英文:
Unable to create Data Collection Rule via Terraform in Azure
问题
"我的代码如下-"
"错误"
"请帮助找出问题所在。"
英文:
My Code looks like-
#dcr
Error
Please help to find where the issue is.
答案1
得分: 0
I tried to provision a Data Collection Rule via Terraform and I was able to deploy successfully using my code.
To achieve this configuration, I referred the documentation from Terraform registry.
I also tried with the code mentioned in Image. The reason for error is incorrect destination names in data flows and version of providers.
By changing the names and update the provider to the latest version and rewriting the code as per the requirement we will be able to provision the resource mentioned.
My Main.tf:
provider "azurerm" {
features {}
subscription_id = "00000000"
client_id = "0000000"
tenant_id = "0000000"
client_secret = "0000000"
}
resource "azurerm_resource_group" "example" {
name = "Demorg-vk"
location = "East US"
}
resource "azurerm_user_assigned_identity" "example" {
name = "demovk-uai"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
}
resource "azurerm_log_analytics_workspace" "example" {
name = "demovk-workspace"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
}
resource "azurerm_log_analytics_solution" "example" {
solution_name = "WindowsEventForwarding"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
workspace_resource_id = azurerm_log_analytics_workspace.example.id
workspace_name = azurerm_log_analytics_workspace.example.name
plan {
publisher = "Microsoft"
product = "OMSGallery/WindowsEventForwarding"
}
}
resource "azurerm_eventhub_namespace" "example" {
name = "exeventns"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
sku = "Standard"
capacity = 1
}
resource "azurerm_eventhub" "example" {
name = "exevent2"
namespace_name = azurerm_eventhub_namespace.example.name
resource_group_name = azurerm_resource_group.example.name
partition_count = 2
message_retention = 1
}
resource "azurerm_storage_account" "example" {
name = "demovkstorage"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
account_tier = "Standard"
account_replication_type = "LRS"
}
resource "azurerm_storage_container" "example" {
name = "demovkcontainer"
storage_account_name = azurerm_storage_account.example.name
container_access_type = "private"
}
resource "azurerm_monitor_data_collection_endpoint" "example" {
name = "demovk-dcre"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
lifecycle {
create_before_destroy = true
}
}
resource "azurerm_monitor_data_collection_rule" "example" {
name = "demovkrule"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
data_collection_endpoint_id = azurerm_monitor_data_collection_endpoint.example.id
destinations {
log_analytics {
workspace_resource_id = azurerm_log_analytics_workspace.example.id
name = "example-destination-log"
}
event_hub {
event_hub_id = azurerm_eventhub.example.id
name = "example-destination-eventhub"
}
storage_blob {
storage_account_id = azurerm_storage_account.example.id
container_name = azurerm_storage_container.example.name
name = "example-destination-storage"
}
azure_monitor_metrics {
name = "example-destination-metrics"
}
}
data_flow {
streams = ["Microsoft-InsightsMetrics"]
destinations = ["example-destination-metrics"]
}
data_flow {
streams = ["Microsoft-InsightsMetrics", "Microsoft-Syslog", "Microsoft-Perf"]
destinations = ["example-destination-log"]
}
data_flow {
streams = ["Custom-MyTableRawData"]
destinations = ["example-destination-log"]
output_stream = "Microsoft-Syslog"
transform_kql = "source | project TimeGenerated = Time, Computer, Message = AdditionalContext"
}
data_sources {
syslog {
facility_names = ["*"]
log_levels = ["*"]
name = "example-datasource-syslog"
}
iis_log {
streams = ["Microsoft-W3CIISLog"]
name = "example-datasource-iis"
log_directories = ["C:\\Logs\\W3SVC1"]
}
log_file {
name = "example-datasource-logfile"
format = "text"
streams = ["Custom-MyTableRawData"]
file_patterns = ["C:\\JavaLogs\\*.log"]
settings {
text {
record_start_timestamp_format = "ISO 8601"
}
}
}
performance_counter {
streams = ["Microsoft-Perf", "Microsoft-InsightsMetrics"]
sampling_frequency_in_seconds = 60
counter_specifiers = ["Processor(*)\\% Processor Time"]
name = "example-datasource-perfcounter"
}
windows_event_log {
streams = ["Microsoft-WindowsEvent"]
x_path_queries = ["*![System/Level=1]"]
name = "example-datasource-wineventlog"
}
extension {
streams = ["Microsoft-WindowsEvent"]
input_data_sources = ["example-datasource-wineventlog"]
extension_name = "example-extension-name"
extension_json = jsonencode({
a = 1
b = "hello"
})
name = "example-datasource-extension"
}
}
stream_declaration {
stream_name = "Custom-MyTableRawData"
column {
name = "Time"
type = "datetime"
}
column {
name = "Computer"
type = "string"
}
column {
name = "AdditionalContext"
type = "string"
}
}
identity {
type = "UserAssigned"
identity_ids = [azurerm_user_assigned_identity.example.id]
}
description = "data collection rule example"
tags = {
foo = "bar"
}
depends_on = [
azurerm_log_analytics_solution.example
]
}
This script is provided as a demo version. I took this code because the Query asked was Incomplete.
