Query Flow Log for Insights

CloudWatch Logs Insights enables you to interactively search and analyze log data in CloudWatch Logs, including VPC flow logs. You can perform queries to help you more efficiently and effectively respond to operational issues. In the section you will run a query to show the top 10 talkers based on bytes transferred.

1. In the CloudWatch console click on Logs Insights

   

2. Select NetworkingWorkshopFlowLogsGroup from the Select log group(s) dropdown and click the Queries folder on the right hand side

   

3. Click Top 10 byte transfers by source and destination IP addresses under VPC Flow Logs, click Apply and then Run query

   

4. Review the query results. Do you recognize the top two IP addresses?