Use log buckets for data governance, now supported in 23 regions

Logs are an essential part of troubleshooting applications and services. However, ensuring your developers, DevOps, ITOps, and SRE teams have access to the logs they need, while accounting for operational tasks such as scaling up, access control, updates, and keeping your data compliant, can be challenging. To help you offload these operational tasks associated with running your own logging stack, we offer Cloud Logging. If you don’t need to worry about data residency, Cloud Logging will pick a region to store and process your logs. 

If you do have data governance and compliance requirements, we’re excited to share that Cloud Logging now offers even more flexibility and control by providing you a choice of which region to store and process your logging data. In addition to the information below, we recently published a whitepaper that details compliance best practices for logs data.

Choose from 23 regions to help keep your logs data compliant

Log entries from apps and services running on Google Cloud will automatically be received by Cloud Logging within the region where the resource is running. From there, logs will be stored in log buckets. Log buckets have many attributes in common with Cloud Storage buckets, including the ability to:

1. Set retention from 1 day to 10 years

2. Lock a log bucket to prevent anyone from deleting logs or reducing the retention period of the bucket

3. Choose a region for your log bucket. We recently introduced support for 23 regions to host your log buckets:

• Europe - europe-central2, europe-north1, europe-west1, europe-west2, europe-west3, europe-west4, europe-west6

• Americas - us-central1, us-east1, us-east4, us-west1, us-west2, us-west3, northamerica-northeast1, southamerica-east1

• Asia Pacific - asia-east1, asia-east2, asia-northeast1, asia-northeast2, asia-northeast3, asia-south1, asia-southeast1, australia-southeast1    

How to create a log bucket

You can get started with regionalized log storage in less than five minutes.

1. Go to the Cloud Console and go to Logging

2. Navigate to Logs Storage and click on “Create logs bucket”

3. Name the log bucket and choose the desired region. Note that the region cannot be changed later. 

4. Set the retention period and then click Create Bucket.

Once you have created the bucket, you need to point the incoming logs to that bucket. To complete this:

1. Go to the Logs Router section of the Cloud Console and click on the dots to the right of the _Default sink. 

2. Select “Edit Sink”

3. Under Sink Destination, change the log bucket selected from “projects/.../_Default” to “projects/.../ (name of newly created bucket)”. 

4. Scroll to the bottom and select “Update sink” to save the changes

If you need more detailed information on this topic, please see our step by step getting started guide for overcoming common logs data compliance challenges. 

More about data residency in Cloud Logging

We have covered a lot of information about logs in this blog. For more on this topic and other best practices for compliance with logs data, please download this whitepaper. We hope this helps you focus on managing your apps rather than your operations. If you would like to pose a question or join the conversation about Google Cloud operations with other professionals, please visit our new community page. Happy Logging!