LoggingLogSink

This resource is able to configure log sinks for a project, folder, or organization. The parent resource is configured by setting one of projectRef, folderRef, or organizationRef.

Property Value
Google Cloud Service Name Cloud Logging
Google Cloud Service Documentation /logging/docs/
Google Cloud REST Resource Name
v2.folders.sinks
v2.organizations.sinks
v2.projects.sinks
Google Cloud REST Resource Documentation
/logging/docs/reference/v2/rest/v2/folders.sinks
/logging/docs/reference/v2/rest/v2/organizations.sinks
/logging/docs/reference/v2/rest/v2/projects.sinks
Config Connector Resource Short Names gcplogginglogsink
gcplogginglogsinks
logginglogsink
Config Connector Service Name logging.googleapis.com
Config Connector Resource Fully Qualified Name logginglogsinks.logging.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Custom Resource Definition Properties

Spec

Schema

  bigqueryOptions:
    usePartitionedTables: boolean
  description: string
  destination:
    bigQueryDatasetRef:
      external: string
      name: string
      namespace: string
    pubSubTopicRef:
      external: string
      name: string
      namespace: string
    storageBucketRef:
      external: string
      name: string
      namespace: string
  disabled: boolean
  exclusions:
  - description: string
    disabled: boolean
    filter: string
    name: string
  filter: string
  folderRef:
    external: string
    name: string
    namespace: string
  includeChildren: boolean
  organizationRef:
    external: string
    name: string
    namespace: string
  projectRef:
    external: string
    name: string
    namespace: string
  uniqueWriterIdentity: boolean
Fields

bigqueryOptions

Optional

object

Options that affect sinks exporting data to BigQuery.

bigqueryOptions.usePartitionedTables

Required*

boolean

Whether to use BigQuery's partition tables. By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned tables the date suffix is no longer present and special query syntax has to be used instead. In both cases, tables are sharded based on UTC timezone.

description

Optional

string

A description of this sink. The maximum length of the description is 8000 characters.

destination

Required

object

destination.bigQueryDatasetRef

Optional

object

destination.bigQueryDatasetRef.external

Optional

string

The name of a BigQueryDataset.

destination.bigQueryDatasetRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

destination.bigQueryDatasetRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

destination.pubSubTopicRef

Optional

object

destination.pubSubTopicRef.external

Optional

string

The name of a PubSubTopic.

destination.pubSubTopicRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

destination.pubSubTopicRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

destination.storageBucketRef

Optional

object

destination.storageBucketRef.external

Optional

string

The name of a StorageBucket.

destination.storageBucketRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

destination.storageBucketRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

disabled

Optional

boolean

If set to True, then this sink is disabled and it does not export any log entries.

exclusions

Optional

list (object)

Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusion_filters it will not be exported.

exclusions.[]

Optional

object

exclusions.[].description

Optional

string

A description of this exclusion.

exclusions.[].disabled

Optional

boolean

If set to True, then this exclusion is disabled and it does not exclude any log entries

exclusions.[].filter

Required*

string

An advanced logs filter that matches the log entries to be excluded. By using the sample function, you can exclude less than 100% of the matching log entries

exclusions.[].name

Required*

string

A client-assigned identifier, such as "load-balancer-exclusion". Identifiers are limited to 100 characters and can include only letters, digits, underscores, hyphens, and periods. First character has to be alphanumeric.

filter

Optional

string

The filter to apply when exporting logs. Only log entries that match the filter are exported.

folderRef

Optional

object

The folder in which to create the sink. Only one of projectRef, folderRef, or organizationRef may be specified.

folderRef.external

Optional

string

The folderId of a Folder.

folderRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

folderRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

includeChildren

Optional

boolean

Immutable. Whether or not to include children organizations in the sink export. If true, logs associated with child projects are also exported; otherwise only logs relating to the provided organization are included.

organizationRef

Optional

object

The organization in which to create the sink. Only one of projectRef, folderRef, or organizationRef may be specified.

organizationRef.external

Optional

string

The name of an Organization.

organizationRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

organizationRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

projectRef

Optional

object

The project in which to create the sink. Only one of projectRef, folderRef, or organizationRef may be specified.

projectRef.external

Optional

string

The name of a Project.

projectRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

projectRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

uniqueWriterIdentity

Optional

boolean

Immutable. Whether or not to create a unique identity associated with this sink. If false (the default), then the writer_identity used is serviceAccount:cloud-logs@system.gserviceaccount.com. If true, then a unique service account is created and used for this sink. If you wish to publish logs across projects, you must set unique_writer_identity to true.

