Query VPC flow logs in Cloudwatch insights
0
I'm trying to figure out how much traffic is going to a 10.25.x.x via our VPC flow logs. How can I do that in Cloudwatch Insights? I can't work out how to get 10.25.* to query
1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
1
There are two ways to do it, you can use the like clause on the filter like in the following example:
fields @timestamp, srcAddr
| sort @timestamp desc
| limit 20
| filter srcAddr like "10.25."
Second option is to use one of the ip functions to check to see if the ip address is in the subnet and in your case the subnet you need is 10.25.0.0/16
fields @timestamp, srcAddr
| sort @timestamp desc
| limit 20
| filter isIpv4InSubnet(srcAddr,"10.25.0.0/16")
Addtionally, here is a query that returns total bytes directed at the range of destination IPs in your range:
stats sum(bytes)
| sort @timestamp desc
| filter isIpv4InSubnet(dstAddr,"10.25.0.0/16")
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
- demandé il y a un an
AWS OFFICIELA mis à jour il y a 2 ans- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 2 ans
