Unable to create Data Collection Rule via Terraform in Azure
My Code looks like-
#dcr
Error
Please help to find where the issue is.
Solution
I tried to provision a Data Collection Rule via Terraform and I was able to deploy successfully using my code.
To achieve this configuration, I referred the documentation from Terraform registry.
I also tried with the code mentioned in Image. The reason for error is incorrect destination names in data flows and version of providers.
By changing the names and update the provider to the latest version and rewriting the code as per the requirement we will be able to provision the resource mentioned.
My Main.tf:
provider "azurerm" {
features {}
subscription_id = "00000000"
client_id = "0000000"
tenant_id = "0000000"
client_secret = "0000000"
}
resource "azurerm_resource_group" "example" {
name = "Demorg-vk"
location = "East US"
}
resource "azurerm_user_assigned_identity" "example" {
name = "demovk-uai"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
}
resource "azurerm_log_analytics_workspace" "example" {
name = "demovk-workspace"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
}
resource "azurerm_log_analytics_solution" "example" {
solution_name = "WindowsEventForwarding"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
workspace_resource_id = azurerm_log_analytics_workspace.example.id
workspace_name = azurerm_log_analytics_workspace.example.name
plan {
publisher = "Microsoft"
product = "OMSGallery/WindowsEventForwarding"
}
}
resource "azurerm_eventhub_namespace" "example" {
name = "exeventns"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
sku = "Standard"
capacity = 1
}
resource "azurerm_eventhub" "example" {
name = "exevent2"
namespace_name = azurerm_eventhub_namespace.example.name
resource_group_name = azurerm_resource_group.example.name
partition_count = 2
message_retention = 1
}
resource "azurerm_storage_account" "example" {
name = "demovkstorage"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
account_tier = "Standard"
account_replication_type = "LRS"
}
resource "azurerm_storage_container" "example" {
name = "demovkcontainer"
storage_account_name = azurerm_storage_account.example.name
container_access_type = "private"
}
resource "azurerm_monitor_data_collection_endpoint" "example" {
name = "demovk-dcre"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
lifecycle {
create_before_destroy = true
}
}
resource "azurerm_monitor_data_collection_rule" "example" {
name = "demovkrule"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
data_collection_endpoint_id = azurerm_monitor_data_collection_endpoint.example.id
destinations {
log_analytics {
workspace_resource_id = azurerm_log_analytics_workspace.example.id
name = "example-destination-log"
}
event_hub {
event_hub_id = azurerm_eventhub.example.id
name = "example-destination-eventhub"
}
storage_blob {
storage_account_id = azurerm_storage_account.example.id
container_name = azurerm_storage_container.example.name
name = "example-destination-storage"
}
azure_monitor_metrics {
name = "example-destination-metrics"
}
}
data_flow {
streams = ["Microsoft-InsightsMetrics"]
destinations = ["example-destination-metrics"]
}
data_flow {
streams = ["Microsoft-InsightsMetrics", "Microsoft-Syslog", "Microsoft-Perf"]
destinations = ["example-destination-log"]
}
data_flow {
streams = ["Custom-MyTableRawData"]
destinations = ["example-destination-log"]
output_stream = "Microsoft-Syslog"
transform_kql = "source | project TimeGenerated = Time, Computer, Message = AdditionalContext"
}
data_sources {
syslog {
facility_names = ["*"]
log_levels = ["*"]
name = "example-datasource-syslog"
}
iis_log {
streams = ["Microsoft-W3CIISLog"]
name = "example-datasource-iis"
log_directories = ["C:\\Logs\\W3SVC1"]
}
log_file {
name = "example-datasource-logfile"
format = "text"
streams = ["Custom-MyTableRawData"]
file_patterns = ["C:\\JavaLogs\\*.log"]
settings {
text {
record_start_timestamp_format = "ISO 8601"
}
}
}
performance_counter {
streams = ["Microsoft-Perf", "Microsoft-InsightsMetrics"]
sampling_frequency_in_seconds = 60
counter_specifiers = ["Processor(*)\\% Processor Time"]
name = "example-datasource-perfcounter"
}
windows_event_log {
streams = ["Microsoft-WindowsEvent"]
x_path_queries = ["*![System/Level=1]"]
name = "example-datasource-wineventlog"
}
extension {
streams = ["Microsoft-WindowsEvent"]
input_data_sources = ["example-datasource-wineventlog"]
extension_name = "example-extension-name"
extension_json = jsonencode({
a = 1
b = "hello"
})
name = "example-datasource-extension"
}
}
stream_declaration {
stream_name = "Custom-MyTableRawData"
column {
name = "Time"
type = "datetime"
}
column {
name = "Computer"
type = "string"
}
column {
name = "AdditionalContext"
type = "string"
}
}
identity {
type = "UserAssigned"
identity_ids = [azurerm_user_assigned_identity.example.id]
}
description = "data collection rule example"
tags = {
foo = "bar"
}
depends_on = [
azurerm_log_analytics_solution.example
]
}
This script is provided as demo version. I took this code because Query asked was Incomplete.
Output :
terraform plan
terraform apply
By making the changes in the code snippet with the code as I mentioned. we will be able to provision the required resource in Portal.
- "Schema" property not found in Postgres Connector
- Downloading file from Azure blob storage via Memory Stream
- Reading env variable from template.yaml
- HTTP Error 500.30 - ASP.NET Core app failed to start - Azure
- Azure DevOps Pipelines: TerraformTaskV4: init with different subscription and Workflow Identity Federation
- Enabling HTTPS for a Azure blob static website
- How to search across many Azure Devops Git project and find all files which contain specific text AND which filename contains "Resource"
- Hosting SPA with Static Website option on Azure Blob Storage (clean URLs and Deep links)
- Using Managed Identity to Access Azure OpenAI Service
- Azure data factory not loading
- Transfer encrypted dataprotection keys from a windows vm to azure keyvault
- Refresh powerBI data with additional column
- Azure Application Insights AKS - How to Create 1 custom alert rule which will trigger multiple alerts, but with different names (per pod name)?
- gRPC and REST side by side in Azure App Service, Linux Container
- Connecting to a SignalR WSS stream but not getting the response i am looking for
- SignalR prevent user from opening multiple sessions in different tabs
- Application Insights -_logger.LogInformation
- CosmosDB is not allowing serverless capabalities to NoSQL, it says I must use CapacityMode
- Azure Webapp / Website Swap : HTTP Ping Error
- Microsoft Graph API - Update phoneMethods is no longer working
- Use Azure Key Vault secret in Header section of Web Activity
- Azure Storage blob getting the io.netty.channel.StacklessClosedChannelException while generating /downloading the from SasUrl
- How do I save and later load Azure AnalyzeResult object in python?
- Office 365 Exchange Online permission is not visible for registered application in azure active directory
- Azure ADF - HTTP : Table from list
- Self hosted azure devops build agent not getting tool from $PATH
- Azure devops pipeline stages template nesting
- Azure APIM is returning the incorrect HTTP response error when call is missing mandatory querystring parameter
- Azure DevOps build pipeline logid for a specific task - dynamically
- PS script to fetch the list non-compliance resource list with respect to policy from multiple subscriptions