Data regionality for Cloud Logging

This page explains the concept of logs data location and the different locations where you can create log buckets that store your logs data.

Overview

In Cloud Logging, log buckets are a regional resource, which means the infrastructure that stores, indexes, and searches your logs is located in a specific geographical location. Google manages that infrastructure so that your applications are available redundantly across the zones within that region.

The primary factors for selecting the region where your logs are stored include meeting your latency, availability, or compliance requirements. You should consider the locations of the other Google Cloud products and services that your application uses.

Key concepts

The following key concepts apply to data regionality for Cloud Logging .

Log Router locations

The Log Router processes all log entries written to the Cloud Logging API. It checks each log entry against existing rules to determine which log entries to discard, which log entries to store in Cloud Logging buckets, and which log entries to route to supported destinations using log sinks. To reliably route logs, the Log Router also stores the logs temporarily, which buffers against temporary disruptions on any log sink.

The Log Router processes logs in the region in which they are received. The Log Router might send logs to a different region based on the definition of log sinks or if you've opted to share log data with another Google service such as the Security Command Center Threat Detection. Log sinks apply to logs equally and regardless of region.

Log bucket locations

Log buckets are the containers in your Google Cloud projects that store and organize your logs data. You can specify a location region for storing your logs data when you create a log bucket. After you create the log bucket, the location can't be changed, but you can create a new log bucket and direct logs to that log bucket using log sinks. To learn how to set the region for your log bucket, see Creating log buckets.

Cloud Logging supports querying logs from multiple regions together, in which case queries are processed in the same location as the log buckets being queried and then aggregated in the region the query was received to return the results.

Supported regions

The following regions are supported by the Cloud Logging API:

Continent Regions
Asia asia-east1
asia-east2
asia-northeast1
asia-northeast2
asia-northeast3
asia-south1
asia-southeast1
Australia australia-southeast1
Europe europe-central2
europe-north1
europe-west1
europe-west2
europe-west3
europe-west4
europe-west6
North America northamerica-northeast1
us-central1
us-east1
us-east4
us-west1
us-west2
us-west3
South America southamerica-east1

In addition to these regions, the global location is supported, which means that you don't specify where your logs are physically stored or processed.

Limitations

Following are known limitations of data regionality for Cloud Logging:

  • Cloud Logging is in the process of transitioning from a global product to a regional product and isn't yet covered by Data Location guarantees in the Terms of Service.

  • Certain fields from the LogEntry, including logName and resource, are considered data labels and not Customer Data.

  • For your Google Cloud projects, Logging automatically creates two logs buckets: _Required and _Default, which are set to the global location:

    • _Required: This bucket holds Admin Activity audit logs, System Event audit logs, and Access Transparency logs, and retains them for 400 days. You aren't charged for the logs stored in_Required, and the retention period of the logs stored here can't be modified. You can't delete this bucket.

    • _Default: This bucket holds all other ingested logs in a Google Cloud project, except for the logs held in the _Required bucket. Log entries held in the _Default bucket are retained for 30 days, unless you apply custom retention rules. You can't delete this bucket, but you can disable the _Default log sink that routes logs to this bucket.

  • Error Reporting is a global product and its services are available with no dependence on location. Logs buckets with a region besides global are automatically excluded from Error Reporting.

  • Cloud Monitoring is a global product, and its services are available with no dependence on location. Logs-based metrics let you to define a rule for aggregating logs into time series by processing logs at the Logs Router. The storage location of these time series is unspecified.

Next steps