* Field is required when parent field is specified

Status

Schema

  conditions:
  - lastTransitionTime: string
    message: string
    reason: string
    status: string
    type: string
  writerIdentity: string
Fields
conditions

list (object)

Conditions represents the latest available observation of the resource's current state.

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

writerIdentity

string

The identity associated with this sink. This identity must be granted write access to the configured destination.

Sample YAML(s)

Folder Sink

  # Copyright 2020 Google LLC
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
  # You may obtain a copy of the License at
  #
  #     http://www.apache.org/licenses/LICENSE-2.0
  #
  # Unless required by applicable law or agreed to in writing, software
  # distributed under the License is distributed on an "AS IS" BASIS,
  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  # See the License for the specific language governing permissions and
  # limitations under the License.
  
  apiVersion: logging.cnrm.cloud.google.com/v1beta1
  kind: LoggingLogSink
  metadata:
    name: logginglogsink-sample-folder
  spec:
    folderRef:
      name: logginglogsink-dep-folder
    destination:
      bigQueryDatasetRef:
        name: logginglogsinkdepfolder
    filter: resource.type="bigquery_project" AND logName:"cloudaudit.googleapis.com"
  ---
  apiVersion: bigquery.cnrm.cloud.google.com/v1beta1
  kind: BigQueryDataset
  metadata:
    annotations:
      cnrm.cloud.google.com/delete-contents-on-destroy: "true"
    name: logginglogsinkdepfolder
  ---
  apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
  kind: Folder
  metadata:
    annotations:
      # Replace "${ORG_ID?}" with the numeric ID for your organization
      cnrm.cloud.google.com/organization-id: "${ORG_ID?}"
    name: logginglogsink-dep-folder
  spec:
    displayName: Config Connector Folder Sink Sample

Organization Sink

  # Copyright 2020 Google LLC
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
  # You may obtain a copy of the License at
  #
  #     http://www.apache.org/licenses/LICENSE-2.0
  #
  # Unless required by applicable law or agreed to in writing, software
  # distributed under the License is distributed on an "AS IS" BASIS,
  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  # See the License for the specific language governing permissions and
  # limitations under the License.
  
  apiVersion: logging.cnrm.cloud.google.com/v1beta1
  kind: LoggingLogSink
  metadata:
    name: logginglogsink-sample-org
  spec:
    organizationRef:
      # Replace "${ORG_ID?}" with the numeric ID for your organization
      external: "${ORG_ID?}"
    destination:
      storageBucketRef:
        # StorageBucket names must be globally unique. Replace ${PROJECT_ID?} with your project ID.
        name: ${PROJECT_ID?}-logginglogsink-dep-org
    filter: resource.type="bigquery_project" AND logName:"cloudaudit.googleapis.com"
  ---
  apiVersion: storage.cnrm.cloud.google.com/v1beta1
  kind: StorageBucket
  metadata:
    annotations:
      cnrm.cloud.google.com/force-destroy: "true"
    # StorageBucket names must be globally unique. Replace ${PROJECT_ID?} with your project ID.
    name: ${PROJECT_ID?}-logginglogsink-dep-org

Project Sink

  # Copyright 2020 Google LLC
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
  # You may obtain a copy of the License at
  #
  #     http://www.apache.org/licenses/LICENSE-2.0
  #
  # Unless required by applicable law or agreed to in writing, software
  # distributed under the License is distributed on an "AS IS" BASIS,
  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  # See the License for the specific language governing permissions and
  # limitations under the License.
  
  apiVersion: logging.cnrm.cloud.google.com/v1beta1
  kind: LoggingLogSink
  metadata:
    name: logginglogsink-sample-project
  spec:
    projectRef:
      name: logginglogsink-dep-project
    uniqueWriterIdentity: true
    destination:
      pubSubTopicRef:
        name: logginglogsink-dep-project
    filter: resource.type="bigquery_project" AND logName:"cloudaudit.googleapis.com"
  ---
  apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
  kind: PubSubTopic
  metadata:
    name: logginglogsink-dep-project
  ---
  apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
  kind: Project
  metadata:
    annotations:
      # Replace "${ORG_ID?}" with the numeric ID for your organization
      cnrm.cloud.google.com/organization-id: "${ORG_ID?}"
    name: logginglogsink-dep-project
  spec:
    name: Project Sink Sample
    billingAccountRef:
      # Replace "${BILLING_ACCOUNT_ID?}" with the numeric ID for your billing account
      external: "${BILLING_ACCOUNT_ID?}"