From 004e3f16b7594de7b253528682ee8628ae440281 Mon Sep 17 00:00:00 2001 From: libander Date: Thu, 4 Apr 2024 17:15:41 -0500 Subject: [PATCH] OBSDOCS-820 - Forwarding to Azure Monitor Logs --- .../configuring-log-forwarding.adoc | 5 +- modules/logging-forwarding-azure.adoc | 137 ++++++++++++++++++ 2 files changed, 140 insertions(+), 2 deletions(-) create mode 100644 modules/logging-forwarding-azure.adoc diff --git a/logging/log_collection_forwarding/configuring-log-forwarding.adoc b/logging/log_collection_forwarding/configuring-log-forwarding.adoc index 5ea1a257bc..878df6da9d 100644 --- a/logging/log_collection_forwarding/configuring-log-forwarding.adoc +++ b/logging/log_collection_forwarding/configuring-log-forwarding.adoc @@ -13,8 +13,7 @@ include::modules/cluster-logging-collector-log-forwarding-about.adoc[leveloffset include::modules/logging-create-clf.adoc[leveloffset=+1] -// uncomment for 5.9 release -// include::modules/logging-delivery-tuning.adoc[leveloffset=+1] +include::modules/logging-delivery-tuning.adoc[leveloffset=+1] include::modules/logging-multiline-except.adoc[leveloffset=+1] @@ -26,6 +25,8 @@ include::modules/logging-forward-splunk.adoc[leveloffset=+1] include::modules/logging-http-forward.adoc[leveloffset=+1] +include::modules/logging-forwarding-azure.adoc[leveloffset=+1] + include::modules/cluster-logging-collector-log-forward-project.adoc[leveloffset=+1] include::modules/cluster-logging-collector-log-forward-logs-from-application-pods.adoc[leveloffset=+1] diff --git a/modules/logging-forwarding-azure.adoc b/modules/logging-forwarding-azure.adoc new file mode 100644 index 0000000000..3650a7bb34 --- /dev/null +++ b/modules/logging-forwarding-azure.adoc @@ -0,0 +1,137 @@ +// Module included in the following assemblies: +// * logging/configuring-log-forwarding.adoc + +:_mod-docs-content-type: PROCEDURE +[id="logging-forwarding-azure_{context}"] += Forwarding to Azure Monitor Logs +With {logging} 5.9 and later, you can forward logs to link:https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-platform-logs[Azure Monitor Logs] in addition to, or instead of, the default log store. This functionality is provided by the link:https://vector.dev/docs/reference/configuration/sinks/azure_monitor_logs/[Vector Azure Monitor Logs sink]. + +.Prerequisites + +* You are familiar with how to administer and create a `ClusterLogging` custom resource (CR) instance. +* You are familiar with how to administer and create a `ClusterLogForwarder` CR instance. +* You understand the `ClusterLogForwarder` CR specifications. +* You have basic familiarity with Azure services. +* You have an Azure account configured for Azure Portal or Azure CLI access. +* You have obtained your Azure Monitor Logs primary or the secondary security key. +* You have determined which log types to forward. + +To enable log forwarding to Azure Monitor Logs via the HTTP Data Collector API: + +Create a secret with your shared key: +[source,yaml] +---- +apiVersion: v1 +kind: Secret +metadata: + name: my-secret + namespace: openshift-logging +type: Opaque +data: + shared_key: # <1> +---- +<1> Must contain a primary or secondary key for the link:https://learn.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-workspace-overview[Log Analytics workspace] making the request. + +To obtain a link:https://learn.microsoft.com/en-us/rest/api/storageservices/authorize-with-shared-key[shared key], you can use this command in Azure CLI: + +[source,text] +---- +Get-AzOperationalInsightsWorkspaceSharedKey -ResourceGroupName "" -Name "” +---- + + +Create or edit your `ClusterLogForwarder` CR using the template matching your log selection. + +.Forward all logs +[source,yaml] +---- +apiVersion: "logging.openshift.io/v1" +kind: "ClusterLogForwarder" +metadata: + name: instance + namespace: openshift-logging +spec: + outputs: + - name: azure-monitor + type: azureMonitor + azureMonitor: + customerId: my-customer-id # <1> + logType: my_log_type # <2> + secret: + name: my-secret + pipelines: + - name: app-pipeline + inputRefs: + - application + outputRefs: + - azure-monitor +---- +<1> Unique identifier for the Log Analytics workspace. Required field. +<2> link:https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-collector-api?tabs=powershell#record-type-and-properties[Azure record type] of the data being submitted. May only contain letters, numbers, and underscores (_), and may not exceed 100 characters. + +.Forward application and infrastructure logs +[source,yaml] +---- +apiVersion: "logging.openshift.io/v1" +kind: "ClusterLogForwarder" +metadata: + name: instance + namespace: openshift-logging +spec: + outputs: + - name: azure-monitor-app + type: azureMonitor + azureMonitor: + customerId: my-customer-id + logType: application_log # <1> + secret: + name: my-secret + - name: azure-monitor-infra + type: azureMonitor + azureMonitor: + customerId: my-customer-id + logType: infra_log # + secret: + name: my-secret + pipelines: + - name: app-pipeline + inputRefs: + - application + outputRefs: + - azure-monitor-app + - name: infra-pipeline + inputRefs: + - infrastructure + outputRefs: + - azure-monitor-infra +---- +<1> link:https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-collector-api?tabs=powershell#record-type-and-properties[Azure record type] of the data being submitted. May only contain letters, numbers, and underscores (_), and may not exceed 100 characters. + +.Advanced configuration options +[source,yaml] +---- +apiVersion: "logging.openshift.io/v1" +kind: "ClusterLogForwarder" +metadata: + name: instance + namespace: openshift-logging +spec: + outputs: + - name: azure-monitor + type: azureMonitor + azureMonitor: + customerId: my-customer-id + logType: my_log_type + azureResourceId: "/subscriptions/111111111" # <1> + host: "ods.opinsights.azure.com" # <2> + secret: + name: my-secret + pipelines: + - name: app-pipeline + inputRefs: + - application + outputRefs: + - azure-monitor +---- +<1> Resource ID of the Azure resource the data should be associated with. Optional field. +<2> Alternative host for dedicated Azure regions. Optional field. Default value is `ods.opinsights.azure.com`. Default value for Azure Government is `ods.opinsights.azure.us`.