Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into your virtual network. VPC Flow Logs is a feature that allows you to capture information about the IP traffic going to and from network interfaces in your VPC.
If you haven’t already, set up the Amazon Web Services integration first.
There are no additional steps required to collect non-aws.vpc.flowlogs.* AWS VPC metrics. Metrics prefixed with aws.vpc.flowlogs.* are generated by the Datadog VPC Flow Logs integration. See the log collection section below to enable flow logs metrics collection.
For aws.vpc.subnet.* metrics, contact Datadog support to enable collection for your account.
VPC flow logs must first be sent to an intermediate destination before being sent to Datadog. You can send them diectly to a Kinesis Data Firehose, or they can be stored in an S3 bucket or a CloudWatch Log group.
Kinesis Data Firehose is the recommended option for sending VPC flow logs to Datadog because it has less operational overhead and can be more cost-effective. Read Introducing Amazon VPC Flow Logs to Kinesis Data Firehose for more information.
Note: Specify vpc as the prefix for the S3 path or CloudWatch log group name to have the Lambda automatically tag the vpc source on the logs.
All filter to get both accepted and rejected connections.If you selected Kinesis Data Firehose as your destination, you are done!
If you selected an S3 bucket or the CloudWatch log group as your destination:
All object create events.Go to the Log Explorer to start exploring your logs.
For more information on collecting AWS Services logs, see Send AWS Services Logs with the Datadog Lambda Function.
| aws.transitgateway.bytes_in (count) | The number of bytes received by the transit gateway. Shown as byte |
| aws.transitgateway.bytes_out (count) | The number of bytes sent from the transit gateway. Shown as byte |
| aws.transitgateway.packet_drop_count_blackhole (count) | The number of packets dropped because they matched a blackhole route. Shown as packet |
| aws.transitgateway.packet_drop_count_no_route (count) | The number of packets dropped because they did not match a route. Shown as packet |
| aws.transitgateway.packets_in (count) | The number of packets received by the transit gateway. Shown as packet |
| aws.transitgateway.packets_out (count) | The number of packets sent by the transit gateway. Shown as packet |
| aws.vpc.flowlogs.action (count) | ACCEPT or REJECT if the traffic was permitted or not by the securtiy groups or network ACLs |
| aws.vpc.flowlogs.bytes.per_request.max (gauge) | The maximum number of bytes transferred per request during the capture window Shown as byte |
| aws.vpc.flowlogs.bytes.per_request.median (gauge) | The median number of bytes transferred per request during the capture window Shown as byte |
| aws.vpc.flowlogs.bytes.per_request.min (gauge) | The minimum number of bytes transferred per request during the capture window Shown as byte |
| aws.vpc.flowlogs.bytes.per_request.p90 (gauge) | The 90th percentile number of bytes transferred per request during the capture window Shown as byte |
| aws.vpc.flowlogs.bytes.per_request.p95 (gauge) | The 95th percentile number of bytes transferred per request during the capture window Shown as byte |
| aws.vpc.flowlogs.bytes.per_request.p99 (gauge) | The 99th percentile number of bytes transferred per request during the capture window Shown as byte |
| aws.vpc.flowlogs.bytes.total (count) | The total number of bytes transferred during the capture window Shown as byte |
| aws.vpc.flowlogs.duration.per_request.max (gauge) | The maximum duration per request during the capture window Shown as second |
| aws.vpc.flowlogs.duration.per_request.median (gauge) | The median duration per request during the capture window Shown as second |
| aws.vpc.flowlogs.duration.per_request.min (gauge) | The minimum duration per request during the capture window Shown as second |
| aws.vpc.flowlogs.duration.per_request.p90 (gauge) | The 90th percentile duration per request during the capture window Shown as second |
| aws.vpc.flowlogs.duration.per_request.p95 (gauge) | The 95th percentile duration per request during the capture window Shown as second |
| aws.vpc.flowlogs.duration.per_request.p99 (gauge) | The 99th percentile duration per request during the capture window Shown as second |
| aws.vpc.flowlogs.log_status (count) | The logging status of the flow log: OK NODATA or SKIPDATA |
| aws.vpc.flowlogs.packets.per_request.max (gauge) | The maximum number of packets transferred per request during the capture window Shown as packet |
| aws.vpc.flowlogs.packets.per_request.median (gauge) | The median number of packets transferred per request during the capture window Shown as packet |
| aws.vpc.flowlogs.packets.per_request.min (gauge) | The minimum number of packets transferred per request during the capture window Shown as packet |
| aws.vpc.flowlogs.packets.per_request.p90 (gauge) | The 90th percentile number of packets transferred per request during the capture window Shown as packet |
| aws.vpc.flowlogs.packets.per_request.p95 (gauge) | The 95th percentile number of packets transferred per request during the capture window Shown as packet |
| aws.vpc.flowlogs.packets.per_request.p99 (gauge) | The 99th percentile number of packets transferred per request during the capture window Shown as packet |
| aws.vpc.flowlogs.packets.total (count) | The total number of packets transferred during the capture window Shown as packet |
| aws.vpc.subnet.total_ip_address_count (gauge) | The total number of IP addresses contained within the subnet |
| aws.vpc.subnet.available_ip_address_count (gauge) | The number of available IP addresses in the subnet |
Each of the metrics retrieved from AWS is assigned the same tags that appear in the AWS console, including but not limited to host name, security-groups, and more.
The AWS VPC integration does not include any events.
The AWS VPC integration does not include any service checks.
Need help? Contact Datadog support.
Additional helpful documentation, links, and articles:
