Skip to content

Instantly share code, notes, and snippets.

@csereno

csereno/CW_Log_Metric_Filter_VPC_Flowlogs.md

Created February 1, 2019 22:50
Show Gist options
  • Save csereno/0f7597c8c88e070c3292a8450e7c0c27 to your computer and use it in GitHub Desktop.
Save csereno/0f7597c8c88e070c3292a8450e7c0c27 to your computer and use it in GitHub Desktop.
Download ZIP
CloudWatch Parse for VPC Flow Logs
Raw
CW_Log_Metric_Filter_VPC_Flowlogs.md

metric filter syntax

[version, account, eni, source, destination, srcport, destport="22", protocol="6", packets, bytes, windowstart, windowend, action="REJECT", flowlogstatus]
Raw
CW_Log_Parse_VPC_Flowlogs.md

CW log parse syntax

parse @message '* * * * * * * * * * * * * *' as version, account, eni, source, destination, srcport, destport, protocol, packets, bytes, windowstart, windowend, action, flowlogstatus | stats avg(bytes), min(bytes), max(bytes) by source, destination
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment