steampipe plugin install ibm

Table: ibm_is_flow_log - Query IBM Cloud VPC Flow Logs using SQL

IBM Cloud VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. This service helps in monitoring and troubleshooting connectivity issues, and it also provides valuable information for security and compliance purposes. Flow Logs data can be used to simplify the diagnostic tasks such as tracking down why certain traffic is reaching an instance.

Table Usage Guide

The ibm_is_flow_log table provides insights into VPC Flow Logs within IBM Cloud. As a network administrator or security analyst, explore log-specific details through this table, including source and destination IP addresses, ports, protocols, and packet and byte counts. Utilize it to uncover information about network traffic, such as identifying patterns, potential security risks, and analyzing the overall network behavior.

Examples

Basic info

Gain insights into the basic information of your IBM flow logs, including their names, IDs, lifecycle states, and creation dates. This can be useful for assessing the status and history of your flow logs.

select
name,
id,
crn,
lifecycle_state,
created_at
from
ibm_is_flow_log;
select
name,
id,
crn,
lifecycle_state,
created_at
from
ibm_is_flow_log;

List flow log collectors by name

Explore the specific flow log collectors by name to assess their lifecycle state and creation time, which can help in managing and monitoring your IBM cloud resources. This can be particularly useful when you need to track the changes or status of a specific log collector named 'steampipe01'.

select
name,
id,
crn,
lifecycle_state,
created_at
from
ibm_is_flow_log
where
name = 'steampipe01';
select
name,
id,
crn,
lifecycle_state,
created_at
from
ibm_is_flow_log
where
name = 'steampipe01';

List all inactive flow log collectors

Discover the segments that contain inactive flow log collectors. This can be beneficial in optimizing resources by identifying unused or unnecessary elements within your system.

select
name,
id,
crn,
lifecycle_state,
created_at
from
ibm_is_flow_log
where
not active;
select
name,
id,
crn,
lifecycle_state,
created_at
from
ibm_is_flow_log
where
active = 0;

List all flow log collectors with auto delete disabled

Discover the segments that have auto-delete disabled in flow log collectors, which is essential for maintaining data security and ensuring no essential log data is lost unintentionally.

select
name,
id,
crn,
lifecycle_state,
created_at
from
ibm_is_flow_log
where
not auto_delete;
select
name,
id,
crn,
lifecycle_state,
created_at
from
ibm_is_flow_log
where
auto_delete = 0;

List flow logs with their corresponding VPC details

Explore which flow logs are associated with specific VPCs to better manage network traffic and security in your IBM cloud infrastructure. This can help identify potential issues or bottlenecks in your network configuration.

select
id,
name,
vpc ->> 'id' as vpc_id,
vpc ->> 'name' as vpc_name
from
ibm_is_flow_log;
select
id,
name,
json_extract(vpc, '$.id') as vpc_id,
json_extract(vpc, '$.name') as vpc_name
from
ibm_is_flow_log;

Schema for ibm_is_flow_log

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The ID fof the account.
activebooleanIndicates whether this collector is active.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
auto_deletebooleanIf set to `true`, this flow log collector will be automatically deleted when the target is deleted.
created_attimestamp with time zoneThe date and time that the flow log collector was created.
crntextThe CRN for this flow log collector.
hreftextThe URL for this flow log collector.
idtext=The unique identifier for this flow log collector.
lifecycle_statetextThe lifecycle state of the flow log collector.
nametext=The unique user-defined name for this flow log collector.
regiontextThe region of this flow log collector.
resource_groupjsonbThe resource group for this flow log collector.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
storage_bucketjsonbThe Cloud Object Storage bucket where the collected flows are logged.
tagsjsonbA map of tags for the resource.
targetjsonbThe target this collector is collecting flow logs for.
titletextTitle of the resource.
vpcjsonbThe VPC this flow log collector is associated with.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- ibm

You can pass the configuration to the command with the --config argument:

steampipe_export_ibm --config '<your_config>' ibm_is_flow_log