SumoLogic · sachin-sumologic · Apr 27, 2026 · Apr 27, 2026 · Apr 27, 2026 · May 7, 2026
@@ -3017,6 +3017,7 @@
   "/cid/1152": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dropbox-source/",
   "/cid/1155": "/docs/manage/data-masking/",
   "/cid/1153": "/docs/send-data/opentelemetry-collector/install-collector/docker",
+  "/cid/1170": "/docs/integrations/amazon-aws/amazon-overview",
   "/cid/1154": "/docs/send-data/hosted-collectors/krutrim-object-storage",
   "/cid/1156": "/docs/send-data/opentelemetry-collector/data-source-configurations/windows-active-directory-inventory",
   "/release-notes-collector/2026/04/11/hosted/": "/release-notes-collector/2026/05/11/hosted/",

@@ -0,0 +1,74 @@
+---
+id: amazon-overview
+title: Amazon Overview
+description: The Sumo Logic app for Amazon Overview provides a unified view of your AWS infrastructure with key metrics and logs from multiple AWS services in a single dashboard.
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<img src={useBaseUrl('img/integrations/amazon-aws/amazon-overview.png')} alt="Amazon Overview icon" width="50"/>
+
+**Amazon Overview**
+
+[Amazon Web Services (AWS)](https://aws.amazon.com/) provides secure, scalable cloud computing services and solutions. The Sumo Logic app for Amazon Overview gives you a unified view of your entire AWS infrastructure by aggregating key metrics and logs from multiple AWS services into consolidated dashboards.
+
+The Sumo Logic Amazon Overview app dashboards provide visibility into your overall AWS environment:
+* Monitor activity across all AWS services, including resource activity and geographic distribution of incoming requests.
+* Track performance metrics for Application Load Balancer (ALB), Classic Load Balancer (ELB), and Network Load Balancer (NLB), including requests served, errors, healthy/unhealthy hosts, and TLS negotiation errors.
+* View EC2 CPU utilization and free memory metrics.
+* Monitor RDS CPU utilization and freeable memory.
+* Track ElastiCache CPU utilization and freeable memory.
+* View Lambda invocations and errors.
+* Monitor DynamoDB requests by table and errors.
+* Track API Gateway requests by API name and errors.
+* Monitor SNS notifications delivered and failed.
+* Track SQS messages received and empty receives.
+* View ECS average CPU and memory utilization.
+
+## Installing the Amazon Overview app
+
+To install the app:
+
+1. Select **App Catalog**.
+1. In the 🔎 **Search Apps** field, run a search for your desired app, then select it.
+1. Click **Install App**.
+    :::note
+    Sometimes this button says **Add Integration**.
+    :::
+1. Click **Next**.
+1. Look for the dialog confirming that your app was installed successfully.<br/><img src={useBaseUrl('img/get-started/library/app-success.png')} alt="App success dialog" width="80%" />
+
+**Post-installation**
+
+Once your app is installed, it will appear in your **Personal** folder or the folder that you specified. From here, you can share it with other users in your organization. Dashboard panels will automatically start to fill with data matching the time range query received since you created the panel. Results won't be available immediately, but within about 20 minutes, you'll see completed graphs and maps.
+
+## Viewing the Amazon Overview dashboards
+
+The Sumo Logic app for Amazon Overview provides preconfigured dashboards that give you a unified view of your AWS infrastructure. These dashboards aggregate key metrics and logs from multiple AWS services, helping you monitor performance, track resource utilization, and identify issues across your entire AWS environment.
+
+### AWS Account Overview
+
+The **Amazon Overview - AWS Account Overview** dashboard provides a comprehensive view of your AWS account activity and resource performance across all services.
+
+Use this dashboard to:
+* Get a high-level view of your entire AWS infrastructure from a single dashboard.
+* Monitor incoming activity locations and AWS resource activity.
+* Track load balancer performance, including requests served, errors, and active connections across ALB, ELB, and NLB.
+* Monitor compute resource utilization for EC2, ECS, and Lambda.
+* View database performance metrics for RDS, DynamoDB, and ElastiCache.
+* Track messaging service health for SNS and SQS.
+* Monitor API Gateway requests and errors.
+
+<img src={useBaseUrl('img/integrations/amazon-aws/Amazon-Overview-AWS-Account-Overview.png')} alt="Amazon Overview - AWS Account Overview" style={{border: '1px solid gray'}} />
+
+### AWS Region Overview
+
+The **Amazon Overview - AWS Region Overview** dashboard provides detailed information about your AWS infrastructure filtered by region.
+
+Use this dashboard to:
+* View AWS resource activity and performance metrics for a specific region.
+* Compare service performance across different regions.
+* Identify region-specific issues with load balancers, compute, databases, or messaging services.
+* Monitor regional resource utilization trends.
+
+<img src={useBaseUrl('img/integrations/amazon-aws/Amazon-Overview-AWS-Region-Overview.png')} alt="Amazon Overview - AWS Region Overview" style={{border: '1px solid gray'}} />
@@ -142,24 +142,7 @@ account={{account}} region={{region}} namespace={{namespace}} "\"eventSource\":\
 
