This page explains the concept of logs data location and the different locations where you can create log buckets that store your logs data.
In Cloud Logging, log buckets are a regional resource, which means the infrastructure that stores, indexes, and searches your logs is located in a specific geographical location. Google manages that infrastructure so that your applications are available redundantly across the zones within that region.
The primary factors for selecting the region where your logs are stored include meeting your latency, availability, or compliance requirements. You should consider the locations of the other Google Cloud products and services that your application uses.
The following key concepts apply to data regionality for Cloud Logging .
Log Router locations
The Log Router processes all log entries written to the Cloud Logging API. It checks each log entry against existing rules to determine which log entries to discard, which log entries to store in Cloud Logging buckets, and which log entries to route to supported destinations using log sinks. To reliably route logs, the Log Router also stores the logs temporarily, which buffers against temporary disruptions on any log sink.
The Log Router processes logs in the region in which they are received. The Log Router might send logs to a different region based on the definition of log sinks or if you've opted to share log data with another Google service such as the Security Command Center Threat Detection. Log sinks apply to logs equally and regardless of region.
Log bucket locations
Log buckets are the containers in your
Google Cloud projects that store and organize your logs data. You can specify
region for storing your logs data when you create a log bucket.
After you create the log bucket, the location can't be changed, but you can
create a new log bucket and direct logs to that log bucket using log sinks.
To learn how to
set the region for your log bucket, see
Creating log buckets.
Cloud Logging supports querying logs from multiple regions together, in which case queries are processed in the same location as the log buckets being queried and then aggregated in the region the query was received to return the results.
The following regions are supported by the Cloud Logging API:
In addition to these regions, the
global location is supported, which means
that you don't specify where your logs are physically stored or processed.
Following are known limitations of data regionality for Cloud Logging:
Certain fields from the
resource, are considered data labels and not Customer Data.
For your Google Cloud projects, Logging automatically creates two logs buckets:
_Default, which are set to the
_Required: This bucket holds Admin Activity audit logs, System Event audit logs, and Access Transparency logs, and retains them for 400 days. You aren't charged for the logs stored in
_Required, and the retention period of the logs stored here can't be modified. You can't delete this bucket.
_Default: This bucket holds all other ingested logs in a Google Cloud project, except for the logs held in the
_Requiredbucket. Log entries held in the
_Defaultbucket are retained for 30 days, unless you apply custom retention rules. You can't delete this bucket, but you can disable the
_Defaultlog sink that routes logs to this bucket.
Cloud Monitoring is a global product, and its services are available with no dependence on location. Logs-based metrics let you to define a rule for aggregating logs into time series by processing logs at the Logs Router. The storage location of these time series is unspecified.
Explore additional location-based concepts, such as zones, that apply to other Google Cloud services.
Read the following whitepapers that provide best practices for data governance: