Graphing metrics generated by rules
Contributor Insights provides a metric math function, INSIGHT_RULE_METRIC.
You can use this function to add data from a Contributor Insights report to a graph in the
Metrics tab of the CloudWatch console. You can also set an alarm based on
this math function. For more information about metric math functions, see Use metric math.
To use this metric math function, you must be signed in to an account that has both the
cloudwatch:GetMetricData and cloudwatch:GetInsightRuleReport
permissions.
The syntax is INSIGHT_RULE_METRIC(. ruleName,
metricName)ruleName is the
name of a Contributor Insights rule. metricName is one of the
values in the following list. The value of metricName determines
which type of data the math function returns.
-
UniqueContributors— the number of unique contributors for each data point. -
MaxContributorValue— the value of the top contributor for each data point. The identity of the contributor might change for each data point in the graph.If this rule aggregates by
Count, the top contributor for each data point is the contributor with the most occurrences in that period. If the rule aggregates bySum, the top contributor is the contributor with the greatest sum in the log field specified by the rule'sValueduring that period. -
SampleCount— the number of data points matched by the rule. -
Sum— the sum of the values from all contributors during the time period represented by that data point. -
Minimum— the minimum value from a single observation during the time period represented by that data point. -
Maximum— the maximum value from a single observation during the time period represented by that data point. -
Average— the average value from all contributors during the time period represented by that data point.
Setting an alarm on Contributor Insights metric data
Using the function INSIGHT_RULE_METRIC,
you can set alarms
on metrics
that Contributor Insights generates.
For example,
you can create an alarm
that's based
on the percentage
of rejected transmission control protocol (TCP) connections.
To get started with this type
of alarm,
you can create rules
like the ones
shown
in the following two examples:
Example rule: "RejectedConnectionsRule"
{ "Schema": { "Name": "CloudWatchLogRule", "Version": 1 }, "LogGroupNames": [ "/aws/containerinsights/sample-cluster-name/flowlogs" ], "LogFormat": "CLF", "Fields": { "3": "interfaceID", "4": "sourceAddress", "8": "protocol", "13": "action" }, "Contribution": { "Keys": [ "interfaceID", "sourceAddress" ], "Filters": [ { "Match": "protocol", "EqualTo": 6 }, { "Match": "action", "In": [ "REJECT" ] } ] }, "AggregateOn": "Sum" }
Example rule: "TotalConnectionsRule"
{ "Schema": { "Name": "CloudWatchLogRule", "Version": 1 }, "LogGroupNames": [ "/aws/containerinsights/sample-cluster-name/flowlogs" ], "LogFormat": "CLF", "Fields": { "3": "interfaceID", "4": "sourceAddress", "8": "protocol", "13": "action" }, "Contribution": { "Keys": [ "interfaceID", "sourceAddress" ], "Filters": [ { "Match": "protocol", "EqualTo": 6 } "AggregateOn": "Sum" }
After you create your rules, you can select the Metrics tab in the CloudWatch Console, where you can use the following example metric math expressions to graph the data that Contributor Insights reports:
Example: Metric math expressions
e1 INSIGHT_RULE_METRIC("RejectedConnectionsRule", "Sum") e2 INSIGHT_RULE_METRIC("TotalConnectionsRule", "Sum") e3 (e1/e2)*100
In the example,
the metric math expression e3 returns all
of the rejected TCP connections.
If you want to be notified when 20 percent
of the TCP connections are rejected,
you can modify the expression
by changing the threshold from 100 to 20.
Note
You can set an alarm on a metric that you're monitoring from the Metrics section. While on the Graphed metrics tab, you can select the Create alarm icon under the Actions column. The Create alarm icon looks like a bell.
For more information about graphing metrics and using metric math functions, see the following section: Add a math expression to a CloudWatch graph.
