Azure data collection rule via terraform

Terraform Providers
1

Hi Team,

Just trying my hands on azure with terraform. Created data collection rule for custom logs with terraform, but custom log table is not showing up in the dcr. Custom log table is created in log analytics workspace and then trying to use it in dcr.

Below is my code
Terraform version : v1.4.6
Azurerm version : 3.57.0

resource "azurerm_log_analytics_workspace" "example" {
  name                = "poolast1"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  sku                 = "PerGB2018"
  retention_in_days   = 30
}

resource "local_file" "secure_log_CL" {
  depends_on = [azurerm_log_analytics_workspace.example, time_sleep.wait_60_seconds]
  content    = <<-EOT
  $tableParams = @'
{
   "properties": {
       "schema": {
              "name": "secure_log_CL",
              "columns": [
       {
                               "name": "TimeGenerated",
                               "type": "DateTime"
                       }, 
                      {
                               "name": "RawData",
                               "type": "String"
                      }
             ]
       }
   }
}
'@
Invoke-AzRestMethod -Path "/subscriptions/08119692-da48-4e36-94e7-0859516fe677/resourcegroups/poolast1/providers/microsoft.operationalinsights/workspaces/poolast1/tables/secure_log_CL?api-version=2021-12-01-preview" -Method PUT -payload $tableParams
EOT
  filename   = "${path.module}/templates/custom-table.ps1"
}

resource "null_resource" "script-executable" {
  depends_on = [local_file.secure_log_CL]
  provisioner "local-exec" {
    command = "powershell -File ${path.module}/templates/custom-table.ps1"
  }
}

resource "azurerm_monitor_data_collection_rule" "example" {
  depends_on                  = [azurerm_monitor_data_collection_endpoint.example, azurerm_log_analytics_workspace.example, local_file.secure_log_CL, null_resource.script-executable]
  name                        = "poolast1"
  resource_group_name         = azurerm_resource_group.example.name
  location                    = azurerm_resource_group.example.location
  data_collection_endpoint_id = azurerm_monitor_data_collection_endpoint.example.id

  destinations {
    log_analytics {
      workspace_resource_id = azurerm_log_analytics_workspace.example.id
      name                  = "poolast1"
    }

    azure_monitor_metrics {
      name = "test-destination-metrics"
    }
  }

  data_flow {
    streams      = ["Custom-secure_log_CL"]
    destinations = ["poolast1"]
  }

  data_sources {
    log_file {
      name          = "example-datasource-logfile"
      format        = "text"
      streams       = ["Custom-secure_log_CL"]
      file_patterns = ["/var/log/secure"]
      settings {
        text {
          record_start_timestamp_format = "ISO 8601"
        }
      }
    }
  }
  stream_declaration {
    stream_name = "Custom-secure_log_CL"
    column {
      name = "TimeGenerated"
      type = "datetime"
    }
    column {
      name = "RawData"
      type = "string"
    }
  }

  description = "data collection rule example"
}

Please let me know if m missing out on anything. Thanks in advance.

2

See Welcome to the forum - please reformat your message

3

you are missing to connect DCR with DCE check for documentation here: Terraform Registry
I am also now about to make it, so :slight_smile: