Stackdriver Logging is part of the Stackdriver suite of products in Google Cloud Platform (GCP). It includes storage for logs, a user interface called the Logs Viewer, and an API to manage logs programmatically. Logging lets you read and write log entries, search and query your logs, export your logs, and create logs-based metrics.
Logs are associated primarily with GCP projects, although other resources, such as organizations, folders, and billing accounts, can also have logs. The Logs Viewer shows only the logs from one project, but using the API, you can read log entries across multiple resources.
A log entry records status or an event. The entry might be created by GCP services, AWS services, third-party applications, or your own applications. The "message" the log entry carries is called the payload, and it can be a simple string or structured data.
Your project receives log entries when you begin to use the services that routinely produce log entries, like Compute Engine or BigQuery. You also get log entries when you connect Stackdriver to AWS, when you install the Logging agent on your VM instances, and when you call the entries.write method in the API.
A log is a named collection of log entries within a GCP resource.
Each log entry includes the name of its log. A log name can be a simple
syslog, or a structured name including the log's author, like
compute.googleapis.com/activity. Logs exist only if they have log entries.
Log entries are held in Stackdriver Logging for a limited time known as the retention period. After that, the entries are deleted. If you want to keep your log entries longer, export them outside of Stackdriver Logging.
The retention periods for different types of logs are listed in the Logging Quota Policy.
Each log entry indicates where it came from by including the name of a monitored resource. Examples are individual Compute Engine VM instances, individual Amazon EC2 VM instances, database instances, and so on. For a complete listing of monitored resource types, see Monitored Resources and Services.
An advanced query is a filter expression in the Logging query language. It is used in the Logs Viewer and the Stackdriver Logging API to select log entries, such as those from a particular VM instance or those arriving in a particular time period with a particular severity level.
Exporting logs using sinks
Log entries received by Logging can be exported to Cloud Storage buckets, BigQuery datasets, and Cloud Pub/Sub topics. You export logs by configuring log sinks, which then continue to export log entries as they arrive in Logging. A sink includes a destination and a query that selects the log entries to export.
An audit log is a permanent log written by a GCP service to record administrative or user actions. Audit logs appear in the Logs Viewer alongside other logs. For more information, read Cloud Audit Logs.
The ability to read Logging logs is controlled by granting Cloud Identity and Access Management permissions to members.
Most logs can be read by any member with the Cloud IAM Viewer role. Data Access audit logs are the only "private logs"; to read these, the member requires either the Cloud IAM Owner role or other special permissions.
For more information, see Access Control.