Open2
CloudWatch
issyContents
issy通常検索
fields @timestamp, @message
| sort @timestamp desc
| limit 10
パケット合計
stats sum(packets) as packetsTransferred by srcAddr, dstAddr
| sort packetsTransferred desc
| limit 15
送信元のフィルタ
fields @timestamp, interfaceId, srcAddr, dstAddr, action
| filter (interfaceId = 'eni-xxxxxxxxx' and action = 'REJECT')
| sort @timestamp desc
| limit 5
fields @timestamp, srcAddr, dstAddr
| filter srcAddr like "172.31."
| sort @timestamp desc
| limit 5
バックエンドに対するHTTPまたはHTTPSのアクセス
fields @timestamp, @message, @logStream, @log
| filter (dstport = "80" or dstPort = "443")
| sort @timestamp desc
| limit 10000
レコード数による集計
fields @timestamp, @message
| stats count(*) as records by dstPort, srcAddr, dstAddr as Destination
| filter dstPort="80" or dstPort="443" or dstPort="22" or dstPort="25"
| sort HitCount desc
| limit 10