为了使用Terraform保存日志分析工作区的查询,我们可以使用azurerm_log_analytics_saved_search resource。
但是,它似乎使用了“遗留查询”选项。
我们对带有强制性标签的资源组有一个策略,因此创建默认查询包失败,我想将查询保存到自定义查询包,是否有Terraform资源能够做到这一点?
(The atm替代方案使用Azure CLI)
最小示例:
# create a resource groupresource "azurerm_resource_group" "example" {name = "query-pack-tf"location = "westeurope"}# create a log analytics workspaceresource "azurerm_log_analytics_workspace" "example" {name = "workspace-01"location = azurerm_resource_group.example.locationresource_group_name = azurerm_resource_group.example.name}# create a query packresource "azurerm_log_analytics_query_pack" "default" {name = "pack-test"resource_group_name = azurerm_resource_group.example.namelocation = "westeurope"}# A resources that uploads a query to azure - there seems to be no way to save to any query pack#-> this is the legacy way to save queriesresource "azurerm_log_analytics_saved_search" "example" {name = "example-query"log_analytics_workspace_id = azurerm_log_analytics_workspace.example.idcategory = "Custom Logs"display_name = "Example Query"query = <<QUERY// Your query logic goes here// For example:AzureDiagnosticsQUERY}
1条答案
按热度按时间cgfeq70w1#
这可以使用
azurerm_log_analytics_query_pack_query实现如果将此代码段添加到代码示例中,它应该保存到查询包中:
然后,为了在日志分析中找到查询,请执行以下操作: