Generates metrics for dashboards and alerts

Under Logs > Log Groups > group > Metrics filters tab:

Can track failed SSH attempts on a port [version, account, eni, source, destination, srcport, destport="22", protocol="6", packets, bytes, windowstart, windowend, action="REJECT", flowlogstatus]

Can create alarms for metric filters for certain port attempts/failures

Can view log insights → and query log groups by clicking Queries and under sample queries there are many pre-written out of the box ready to go queries for many different scenarios and technologies