 ### Field Extraction Rule(s)
 
-Create a Field Extraction Rule for CloudTrail Logs. Learn how to create a Field Extraction Rule [here](/docs/manage/field-extractions/create-field-extraction-rule).
-
-```sql
-Rule Name: AwsObservabilityElastiCacheCloudTrailLogsFER
-Applied at: Ingest Time
-Scope (Specific Data): account=* eventname eventsource "elasticache.amazonaws.com"
-```
-
-**Parse Expression**
-
-```sumo
-| json "eventSource", "awsRegion", "requestParameters.cacheClusterId", "responseElements.cacheClusterId", "recipientAccountId" as eventSource, region, req_cacheClusterId, res_cacheClusterId, accountid nodrop
-| where eventSource = "elasticache.amazonaws.com"
-| if (!isEmpty(req_cacheClusterId), req_cacheClusterId, res_cacheClusterId) as cacheclusterid
-| "aws/elasticache" as namespace
-| tolowercase(cacheclusterid) as cacheclusterid
-| fields region, namespace, cacheclusterid, accountid
-```
+The FER **AwsObservabilityElastiCacheCloudTrailLogsFER** to extract fields `eventSource`, `region`, `req_cacheClusterId`, `res_cacheClusterId`, and `accountid` will be created as a part of app installation.
 
 ### Centralized AWS CloudTrail Log Collection
 
@@ -194,6 +177,14 @@ import AppInstall from '../../reuse/apps/app-install.md';
 
 <AppInstall/>
 
+As part of the app installation process, the following fields will be created by default:
+
+- `account` Name / alias to the AWS account.
+- `accountid` AWS account id.
+- `region` The region to which the resource name belongs to.
+- `namespace` Namespace for Amazon ElastiCache service is AWS/ElastiCache.
+- `cacheclusterid` A cache cluster ID is a user-supplied, unique name used to identify and manage an Amazon ElastiCache cluster.
+
 ## Viewing Amazon ElastiCache dashboards  
 
 

@@ -220,28 +220,9 @@ These metrics can then be queried using Sumo Logic [Metrics queries](/docs/metri
 
 ### Field Extraction Rule(s)
 
-Create a Field Extraction Rule for AWS Lambda. Learn how to create a Field Extraction Rule [here](/docs/manage/field-extractions/create-field-extraction-rule).
+The FER **AwsObservabilityLambdaCloudTrailLogsFER** to extract fields `region`, `namespace`, `accountid`, and `functionname` will be created as a part of app installation.
 
