|
| 1 | +// Module included in the following assemblies: |
| 2 | +// * logging/configuring-log-forwarding.adoc |
| 3 | + |
| 4 | +:_mod-docs-content-type: PROCEDURE |
| 5 | +[id="logging-forwarding-azure_{context}"] |
| 6 | += Forwarding to Azure Monitor Logs |
| 7 | +With {logging} 5.9 and later, you can forward logs to link:https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-platform-logs[Azure Monitor Logs] in addition to, or instead of, the default log store. This functionality is provided by the link:https://vector.dev/docs/reference/configuration/sinks/azure_monitor_logs/[Vector Azure Monitor Logs sink]. |
| 8 | + |
| 9 | +.Prerequisites |
| 10 | + |
| 11 | +* You are familiar with how to administer and create a `ClusterLogging` custom resource (CR) instance. |
| 12 | +* You are familiar with how to administer and create a `ClusterLogForwarder` CR instance. |
| 13 | +* You understand the `ClusterLogForwarder` CR specifications. |
| 14 | +* You have basic familiarity with Azure services. |
| 15 | +* You have an Azure account configured for Azure Portal or Azure CLI access. |
| 16 | +* You have obtained your Azure Monitor Logs primary or the secondary security key. |
| 17 | +* You have determined which log types to forward. |
| 18 | +
|
| 19 | +To enable log forwarding to Azure Monitor Logs via the HTTP Data Collector API: |
| 20 | + |
| 21 | +Create a secret with your shared key: |
| 22 | +[source,yaml] |
| 23 | +---- |
| 24 | +apiVersion: v1 |
| 25 | +kind: Secret |
| 26 | +metadata: |
| 27 | + name: my-secret |
| 28 | + namespace: openshift-logging |
| 29 | +type: Opaque |
| 30 | +data: |
| 31 | + shared_key: <your_shared_key> # <1> |
| 32 | +---- |
| 33 | +<1> Must contain a primary or secondary key for the link:https://learn.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-workspace-overview[Log Analytics workspace] making the request. |
| 34 | + |
| 35 | +To obtain a link:https://learn.microsoft.com/en-us/rest/api/storageservices/authorize-with-shared-key[shared key], you can use this command in Azure CLI: |
| 36 | + |
| 37 | +[source,text] |
| 38 | +---- |
| 39 | +Get-AzOperationalInsightsWorkspaceSharedKey -ResourceGroupName "<resource_name>" -Name "<workspace_name>” |
| 40 | +---- |
| 41 | + |
| 42 | + |
| 43 | +Create or edit your `ClusterLogForwarder` CR using the template matching your log selection. |
| 44 | + |
| 45 | +.Forward all logs |
| 46 | +[source,yaml] |
| 47 | +---- |
| 48 | +apiVersion: "logging.openshift.io/v1" |
| 49 | +kind: "ClusterLogForwarder" |
| 50 | +metadata: |
| 51 | + name: instance |
| 52 | + namespace: openshift-logging |
| 53 | +spec: |
| 54 | + outputs: |
| 55 | + - name: azure-monitor |
| 56 | + type: azureMonitor |
| 57 | + azureMonitor: |
| 58 | + customerId: my-customer-id # <1> |
| 59 | + logType: my_log_type # <2> |
| 60 | + secret: |
| 61 | + name: my-secret |
| 62 | + pipelines: |
| 63 | + - name: app-pipeline |
| 64 | + inputRefs: |
| 65 | + - application |
| 66 | + outputRefs: |
| 67 | + - azure-monitor |
| 68 | +---- |
| 69 | +<1> Unique identifier for the Log Analytics workspace. Required field. |
| 70 | +<2> link:https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-collector-api?tabs=powershell#record-type-and-properties[Azure record type] of the data being submitted. May only contain letters, numbers, and underscores (_), and may not exceed 100 characters. |
| 71 | +
|
| 72 | +.Forward application and infrastructure logs |
| 73 | +[source,yaml] |
| 74 | +---- |
| 75 | +apiVersion: "logging.openshift.io/v1" |
| 76 | +kind: "ClusterLogForwarder" |
| 77 | +metadata: |
| 78 | + name: instance |
| 79 | + namespace: openshift-logging |
| 80 | +spec: |
| 81 | + outputs: |
| 82 | + - name: azure-monitor-app |
| 83 | + type: azureMonitor |
| 84 | + azureMonitor: |
| 85 | + customerId: my-customer-id |
| 86 | + logType: application_log # <1> |
| 87 | + secret: |
| 88 | + name: my-secret |
| 89 | + - name: azure-monitor-infra |
| 90 | + type: azureMonitor |
| 91 | + azureMonitor: |
| 92 | + customerId: my-customer-id |
| 93 | + logType: infra_log # |
| 94 | + secret: |
| 95 | + name: my-secret |
| 96 | + pipelines: |
| 97 | + - name: app-pipeline |
| 98 | + inputRefs: |
| 99 | + - application |
| 100 | + outputRefs: |
| 101 | + - azure-monitor-app |
| 102 | + - name: infra-pipeline |
| 103 | + inputRefs: |
| 104 | + - infrastructure |
| 105 | + outputRefs: |
| 106 | + - azure-monitor-infra |
| 107 | +---- |
| 108 | +<1> link:https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-collector-api?tabs=powershell#record-type-and-properties[Azure record type] of the data being submitted. May only contain letters, numbers, and underscores (_), and may not exceed 100 characters. |
| 109 | + |
| 110 | +.Advanced configuration options |
| 111 | +[source,yaml] |
| 112 | +---- |
| 113 | +apiVersion: "logging.openshift.io/v1" |
| 114 | +kind: "ClusterLogForwarder" |
| 115 | +metadata: |
| 116 | + name: instance |
| 117 | + namespace: openshift-logging |
| 118 | +spec: |
| 119 | + outputs: |
| 120 | + - name: azure-monitor |
| 121 | + type: azureMonitor |
| 122 | + azureMonitor: |
| 123 | + customerId: my-customer-id |
| 124 | + logType: my_log_type |
| 125 | + azureResourceId: "/subscriptions/111111111" # <1> |
| 126 | + host: "ods.opinsights.azure.com" # <2> |
| 127 | + secret: |
| 128 | + name: my-secret |
| 129 | + pipelines: |
| 130 | + - name: app-pipeline |
| 131 | + inputRefs: |
| 132 | + - application |
| 133 | + outputRefs: |
| 134 | + - azure-monitor |
| 135 | +---- |
| 136 | +<1> Resource ID of the Azure resource the data should be associated with. Optional field. |
| 137 | +<2> Alternative host for dedicated Azure regions. Optional field. Default value is `ods.opinsights.azure.com`. Default value for Azure Government is `ods.opinsights.azure.us`. |
0 commit comments