The following sections describe how to configure AWS component devices in ELK stacks for monitoring by SL1 using the ELK: AWS CloudTrail PowerPack:
Prerequisites for Monitoring AWS ELK Stacks
To configure SL1 to monitor AWS component devices in ELK stacks using the ELK: AWS CloudTrail PowerPack, you must first:
- Install the Amazon Web Services PowerPack.
- Create a virtual device in SL1 to represent your AWS service.
- Discover AWS component devices by manually aligning the "AWS Account Discovery" Dynamic Application to the virtual device.
- Ensure that your AWS CloudTrail bucket is properly configured for all read/write events.
For more information about the Amazon Web Services PowerPack, including how to install the PowerPack and discover AWS devices, see
Creating an AWS ELK Credential
To use the Dynamic Applications in the ELK: AWS CloudTrail PowerPack, you must first define a credential in SL1. This credential enables the Dynamic Applications in the ELK: AWS CloudTrail PowerPack to monitor your AWS component devices in ELK stacks. The PowerPack includes a sample Basic/Snippet credential (ELK: AWS Example) that you can use as a template.
To define an AWS ELK credential:
- Go to the Credential Management page (System > Manage > Credentials).
- Click the wrench icon () for the ELK: AWS Example credential. The Credential Editor modal page appears.
- Enter values in the following fields:
- Credential Name. Type a new name for your AWS ELK credential.
- Hostname/IP. Type the IP address or hostname for the Logstash server that collects data for the AWS components in your ELK stack.
- Port. Type "9200".
Use the default values for the remaining fields.
The Basic/Snippet credential requires values in the Username and Password fields, but the values themselves do not matter.
- Click the button, and then click .
Aligning the AWS ELK Dynamic Applications
To monitor your AWS component devices in ELK stacks, you must manually align the "ELK: AWS Alignment" Dynamic Application with the AWS virtual device. When you do so, the remaining Dynamic Applications from the ELK: AWS CloudTrail PowerPack automatically align to the appropriate AWS component devices.
To manually align the "ELK: AWS Alignment" Dynamic Application to your virtual device:
- Go to the Device Manager page (Devices > Classic Devices, or Registry > Devices > Device Manager in the classic SL1 user interface).
- Locate your AWS virtual device and click its wrench icon ().
- In the Device Administration panel, click the tab. The Dynamic Application Collections page appears.
- Click the Add Dynamic Application from the menu. button, and then select
- In the Dynamic Application Alignment modal page, select ELK: AWS Alignment in the Dynamic Applications field.
- In the Credentials field, select the credential you created for your AWS ELK components.
- Click .
By default, the "ELK: AWS Alignment" Dynamic Application begins collecting data after 60 minutes. If you want to begin collecting data immediately, click the lightning bolt icon () for the "ELK: AWS Alignment" Dynamic Application on the Dynamic Application Collections page.
When you align the "ELK: AWS Alignment" Dynamic Application to the AWS root device, SL1 then aligns the following Dynamic Application from the ELK: AWS CloudTrail PowerPack to the appropriate component devices:
- ELK: AWS CloudTrail
- ELK: AWS CloudTrail EC2 Stats
To view the data collected by the "ELK: AWS CloudTrail" Dynamic Application, navigate to the Journal View page (Registry > Devices > Device Manager > bar-graph icon > Journals) and click ELK: AWS CloudTrail on the left menu.
To view the data collected by the "ELK: AWS CloudTrail EC2 Stats" Dynamic Application, navigate to the Device Performance page (Registry > Devices > Device Manager > bar-graph icon > Performance) and click ELK: AWS CloudTrail on the left menu.