resource "azurerm_logic_app_workflow" "workflow" {
name = "test-secops-workflow"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
}
resource "azurerm_monitor_diagnostic_setting" "logicapp" {
name = "Logs to Central Storage account"
target_resource_id = azurerm_logic_app_workflow.workflow.id
storage_account_id = azurerm_storage_account.storagesecops.id
log {
category = "allLogs"
enabled = true
retention_policy {
enabled = true
}
}
}
Above code fails, diagnostic settings does not support category group. Below is the error:
insights.DiagnosticSettingsClient#CreateOrUpdate: Failure responding to request: StatusCode=400 – Original Error: autorest/azure: Service returned an error. Status=400 Code=“BadRequest” Message="Category ‘allLogs’ is not supported.
1 Like
@hcrhall Could you please help me out here?
It looks like you are using the wrong category for the azurerm_logic_app_workflow resource. You can determine which categories are supported by using the azurerm_monitor_diagnostic_categories data source.
Hope this helps.
@hcrhall , I have attached a screenshot of allowed log categories and metrics. In my case I want to enable the log category groups “allLogs” and like we have argument for “categories”, I cannot find argument for “category groups” in terraform resource.
Hope I am clear.
Reading the docs, it appears that choosing the WorkflowRuntime is the same as choosing allLogs.
My understanding is that allLogs is a shortcut for selecting each of the available categories. Since there is only one category available, you can simply change the configuration to the following:
resource "azurerm_monitor_diagnostic_setting" "logicapp" {
name = "Logs to Central Storage account"
target_resource_id = azurerm_logic_app_workflow.workflow.id
storage_account_id = azurerm_storage_account.storagesecops.id
log {
category = "WorkflowRuntime"
enabled = true
retention_policy {
enabled = true
}
}
1 Like
Thankyou so much, it helped me to understand how to achieve it. I will be calling all the categories which are under that category group instead of directly calling group! 
@hcrhall, In case of Keyvault, it has 2 categories-
AuditEvent and AzurePolicyEvaluationDetails Key vault
If my goal is to capture all the logs(allLogs) should I include both the categories in my code ?
If that is the case for each resource type(example: keyvault, nsg, vNet, etc.) I will have to create one “azurerm_monitor_diagnostic_setting” with different categories.
Please correct me if I am wrong.
Thank you.