Graphing Metrics Generated by Rules
Contributor Insights provides a metric math function, INSIGHT_RULE_METRIC
.
You can use this function to add data from a Contributor Insights report to a graph
in the
Metrics tab of the CloudWatch console. You can also set an alarm based on
this math function. For more information about metric math functions, see Using Metric Math
To use this metric math function, you must be signed in to an account that has both
the
cloudwatch:GetMetricData
and cloudwatch:GetInsightRuleReport
permissions.
The syntax is INSIGHT_RULE_METRIC(
. ruleName
,
metricName
)ruleName
is the
name of a Contributor Insights rule. metricName
is one of the
values in the following list. The value of metricName
determines
which type of data the math function returns.

UniqueContributors
— the number of unique contributors for each data point. 
MaxContributorValue
— the value of the top contributor for each data point. The identity of the contributor might change for each data point in the graph.If this rule aggregates by COUNT, the top contributor for each data point is the contributor with the most occurrences in that period. If the rule aggregates by SUM, the top contributor is the contributor with the greatest sum in the log field specified by the rule's
Value
during that period. 
SampleCount
— the number of data points matched by the rule. 
Sum
— the sum of the values from all contributors during the time period represented by that data point. 
Minimum
— the minimum value from a single observation during the time period represented by that data point. 
Maximum
— the maximum value from a single observation during the time period represented by that data point. 
Average
— the average value from all contributors during the time period represented by that data point.
Setting an Alarm on Contributor Insights Metric Data
You can set alarms on metrics generated by Contributor Insights by using
INSIGHT_RULE_METRIC
. For example, you can create an alarm based on the
percentage of TCP connections that have been rejected. First, create two rules like
the
following:
{ "Schema": { "Name": "CloudWatchLogRule", "Version": 1 }, "LogGroupNames": [ "/aws/containerinsights/sampleclustername/flowlogs" ], "LogFormat": "CLF", "Fields": { "3": "interfaceID", "4": "sourceAddress", "8": "protocol", "13": "action" }, "Contribution": { "Keys": [ "interfaceID", "sourceAddress" ], "Filters": [ { "Match": "protocol", "EqualTo": 6 }, { "Match": "action", "In": [ "REJECT" ] } ] }, "AggregateOn": "Sum" }
{ "Schema": { "Name": "CloudWatchLogRule", "Version": 1 }, "LogGroupNames": [ "/aws/containerinsights/sampleclustername/flowlogs" ], "LogFormat": "CLF", "Fields": { "3": "interfaceID", "4": "sourceAddress", "8": "protocol", "13": "action" }, "Contribution": { "Keys": [ "interfaceID", "sourceAddress" ], "Filters": [ { "Match": "protocol", "EqualTo": 6 } "AggregateOn": "Sum" }
Then, in the Metrics tab on the console, create a graph with the following metric math expressions:
e1 INSIGHT_RULE_METRIC("RejectedConnectionsRule", "Sum") e2 INSIGHT_RULE_METRIC("TotalConnectionsRule", "Sum") e3 (e1/e2)*100
For more information about graphing metrics and using metric math functions, see Adding a Math Expression to a CloudWatch Graph.
In this example, the e3
expression returns the percentage of connections that
are rejected. If you want to be notified when 20 percent of connections are rejected,
you
can set an alarm on that expression, setting 20
as the threshold. To
set an alarm on a metric you are viewing in the Metrics tab, choose the
alarm icon in the row of the metric that you want to alarm on. The alarm icon looks
like a
bell.
For more information about graphing metrics and using metric math functions, see Adding a Math Expression to a CloudWatch Graph.