2020-10-21 - LogicMonitor Basics Office Hours

Question: Can you please describe how a sub-account works?  Our use case is entirely in AWS, and we have our customers set up with their own VPC. If I need to segregate their performance monitoring data is there an option to do so with a sub account? We will also have a collector in each customer VPC to monitor app servers as well as AWS resources like ELB/ALB/NLB and RDS.

Following up with a bit more detail on this one. First, have you already added your AWS account into LogicMonitor?

If you have already added your AWS account into monitoring, all of the resources are automatically discovered and already tagged in LogicMonitor based on the information discovered about each one from AWS. To see what's available, just click on any of the monitored resources in the resource tree and look at the “info” tab for the resource. You’ll see a bunch of properties that begin with “system.aws” (as shown below) and any of those can be used as the criteria for a dynamic group:

Since you mentioned each client has their own VPC, you could use the system.aws.vpcid property to automatically pull the resources for each VPC. Resources in LogicMonitor can be part of multiple groups, so in addition to the auto-created groups (which contain ALL resources and are based on the different AWS resource types), you can create separate dynamic groups to include specific subsets of the discovered resources. This can be based on any of the info stored in any of the properties. (Since you'll have a Collector in each VPC, you could even do it by Collector ID.)

Not sure how familiar you are with LM in general, so to make a dynamic group, go to “new group” on the Resources page and select the check box to auto-assign devices. You’ll want to do the custom query option, and you can do something like:

system.aws.vpcId =~ “1234567”

Then repeat that process for each client’s VPC. If you want to break it down further, you can have a static parent folder for each client, and then dynamic groups within that. In that case, the dynamic groups just to have more specific criteria. So if you wanted to dynamically group by AWS resource type for each client, you can build out the applies to query using && to string multiple criteria together. 

System.cloud.category =~ “AWS/EC2” && system.aws.vpcId =~ “1234567”

System.cloud.category =~ “AWS/RDS” && system.aws.vpcID =~ “1234567”

And so on for each client. (There are ways you can build out the groups programmatically using the API, if you have a huge number to account for.)

From there, you’d just need to create roles (on the settings page) that provide access to the groups and assign those roles to clients accordingly. Please let me know if you need any more info!