nodrop
-| if (isEmpty(functionname), functionname2, functionname) as functionname
-| "aws/lambda" as namespace
-| tolowercase(functionname) as functionname
-| fields region, namespace, functionname, accountid
-```
+The FER **AwsObservabilityLambdaCloudWatchLogsFER** to extract fields `functionname` and `namespace` will be created as a part of app installation.
 
 ### Centralized AWS CloudTrail Log Collection
 
@@ -266,27 +240,22 @@ Enter a parse expression to create an “account” field that maps to the alias
 | fields account
 ```
 
-### Cloud Watch FER
-
-```yml
-Rule Name: AwsObservabilityLambdaCloudWatchLogsFER
-Applied at: Ingest Time
-Scope (Specific Data): account=* region* _sourceHost=/aws/lambda/*
-Parse Expression:
-| parse field=_sourceHost "/aws/lambda/*" as functionname
-| tolowercase(functionname) as functionname
-| "aws/lambda" as namespace
-| fields functionname, namespace
-```
-
 ## Installing the AWS Lambda App
 
 Now that you have set up collection for AWS Lambda, install the Sumo Logic App to use the pre-configured searches and dashboards that provide visibility into your environment for real-time analysis of overall usage.
 
-import AppInstall from '../../reuse/apps/app-install.md';
+import AppInstall from '../../reuse/apps/app-install-v2.md';
 
 <AppInstall/>
 
+As part of the app installation process, the following fields will be created by default:
+
+- `account` Name / alias to the AWS account.
+- `accountid` AWS account id.
+- `region` The region to which the resource name belongs to.
+- `namespace` Namespace for Amazon Lambda Service is AWS/Lambda.
+- `functionname` Lambda resource function name.
+
 ## Viewing AWS Lambda dashboards
 
 The following measurements and calculations drive the information shown in the dashboard panels:
@@ -317,7 +286,7 @@ Use this dashboard to:
 
 ### Request Analysis
 
-**The AWS Lambda - Request Analysis** dashboard provides deeper insights into the invocations, operations, and performance of your AWS Lambda functions.
+The **AWS Lambda - Request Analysis** dashboard provides deeper insights into the invocations, operations, and performance of your AWS Lambda functions.
 
 Use this dashboard to:
 * Monitor the invocation of an AWS Lambda function against all other functions.
@@ -331,7 +300,7 @@ Use this dashboard to:
 
 ### Usage Analysis
 
-**AWS Lambda - Usage Analysis** dashboard offers insights into function usage, including invocations, calling AWS services, user agents, IAM users, and detailed information about function callers.
+The **AWS Lambda - Usage Analysis** dashboard offers insights into function usage, including invocations, calling AWS services, user agents, IAM users, and detailed information about function callers.
 
 :::note
 This dashboard provides analysis of AWS CloudTrail Data Events. By default, AWS CloudTrail does not log data events. To enable AWS CloudTrail data events, refer to [AWS Lambda Data Event](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#logging-data-events-console)
@@ -367,7 +336,7 @@ Use this dashboard to:
 
 ### Resource Usage
 
-**AWS Lambda - Resource Usage** dashboard provides insights on recent AWS Lambda request details, memory usage trends, function duration, claimed concurrency, and compute usage.
+The **AWS Lambda - Resource Usage** dashboard provides insights on recent AWS Lambda request details, memory usage trends, function duration, claimed concurrency, and compute usage.
 
 Use this dashboard to:
 * Monitor the memory usage pattern of a Lambda function during its execution.
@@ -380,7 +349,7 @@ Use this dashboard to:
 
 ### Performance Trends
 
-**AWS Lambda - Performance Trends** dashboard displays log data analytics to provide insights on memory usage, function duration, recent request details, and compute usage.
+The **AWS Lambda - Performance Trends** dashboard displays log data analytics to provide insights on memory usage, function duration, recent request details, and compute usage.
 
 Use this dashboard to:
 * Monitor concurrent executions of an AWS Lambda function and understand trends over time.
@@ -393,10 +362,38 @@ Use this dashboard to:
 
 ### Threat Intel
 
-**AWS Lambda - Threat Intel** dashboard provides insights into incoming requests to your AWS Lambda functions from malicious sources determined via Sumo Logic [threat intelligence](/docs/security/threat-intelligence/). Panels show detailed information on malicious IPs and the malicious confidence of each threat.
+The **AWS Lambda - Threat Intel** dashboard provides insights into incoming requests to your AWS Lambda functions from malicious sources determined via Sumo Logic [threat intelligence](/docs/security/threat-intelligence/). Panels show detailed information on malicious IPs and the malicious confidence of each threat.
 
 Use this dashboard to:
 * Identify known malicious IPs that are accessing your load-balancers and use firewall access control lists to prevent them from sending you traffic going forward
 * Monitor the malicious confidence level for all incoming malicious IP address threats.
 
 <img src={useBaseUrl('img/integrations/amazon-aws/AWS-Lambda-Threat-Intel.png')} alt="AWS Lambda" />
+
+
+## Create monitors for AWS Lambda app
+
+import CreateMonitors from '../../reuse/apps/create-monitors.md';
+
+<CreateMonitors/>
+
+### AWS Lambda alerts
+
+| Alert Name | Alert Description and Conditions | Alert Condition | Recover Condition |
+|:--|:--|:--|:--|
+| `AWS Lambda - High Memory Utilization` | This alert fires when we detect a Lambda execution with memory usage of more than 85% within an interval of 10 minutes. | Count &gt; 0 | Count &lt;= 0 |
+| `AWS Lambda - High Percentage of Failed Requests` | This alert fires when we detect a large number of failed Lambda requests (&gt;5%) within an interval of 5 minutes. | Count &gt;= 5 | Count &lt; 5 |
+| `AWS Lambda - Low Provisioned Concurrency Utilization` | This alert fires when the average provisioned concurrency utilization for 5 minutes is low (&lt;= 50%). This indicates low provisioned concurrency utilization efficiency. | Count &lt;= 50 | Count &gt; 50 |
+| `AWS Lambda - Throttling` | This alert fires when we detect a Lambda running into throttling within an interval of 10 minutes. | Count &gt; 0 | Count &lt;= 0 |
+
+## Upgrade/Downgrade the AWS API Gateway app (Optional)
+
+import AppUpdate from '../../reuse/apps/app-update.md';
+
+<AppUpdate/>
+
+## Uninstalling the AWS API Gateway app (Optional)
+
+import AppUninstall from '../../reuse/apps/app-uninstall.md';
+
+<AppUninstall/>