LoggingLogSink
This resource is able to configure log sinks for a project, folder, or organization. The parent resource is configured by setting one of projectRef, folderRef, or organizationRef.
| Property | Value |
|---|---|
| Google Cloud Service Name | Cloud Logging |
| Google Cloud Service Documentation | /logging/docs/ |
| Google Cloud REST Resource Name | v2.folders.sinks v2.organizations.sinks v2.projects.sinks |
| Google Cloud REST Resource Documentation | /logging/docs/reference/v2/rest/v2/folders.sinks /logging/docs/reference/v2/rest/v2/organizations.sinks /logging/docs/reference/v2/rest/v2/projects.sinks |
| Config Connector Resource Short Names | gcplogginglogsink gcplogginglogsinks logginglogsink |
| Config Connector Service Name | logging.googleapis.com |
| Config Connector Resource Fully Qualified Name | logginglogsinks.logging.cnrm.cloud.google.com |
| Can Be Referenced by IAMPolicy/IAMPolicyMember | No |
| Config Connector Default Average Reconcile Interval In Seconds | 600 |
Custom Resource Definition Properties
Spec
Schema
bigqueryOptions: usePartitionedTables: boolean description: string destination: bigQueryDatasetRef: external: string name: string namespace: string loggingLogBucketRef: external: string name: string namespace: string pubSubTopicRef: external: string name: string namespace: string storageBucketRef: external: string name: string namespace: string disabled: boolean exclusions: - description: string disabled: boolean filter: string name: string filter: string folderRef: external: string name: string namespace: string includeChildren: boolean organizationRef: external: string name: string namespace: string projectRef: external: string name: string namespace: string resourceID: string uniqueWriterIdentity: boolean | Fields | |
|---|---|
|
Optional |
Options that affect sinks exporting data to BigQuery. |
|
Required* |
Whether to use BigQuery's partition tables. By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned tables the date suffix is no longer present and special query syntax has to be used instead. In both cases, tables are sharded based on UTC timezone. |
|
Optional |
A description of this sink. The maximum length of the description is 8000 characters. |
|
Required |
|
|
Optional |
|
|
Optional |
Allowed value: string of the format `bigquery.googleapis.com/projects/{{project}}/datasets/{{value}}`, where {{value}} is the `name` field of a `BigQueryDataset` resource. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
Only `external` field is supported to configure the reference. |
|
Optional |
Allowed value: string of the format `logging.googleapis.com/projects/{{project}}/locations/{{location}}/buckets/{{value}}`, where {{value}} is the `name` field of a `LoggingLogBucket` resource. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
|
|
Optional |
Allowed value: string of the format `pubsub.googleapis.com/projects/{{project}}/topics/{{value}}`, where {{value}} is the `name` field of a `PubSubTopic` resource. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
|
|
Optional |
Allowed value: string of the format `storage.googleapis.com/{{value}}`, where {{value}} is the `name` field of a `StorageBucket` resource. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
If set to True, then this sink is disabled and it does not export any log entries. |
|
Optional |
Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusion's filters, it will not be exported. |
|
Optional |
|
|
Optional |
A description of this exclusion. |
|
Optional |
If set to True, then this exclusion is disabled and it does not exclude any log entries. |
|
Required* |
An advanced logs filter that matches the log entries to be excluded. By using the sample function, you can exclude less than 100% of the matching log entries. |
|
Required* |
A client-assigned identifier, such as "load-balancer-exclusion". Identifiers are limited to 100 characters and can include only letters, digits, underscores, hyphens, and periods. First character has to be alphanumeric. |
|
Optional |
The filter to apply when exporting logs. Only log entries that match the filter are exported. |
|
Optional |
The folder in which to create the sink. Only one of projectRef, folderRef, or organizationRef may be specified. |
|
Optional |
Allowed value: The `folderId` field of a `Folder` resource. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
Immutable. Whether or not to include children organizations in the sink export. If true, logs associated with child projects are also exported; otherwise only logs relating to the provided organization are included. |
