Graphing Metrics Generated by Rules - Amazon CloudWatch

Graphing Metrics Generated by Rules

Contributor Insights provides a metric math function, INSIGHT_RULE_METRIC. You can use this function to add data from a Contributor Insights report to a graph in the Metrics tab of the CloudWatch console. You can also set an alarm based on this math function. For more information about metric math functions, see Using Metric Math

To use this metric math function, you must be signed in to an account that has both the cloudwatch:GetMetricData and cloudwatch:GetInsightRuleReport permissions.

The syntax is INSIGHT_RULE_METRIC(ruleName, metricName). ruleName is the name of a Contributor Insights rule. metricName is one of the values in the following list. The value of metricName determines which type of data the math function returns.

  • UniqueContributors — the number of unique contributors for each data point.

  • MaxContributorValue — the value of the top contributor for each data point. The identity of the contributor might change for each data point in the graph.

    If this rule aggregates by COUNT, the top contributor for each data point is the contributor with the most occurrences in that period. If the rule aggregates by SUM, the top contributor is the contributor with the greatest sum in the log field specified by the rule's Value during that period.

  • SampleCount — the number of data points matched by the rule.

  • Sum — the sum of the values from all contributors during the time period represented by that data point.

  • Minimum — the minimum value from a single observation during the time period represented by that data point.

  • Maximum — the maximum value from a single observation during the time period represented by that data point.

  • Average — the average value from all contributors during the time period represented by that data point.

Setting an Alarm on Contributor Insights Metric Data

You can set alarms on metrics generated by Contributor Insights by using INSIGHT_RULE_METRIC. For example, you can create an alarm based on the percentage of TCP connections that have been rejected. First, create two rules like the following:

{ "Schema": { "Name": "CloudWatchLogRule", "Version": 1 }, "LogGroupNames": [ "/aws/containerinsights/sample-cluster-name/flowlogs" ], "LogFormat": "CLF", "Fields": { "3": "interfaceID", "4": "sourceAddress", "8": "protocol", "13": "action" }, "Contribution": { "Keys": [ "interfaceID", "sourceAddress" ], "Filters": [ { "Match": "protocol", "EqualTo": 6 }, { "Match": "action", "In": [ "REJECT" ] } ] }, "AggregateOn": "Sum" }
{ "Schema": { "Name": "CloudWatchLogRule", "Version": 1 }, "LogGroupNames": [ "/aws/containerinsights/sample-cluster-name/flowlogs" ], "LogFormat": "CLF", "Fields": { "3": "interfaceID", "4": "sourceAddress", "8": "protocol", "13": "action" }, "Contribution": { "Keys": [ "interfaceID", "sourceAddress" ], "Filters": [ { "Match": "protocol", "EqualTo": 6 } "AggregateOn": "Sum" }

Then, in the Metrics tab on the console, create a graph with the following metric math expressions:

e1 INSIGHT_RULE_METRIC("RejectedConnectionsRule", "Sum") e2 INSIGHT_RULE_METRIC("TotalConnectionsRule", "Sum") e3 (e1/e2)*100

For more information about graphing metrics and using metric math functions, see Adding a Math Expression to a CloudWatch Graph.

In this example, the e3 expression returns the percentage of connections that are rejected. If you want to be notified when 20 percent of connections are rejected, you can set an alarm on that expression, setting 20 as the threshold. To set an alarm on a metric you are viewing in the Metrics tab, choose the alarm icon in the row of the metric that you want to alarm on. The alarm icon looks like a bell.

For more information about graphing metrics and using metric math functions, see Adding a Math Expression to a CloudWatch Graph.