-
-### Cloud Trail FER
-
-```sql
-Rule Name: AwsObservabilityFieldExtractionRule
-Applied at: Ingest Time
-Scope (Specific Data): account=* eventname eventsource "lambda.amazonaws.com"
-```
-
-```sumo title="Parse Expression"
-| json "eventSource", "awsRegion", "requestParameters", "recipientAccountId" as eventSource, region, requestParameters, accountid nodrop
-| where eventSource = "lambda.amazonaws.com"
-| json field=requestParameters "functionName", "resource" as functionname, resource nodrop
-| parse regex field=functionname "\w+:\w+:\S+:[\w-]+:\S+:\S+:(?<functionname>[\S]+)$" nodrop
-| parse field=resource "arn:aws:lambda:*:function:*" as f1, functionname2 nodrop
-| if (isEmpty(functionname), functionname2, functionname) as functionname
-| "aws/lambda" as namespace
-| tolowercase(functionname) as functionname
-| fields region, namespace, functionname, accountid
-```
+The FER **AwsObservabilityLambdaCloudWatchLogsFER** to extract fields `functionname` and `namespace` will be created as a part of app installation.
 
 ### Centralized AWS CloudTrail Log Collection
 
@@ -266,19 +247,6 @@ Enter a parse expression to create an “account” field that maps to the alias
 | fields account
 ```
 
-### Cloud Watch FER
-
-```yml
-Rule Name: AwsObservabilityLambdaCloudWatchLogsFER
-Applied at: Ingest Time
-Scope (Specific Data): account=* region* _sourceHost=/aws/lambda/*
-Parse Expression:
-| parse field=_sourceHost "/aws/lambda/*" as functionname
-| tolowercase(functionname) as functionname
-| "aws/lambda" as namespace
-| fields functionname, namespace
-```
-
 ## Installing the AWS Lambda App
 
 Now that you have set up collection for AWS Lambda, install the Sumo Logic App to use the pre-configured searches and dashboards that provide visibility into your environment for real-time analysis of overall usage.
@@ -287,6 +255,14 @@ import AppInstall from '../../reuse/apps/app-install.md';
 
 <AppInstall/>
 
+As part of the app installation process, the following fields will be created by default:
+
+- `account` Name / alias to the AWS account.
+- `accountid` AWS account id.
+- `region` The region to which the resource name belongs to.
+- `namespace` Namespace for Amazon Lambda Service is AWS/Lambda.
+- `functionname` Lambda resource function name.
+
 ## Viewing AWS Lambda dashboards
 
 The following measurements and calculations drive the information shown in the dashboard panels:
@@ -317,7 +293,7 @@ Use this dashboard to:
 
 ### Request Analysis
 
-**The AWS Lambda - Request Analysis** dashboard provides deeper insights into the invocations, operations, and performance of your AWS Lambda functions.
+The **AWS Lambda - Request Analysis** dashboard provides deeper insights into the invocations, operations, and performance of your AWS Lambda functions.
 
 Use this dashboard to:
 * Monitor the invocation of an AWS Lambda function against all other functions.
@@ -331,7 +307,7 @@ Use this dashboard to:
 
 ### Usage Analysis
 
-**AWS Lambda - Usage Analysis** dashboard offers insights into function usage, including invocations, calling AWS services, user agents, IAM users, and detailed information about function callers.
+The **AWS Lambda - Usage Analysis** dashboard offers insights into function usage, including invocations, calling AWS services, user agents, IAM users, and detailed information about function callers.
 
 :::note
 This dashboard provides analysis of AWS CloudTrail Data Events. By default, AWS CloudTrail does not log data events. To enable AWS CloudTrail data events, refer to [AWS Lambda Data Event](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#logging-data-events-console)
@@ -367,7 +343,7 @@ Use this dashboard to:
 
