Graphing metrics generated by rules - Amazon CloudWatch

Graphing metrics generated by rules

Contributor Insights provides a metric math function, INSIGHT_RULE_METRIC. You can use this function to add data from a Contributor Insights report to a graph in the Metrics tab of the CloudWatch console. You can also set an alarm based on this math function. For more information about metric math functions, see Using metric math

To use this metric math function, you must be signed in to an account that has both the cloudwatch:GetMetricData and cloudwatch:GetInsightRuleReport permissions.

The syntax is INSIGHT_RULE_METRIC(ruleName, metricName). ruleName is the name of a Contributor Insights rule. metricName is one of the values in the following list. The value of metricName determines which type of data the math function returns.

  • UniqueContributors — the number of unique contributors for each data point.

  • MaxContributorValue — the value of the top contributor for each data point. The identity of the contributor might change for each data point in the graph.

    If this rule aggregates by Count, the top contributor for each data point is the contributor with the most occurrences in that period. If the rule aggregates by Sum, the top contributor is the contributor with the greatest sum in the log field specified by the rule's Value during that period.

  • SampleCount — the number of data points matched by the rule.

  • Sum — the sum of the values from all contributors during the time period represented by that data point.

  • Minimum — the minimum value from a single observation during the time period represented by that data point.

  • Maximum — the maximum value from a single observation during the time period represented by that data point.

  • Average — the average value from all contributors during the time period represented by that data point.

Setting an alarm on Contributor Insights metric data

Using the function INSIGHT_RULE_METRIC, you can set alarms on metrics that Contributor Insights generates. For example, you can create an alarm that's based on the percentage of rejected transmission control protocol (TCP) connections. To get started with this type of alarm, you can create rules like the ones shown in the following two examples:

Example rule: "RejectedConnectionsRule"

{ "Schema": { "Name": "CloudWatchLogRule", "Version": 1 }, "LogGroupNames": [ "/aws/containerinsights/sample-cluster-name/flowlogs" ], "LogFormat": "CLF", "Fields": { "3": "interfaceID", "4": "sourceAddress", "8": "protocol", "13": "action" }, "Contribution": { "Keys": [ "interfaceID", "sourceAddress" ], "Filters": [ { "Match": "protocol", "EqualTo": 6 }, { "Match": "action", "In": [ "REJECT" ] } ] }, "AggregateOn": "Sum" }

Example rule: "TotalConnectionsRule"

{ "Schema": { "Name": "CloudWatchLogRule", "Version": 1 }, "LogGroupNames": [ "/aws/containerinsights/sample-cluster-name/flowlogs" ], "LogFormat": "CLF", "Fields": { "3": "interfaceID", "4": "sourceAddress", "8": "protocol", "13": "action" }, "Contribution": { "Keys": [ "interfaceID", "sourceAddress" ], "Filters": [ { "Match": "protocol", "EqualTo": 6 } "AggregateOn": "Sum" }

After you create your rules, you can select the Metrics tab in the CloudWatch Console, where you can use the following example metric math expressions to graph the data that Contributor Insights reports:

Example: Metric math expressions

e1 INSIGHT_RULE_METRIC("RejectedConnectionsRule", "Sum") e2 INSIGHT_RULE_METRIC("TotalConnectionsRule", "Sum") e3 (e1/e2)*100

In the example, the metric math expression e3 returns all of the rejected TCP connections. If you want to be notified when 20 percent of the TCP connections are rejected, you can modify the expression by changing the threshold from 100 to 20.

Note

You can set an alarm on a metric that you're monitoring from the Metrics section. While on the Graphed metrics tab, you can select the Create alarm icon under the Actions column. The Create alarm icon looks like a bell.

For more information about graphing metrics and using metric math functions, see the following section: Adding a math expression to a CloudWatch graph.