Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into your virtual network. VPC Flow Logs is a feature that allows you to capture information about the IP traffic going to and from network interfaces in your VPC.
The Amazon Web Services integration must be set up in Datadog.
There are no additional steps required to collect non-aws.vpc.flowlogs.* AWS VPC metrics. Metrics prefixed with aws.vpc.flowlogs.* are generated by the Datadog VPC Flow Logs integration. See the log collection section below to enable flow logs metrics collection.
For aws.vpc.subnet.* metrics, contact Datadog support to enable collection for your account.
VPC flow logs can be sent to an S3 bucket or a CloudWatch Log group. Click on the VPC you want to monitor in the list, then choose Create Flow logs in the Flow Logs tab at the bottom of the screen:
Select the All filter to get both accepted and rejected connections, then select the appropriate S3 bucket or the Log Group:
Note: Specify vpc as prefix for the S3 file or CloudWatch log group names in order to have the Lambda automatically set the vpc source on the logs.
If you haven’t already, set up the Datadog log collection AWS Lambda function.
Once the Lambda function is installed, manually add a trigger on the S3 bucket or CloudWatch log group that contains your Amazon VPC flow logs via the AWS console. Then, in your Lambda, click on S3 or CloudWatch in the trigger list:
Configure your trigger by choosing the S3 bucket that contains your AWS VPC logs, then change the event type to Object Created (All). Finally, click on the add button.
When finished, use the Datadog Log Explorer to view your logs.
| aws.transitgateway.bytes_in (count) | The number of bytes received by the transit gateway. Shown as byte |
| aws.transitgateway.bytes_out (count) | The number of bytes sent from the transit gateway. Shown as byte |
| aws.transitgateway.packet_drop_count_blackhole (count) | The number of packets dropped because they matched a blackhole route. Shown as packet |
| aws.transitgateway.packet_drop_count_no_route (count) | The number of packets dropped because they did not match a route. Shown as packet |
| aws.transitgateway.packets_in (count) | The number of packets received by the transit gateway. Shown as packet |
| aws.transitgateway.packets_out (count) | The number of packets sent by the transit gateway. Shown as packet |
| aws.vpc.flowlogs.action (count) | ACCEPT or REJECT if the traffic was permitted or not by the securtiy groups or network ACLs |
| aws.vpc.flowlogs.bytes.per_request.max (gauge) | The maximum number of bytes transferred per request during the capture window Shown as byte |
| aws.vpc.flowlogs.bytes.per_request.median (gauge) | The median number of bytes transferred per request during the capture window Shown as byte |
| aws.vpc.flowlogs.bytes.per_request.min (gauge) | The minimum number of bytes transferred per request during the capture window Shown as byte |
| aws.vpc.flowlogs.bytes.per_request.p90 (gauge) | The 90th percentile number of bytes transferred per request during the capture window Shown as byte |
| aws.vpc.flowlogs.bytes.per_request.p95 (gauge) | The 95th percentile number of bytes transferred per request during the capture window Shown as byte |
| aws.vpc.flowlogs.bytes.per_request.p99 (gauge) | The 99th percentile number of bytes transferred per request during the capture window Shown as byte |
| aws.vpc.flowlogs.bytes.total (count) | The total number of bytes transferred during the capture window Shown as byte |
| aws.vpc.flowlogs.duration.per_request.max (gauge) | The maximum duration per request during the capture window Shown as second |
| aws.vpc.flowlogs.duration.per_request.median (gauge) | The median duration per request during the capture window Shown as second |
| aws.vpc.flowlogs.duration.per_request.min (gauge) | The minimum duration per request during the capture window Shown as second |
| aws.vpc.flowlogs.duration.per_request.p90 (gauge) | The 90th percentile duration per request during the capture window Shown as second |
| aws.vpc.flowlogs.duration.per_request.p95 (gauge) | The 95th percentile duration per request during the capture window Shown as second |
| aws.vpc.flowlogs.duration.per_request.p99 (gauge) | The 99th percentile duration per request during the capture window Shown as second |
| aws.vpc.flowlogs.log_status (count) | The logging status of the flow log: OK NODATA or SKIPDATA |
| aws.vpc.flowlogs.packets.per_request.max (gauge) | The maximum number of packets transferred per request during the capture window Shown as packet |
| aws.vpc.flowlogs.packets.per_request.median (gauge) | The median number of packets transferred per request during the capture window Shown as packet |
| aws.vpc.flowlogs.packets.per_request.min (gauge) | The minimum number of packets transferred per request during the capture window Shown as packet |
| aws.vpc.flowlogs.packets.per_request.p90 (gauge) | The 90th percentile number of packets transferred per request during the capture window Shown as packet |
| aws.vpc.flowlogs.packets.per_request.p95 (gauge) | The 95th percentile number of packets transferred per request during the capture window Shown as packet |
| aws.vpc.flowlogs.packets.per_request.p99 (gauge) | The 99th percentile number of packets transferred per request during the capture window Shown as packet |
| aws.vpc.flowlogs.packets.total (count) | The total number of packets transferred during the capture window Shown as packet |
| aws.vpc.subnet.total_ip_address_count (gauge) | The total number of IP addresses contained within the subnet |
| aws.vpc.subnet.available_ip_address_count (gauge) | The number of available IP addresses in the subnet |
Each of the metrics retrieved from AWS is assigned the same tags that appear in the AWS console, including but not limited to host name, security-groups, and more.
The AWS VPC integration does not include any events.
The AWS VPC integration does not include any service checks.
Need help? Contact Datadog support.
