Amazon QuickSight
Amazon QuickSight powers data-driven organizations with unified business intelligence (BI) at hyperscale. With QuickSight, all users can meet varying analytic needs from the same source of truth through modern interactive dashboards, paginated reports, embedded analytics, and natural language queries. You can analyze AWS AppFabric audit log data in QuickSight, by choosing your Amazon Simple Storage Service (Amazon S3) bucket where your AppFabric for security logs are stored as your source.
AppFabric audit log ingestion considerations
The following sections describe the AppFabric output schema, output formats, and output destinations to use with Amazon QuickSight.
Schema and formats
QuickSight supports the following AppFabric output schema and formats:
-
Raw - JSON
-
AppFabric outputs data in the original schema used by the source application in the JSON format.
-
-
OCSF - JSON
-
AppFabric normalizes the data using the Open Cybersecurity Schema Framework (OCSF) and outputs the data in the JSON format.
-
Output locations
QuickSight supports the following AppFabric output locations:
-
Amazon S3
-
You can ingest data from Amazon S3 directly into QuickSight by Creating a dataset using Amazon S3 files. To verify that your target file set doesn't exceed QuickSight data source quotas, see Data source quotas in the Amazon QuickSight User Guide.
-
If your file set exceeds QuickSight quotas for an Amazon S3 data source, you can ingest your data in Amazon S3 using Amazon Athena and AWS Glue tables. Using Athena in your QuickSight dataset will incur additional costs. For more information about Athena pricing, see the Athena pricing page
. To use Athena:
-
Follow the instructions in Using AWS Glue to connect to data sources in Amazon S3 in the Athena User Guide.
-
Follow the instructions in Creating a dataset using Athena data in the Amazon QuickSight User Guide.
-
-