|
Optional |
The organization in which to create the sink. Only one of projectRef, folderRef, or organizationRef may be specified. |
|
Optional |
Allowed value: The `name` field of an `Organization` resource. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
The project in which to create the sink. Only one of projectRef, folderRef, or organizationRef may be specified. |
|
Optional |
Allowed value: The `name` field of a `Project` resource. |
|
Optional |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
|
Optional |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
|
Optional |
Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. |
|
Optional |
Whether or not to create a unique identity associated with this sink. If false (the default), then the writer_identity used is serviceAccount:cloud-logs@system.gserviceaccount.com. If true, then a unique service account is created and used for this sink. If you wish to publish logs across projects, you must set unique_writer_identity to true. |
* Field is required when parent field is specified
Status
Schema
conditions: - lastTransitionTime: string message: string reason: string status: string type: string observedGeneration: integer writerIdentity: string | Fields | |
|---|---|
conditions |
Conditions represent the latest available observation of the resource's current state. |
conditions[] |
|
conditions[].lastTransitionTime |
Last time the condition transitioned from one status to another. |
conditions[].message |
Human-readable message indicating details about last transition. |
conditions[].reason |
Unique, one-word, CamelCase reason for the condition's last transition. |
conditions[].status |
Status is the status of the condition. Can be True, False, Unknown. |
conditions[].type |
Type is the type of the condition. |
observedGeneration |
ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. |
writerIdentity |
The identity associated with this sink. This identity must be granted write access to the configured destination. |
Sample YAML(s)
Folder Sink
# Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: logging.cnrm.cloud.google.com/v1beta1 kind: LoggingLogSink metadata: name: logginglogsink-sample-folder spec: folderRef: name: logginglogsink-dep-folder destination: bigQueryDatasetRef: name: logginglogsinkdepfolder filter: resource.type="bigquery_project" AND logName:"cloudaudit.googleapis.com" --- apiVersion: bigquery.cnrm.cloud.google.com/v1beta1 kind: BigQueryDataset metadata: annotations: cnrm.cloud.google.com/delete-contents-on-destroy: "true" name: logginglogsinkdepfolder --- apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1 kind: Folder metadata: annotations: # Replace "${ORG_ID?}" with the numeric ID for your organization cnrm.cloud.google.com/organization-id: "${ORG_ID?}" name: logginglogsink-dep-folder spec: displayName: Folder Log Sink Sample Organization Sink
# Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: logging.cnrm.cloud.google.com/v1beta1 kind: LoggingLogSink metadata: name: logginglogsink-sample-org spec: organizationRef: # Replace "${ORG_ID?}" with the numeric ID for your organization external: "${ORG_ID?}" destination: storageBucketRef: # StorageBucket names must be globally unique. Replace ${PROJECT_ID?} with your project ID. name: ${PROJECT_ID?}-logginglogsink-dep-org filter: resource.type="bigquery_project" AND logName:"cloudaudit.googleapis.com" --- apiVersion: storage.cnrm.cloud.google.com/v1beta1 kind: StorageBucket metadata: annotations: cnrm.cloud.google.com/force-destroy: "true" # StorageBucket names must be globally unique. Replace ${PROJECT_ID?} with your project ID. name: ${PROJECT_ID?}-logginglogsink-dep-org Project Sink
# Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: logging.cnrm.cloud.google.com/v1beta1 kind: LoggingLogSink metadata: name: logginglogsink-sample-project spec: projectRef: name: logginglogsink-dep-project uniqueWriterIdentity: true destination: pubSubTopicRef: name: logginglogsink-dep-project filter: resource.type="bigquery_project" AND logName:"cloudaudit.googleapis.com" --- apiVersion: pubsub.cnrm.cloud.google.com/v1beta1 kind: PubSubTopic metadata: name: logginglogsink-dep-project --- apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1 kind: Project metadata: name: logginglogsink-dep-project spec: name: Config Connector Sample organizationRef: # Replace "${ORG_ID?}" with the numeric ID for your organization external: "${ORG_ID?}" billingAccountRef: # Replace "${BILLING_ACCOUNT_ID?}" with the numeric ID for your billing account external: "${BILLING_ACCOUNT_ID?}"