 ### Resource Usage
 
-**AWS Lambda - Resource Usage** dashboard provides insights on recent AWS Lambda request details, memory usage trends, function duration, claimed concurrency, and compute usage.
+The **AWS Lambda - Resource Usage** dashboard provides insights on recent AWS Lambda request details, memory usage trends, function duration, claimed concurrency, and compute usage.
 
 Use this dashboard to:
 * Monitor the memory usage pattern of a Lambda function during its execution.
@@ -380,7 +356,7 @@ Use this dashboard to:
 
 ### Performance Trends
 
-**AWS Lambda - Performance Trends** dashboard displays log data analytics to provide insights on memory usage, function duration, recent request details, and compute usage.
+The **AWS Lambda - Performance Trends** dashboard displays log data analytics to provide insights on memory usage, function duration, recent request details, and compute usage.
 
 Use this dashboard to:
 * Monitor concurrent executions of an AWS Lambda function and understand trends over time.
@@ -393,7 +369,7 @@ Use this dashboard to:
 
 ### Threat Intel
 
-**AWS Lambda - Threat Intel** dashboard provides insights into incoming requests to your AWS Lambda functions from malicious sources determined via Sumo Logic [threat intelligence](/docs/security/threat-intelligence/). Panels show detailed information on malicious IPs and the malicious confidence of each threat.
+The **AWS Lambda - Threat Intel** dashboard provides insights into incoming requests to your AWS Lambda functions from malicious sources determined via Sumo Logic [threat intelligence](/docs/security/threat-intelligence/). Panels show detailed information on malicious IPs and the malicious confidence of each threat.
 
 Use this dashboard to:
 * Identify known malicious IPs that are accessing your load-balancers and use firewall access control lists to prevent them from sending you traffic going forward

@@ -58,40 +58,12 @@ Namespace for AWS Network Load Balancer Service is AWS/NetworkELB.
 
 ## Field Extraction Rule(s)
 
-Create a Field Extraction Rule for AWS Network Load Balancer Cloudtrail Logs. Learn how to create Field Extraction Rule [here](/docs/manage/field-extractions/create-field-extraction-rule).
+The FER **AwsObservabilityNLBCloudTrailLogsFER** to extract fields `region`, `namespace`, `accountid`, and `networkloadbalancer` will be created as a part of app installation.
 
-**AWS Network Load Balancer CloudTrail Logs**
-```sql
-Rule Name: AwsObservabilityNLBCloudTrailLogsFER
-Applied at: Ingest Time
-Scope (Specific Data): account=* eventSource eventName "elasticloadbalancing.amazonaws.com" "2015-12-01"
-```
-
-```sumo title="Parse Expression"
-json "eventSource", "awsRegion", "recipientAccountId", "requestParameters.name", "requestParameters.type", "requestParameters.loadBalancerArn", "requestParameters.listenerArn", "apiVersion" as event_source, region, accountid, networkloadbalancer, loadbalancertype, loadbalancerarn, listenerarn, api_version nodrop
-| where event_source = "elasticloadbalancing.amazonaws.com" and api_version matches "2015-12-01" 
-| "" as namespace
-| parse field=loadbalancerarn ":loadbalancer/*/*/*" as balancertype1, networkloadbalancer1, f1 nodrop
-| parse field=listenerarn ":listener/*/*/*/*" as balancertype2, networkloadbalancer2, f1, f2 nodrop
-| if(loadbalancertype matches "network", "aws/networkelb", if(balancertype1 matches "net", "aws/networkelb", if(balancertype2 matches "net", "aws/networkelb", namespace))) as namespace 
-| if(loadbalancertype matches "application", "aws/applicationelb", if(balancertype1 matches "app", "aws/applicationelb", if(balancertype2 matches "app", "aws/applicationelb", namespace))) as namespace
-| where namespace="aws/networkelb" or isEmpty(namespace)  
-| if (!isEmpty(networkloadbalancer), networkloadbalancer, if (!isEmpty(networkloadbalancer1), networkloadbalancer1, networkloadbalancer2)) as networkloadbalancer
