Table: ibm_is_flow_log - Query IBM Cloud VPC Flow Logs using SQL
IBM Cloud VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. This service helps in monitoring and troubleshooting connectivity issues, and it also provides valuable information for security and compliance purposes. Flow Logs data can be used to simplify the diagnostic tasks such as tracking down why certain traffic is reaching an instance.
Table Usage Guide
The ibm_is_flow_log
table provides insights into VPC Flow Logs within IBM Cloud. As a network administrator or security analyst, explore log-specific details through this table, including source and destination IP addresses, ports, protocols, and packet and byte counts. Utilize it to uncover information about network traffic, such as identifying patterns, potential security risks, and analyzing the overall network behavior.
Examples
Basic info
Gain insights into the basic information of your IBM flow logs, including their names, IDs, lifecycle states, and creation dates. This can be useful for assessing the status and history of your flow logs.
select name, id, crn, lifecycle_state, created_atfrom ibm_is_flow_log;
select name, id, crn, lifecycle_state, created_atfrom ibm_is_flow_log;
List flow log collectors by name
Explore the specific flow log collectors by name to assess their lifecycle state and creation time, which can help in managing and monitoring your IBM cloud resources. This can be particularly useful when you need to track the changes or status of a specific log collector named 'steampipe01'.
select name, id, crn, lifecycle_state, created_atfrom ibm_is_flow_logwhere name = 'steampipe01';
select name, id, crn, lifecycle_state, created_atfrom ibm_is_flow_logwhere name = 'steampipe01';
List all inactive flow log collectors
Discover the segments that contain inactive flow log collectors. This can be beneficial in optimizing resources by identifying unused or unnecessary elements within your system.
select name, id, crn, lifecycle_state, created_atfrom ibm_is_flow_logwhere not active;
select name, id, crn, lifecycle_state, created_atfrom ibm_is_flow_logwhere active = 0;
List all flow log collectors with auto delete disabled
Discover the segments that have auto-delete disabled in flow log collectors, which is essential for maintaining data security and ensuring no essential log data is lost unintentionally.
select name, id, crn, lifecycle_state, created_atfrom ibm_is_flow_logwhere not auto_delete;
select name, id, crn, lifecycle_state, created_atfrom ibm_is_flow_logwhere auto_delete = 0;
List flow logs with their corresponding VPC details
Explore which flow logs are associated with specific VPCs to better manage network traffic and security in your IBM cloud infrastructure. This can help identify potential issues or bottlenecks in your network configuration.
select id, name, vpc ->> 'id' as vpc_id, vpc ->> 'name' as vpc_namefrom ibm_is_flow_log;
select id, name, json_extract(vpc, '$.id') as vpc_id, json_extract(vpc, '$.name') as vpc_namefrom ibm_is_flow_log;
Schema for ibm_is_flow_log
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The ID fof the account. |
active | boolean | Indicates whether this collector is active. | |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
auto_delete | boolean | If set to `true`, this flow log collector will be automatically deleted when the target is deleted. | |
created_at | timestamp with time zone | The date and time that the flow log collector was created. | |
crn | text | The CRN for this flow log collector. | |
href | text | The URL for this flow log collector. | |
id | text | = | The unique identifier for this flow log collector. |
lifecycle_state | text | The lifecycle state of the flow log collector. | |
name | text | = | The unique user-defined name for this flow log collector. |
region | text | The region of this flow log collector. | |
resource_group | jsonb | The resource group for this flow log collector. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
storage_bucket | jsonb | The Cloud Object Storage bucket where the collected flows are logged. | |
tags | jsonb | A map of tags for the resource. | |
target | jsonb | The target this collector is collecting flow logs for. | |
title | text | Title of the resource. | |
vpc | jsonb | The VPC this flow log collector is associated with. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- ibm
You can pass the configuration to the command with the --config
argument:
steampipe_export_ibm --config '<your_config>' ibm_is_flow_log