-| toLowerCase(networkloadbalancer) as networkloadbalancer 
-| fields region, namespace, networkloadbalancer, accountid
-```
 
-## Metric rules
+## Metric rule(s)
 
-Create the following Metric Rule for the AWS/NetworkELB namespace if not already created. Learn how to create a Metrics Rule [here](/docs/metrics/metric-rules-editor#create-a-metrics-rule).
-
-```sql title="Rule 1*"
-Rule name: AwsObservabilityNLBMetricsAddonEntityRule
-Metric match expression: Namespace=AWS/NetworkELB LoadBalancer=*
-Variable name: networkloadbalancer
-Tag sequence: $LoadBalancer._1
-Save it
-```
+The Metric Rule **AwsObservabilityNLBMetricsAddonEntityRule** for the AWS/NetworkELB namespace will be created as a part of app installation.
 
 ## Installing the AWS Network Load Balancer app
 
@@ -101,6 +73,14 @@ import AppInstall from '../../reuse/apps/app-install.md';
 
 <AppInstall/>
 
+As part of the app installation process, the following fields will be created by default:
+
+- `account` Name / alias to the AWS account.
+- `accountid` AWS account id.
+- `region` The region to which the resource name belongs to.
+- `namespace` Namespace for AWS Network Load Balancer Service is AWS/NetworkELB.
+- `networkloadbalancer` Network Load Balancer name.
+
 ## Viewing AWS Network Load Balancer dashboards
 
 import FilterDashboards from '../../reuse/filter-dashboards.md';
@@ -109,7 +89,7 @@ import FilterDashboards from '../../reuse/filter-dashboards.md';
 
 ### Overview
 
-The **The AWS Network Load Balancer - Overview** dashboard provides detailed insights into a view of network utilization and performance. The dashboard provides information about the errors, health, and traffic handled by the load balancer.
+The **AWS Network Load Balancer - Overview** dashboard provides detailed insights into a view of network utilization and performance. The dashboard provides information about the errors, health, and traffic handled by the load balancer.
 
 Use this dashboard to:
 * Get an at-a-glance view of the number of errors and status of backend hosts.
@@ -185,3 +165,20 @@ Use this dashboard to:
 * Identify the most common error types and the users experiencing highest failure rates, facilitating targeted improvements and user support.
 
 <img src={useBaseUrl('img/integrations/amazon-aws/AWS-Network-Load-Balancer-CloudTrail-Audit.png')} alt="AWS Network Load Balancer dashboards" style={{border: '1px solid gray'}} width="800"/>
+
+## Create monitors for AWS Network Load Balancer app
+
+import CreateMonitors from '../../reuse/apps/create-monitors.md';
+
+<CreateMonitors/>
+
+### AWS Network Load Balancer alerts
+
+These alerts are available for the AWS Network Load Balancer app.
+
+| Alert Name | Alert Description and Conditions | Alert Condition | Recover Condition |
+|:--|:--|:--|:--|
+| `AWS Network Load Balancer - Deletion Alert` | This alert fires when we detect greater than or equal to 2 network load balancers are deleted over a 5 minute time-period. | Count >= 2 | Count < 2 |
+| `AWS Network Load Balancer - High TLS Negotiation Errors` | This alert fires when we detect that there are too many TLS Negotiation Errors (>=10%) within an interval of 5 minutes for a given network load balancer. | Percentage >= 10% | Percentage < 10% |
+| `AWS Network Load Balancer - High Unhealthy Hosts` | This alert fires when we detect that there are too many unhealthy hosts (>=10%) within an interval of 5 minutes for a given network load balancer. | Percentage >= 10% | Percentage < 10% |
+| `AWS Network Load Balancer - Targets Deregistered` | This alert fires when we detect greater than or equal to 1 target is de-registered over a 5 minute time-period. | Count >= 1 | Count < 1 |