Output:
terraform plan
<details>
<summary>英文:</summary>
> I tried to provision a Data Collection Rule via Terraform and I was able to deploy successfully using my code.
To achieve this configuration, I referred the documentation from [Terraform](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_data_collection_rule) registry.
I also tried with the code mentioned in Image. The reason for error is incorrect destination names in data flows and version of providers.
By changing the names and update the provider to the latest version and rewriting the code as per the requirement we will be able to provision the resource mentioned.
My **Main.tf**:
provider "azurerm" {
features {}
subscription_id = "00000000"
client_id = "0000000"
tenant_id = "0000000"
client_secret = "0000000"
}
resource "azurerm_resource_group" "example" {
name = "Demorg-vk"
location = "East US"
}
resource "azurerm_user_assigned_identity" "example" {
name = "demovk-uai"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
}
resource "azurerm_log_analytics_workspace" "example" {
name = "demovk-workspace"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
}
resource "azurerm_log_analytics_solution" "example" {
solution_name = "WindowsEventForwarding"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
workspace_resource_id = azurerm_log_analytics_workspace.example.id
workspace_name = azurerm_log_analytics_workspace.example.name
plan {
publisher = "Microsoft"
product = "OMSGallery/WindowsEventForwarding"
}
}
resource "azurerm_eventhub_namespace" "example" {
name = "exeventns"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
sku = "Standard"
capacity = 1
}
resource "azurerm_eventhub" "example" {
name = "exevent2"
namespace_name = azurerm_eventhub_namespace.example.name
resource_group_name = azurerm_resource_group.example.name
partition_count = 2
message_retention = 1
}
resource "azurerm_storage_account" "example" {
name = "demovkstorage"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
account_tier = "Standard"
account_replication_type = "LRS"
}
resource "azurerm_storage_container" "example" {
name = "demovkcontainer"
storage_account_name = azurerm_storage_account.example.name
container_access_type = "private"
}
resource "azurerm_monitor_data_collection_endpoint" "example" {
name = "demovk-dcre"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
lifecycle {
create_before_destroy = true
}
}
resource "azurerm_monitor_data_collection_rule" "example" {
name = "demovkrule"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
data_collection_endpoint_id = azurerm_monitor_data_collection_endpoint.example.id
destinations {
log_analytics {
workspace_resource_id = azurerm_log_analytics_workspace.example.id
name = "example-destination-log"
}
event_hub {
event_hub_id = azurerm_eventhub.example.id
name = "example-destination-eventhub"
}
storage_blob {
storage_account_id = azurerm_storage_account.example.id
container_name = azurerm_storage_container.example.name
name = "example-destination-storage"
}
azure_monitor_metrics {
name = "example-destination-metrics"
}
}
data_flow {
streams = ["Microsoft-InsightsMetrics"]
destinations = ["example-destination-metrics"]
}
data_flow {
streams = ["Microsoft-InsightsMetrics", "Microsoft-Syslog", "Microsoft-Perf"]
destinations = ["example-destination-log"]
}
data_flow {
streams = ["Custom-MyTableRawData"]
destinations = ["example-destination-log"]
output_stream = "Microsoft-Syslog"
transform_kql = "source | project TimeGenerated = Time, Computer, Message = AdditionalContext"
}
data_sources {
syslog {
facility_names = ["*"]
log_levels = ["*"]
name = "example-datasource-syslog"
}
iis_log {
streams = ["Microsoft-W3CIISLog"]
name = "example-datasource-iis"
log_directories = ["C:\\Logs\\W3SVC1"]
}
log_file {
name = "example-datasource-logfile"
format = "text"
streams = ["Custom-MyTableRawData"]
file_patterns = ["C:\\JavaLogs\\*.log"]
settings {
text {
record_start_timestamp_format = "ISO 8601"
}
}
}
performance_counter {
streams = ["Microsoft-Perf", "Microsoft-InsightsMetrics"]
sampling_frequency_in_seconds = 60
counter_specifiers = ["Processor(*)\\% Processor Time"]
name = "example-datasource-perfcounter"
}
windows_event_log {
streams = ["Microsoft-WindowsEvent"]
x_path_queries = ["*![System/Level=1]"]
name = "example-datasource-wineventlog"
}
extension {
streams = ["Microsoft-WindowsEvent"]
input_data_sources = ["example-datasource-wineventlog"]
extension_name = "example-extension-name"
extension_json = jsonencode({
a = 1
b = "hello"
})
name = "example-datasource-extension"
}
}
stream_declaration {
stream_name = "Custom-MyTableRawData"
column {
name = "Time"
type = "datetime"
}
column {
name = "Computer"
type = "string"
}
column {
name = "AdditionalContext"
type = "string"
}
}
identity {
type = "UserAssigned"
identity_ids = [azurerm_user_assigned_identity.example.id]
}
description = "data collection rule example"
tags = {
foo = "bar"
}
depends_on = [
azurerm_log_analytics_solution.example
]
}
This script is provided as demo version. I took this code because Query asked was Incomplete.
**Output :**
terraform plan
terraform apply
By making the changes in the code snippet with the code as I mentioned. we will be able to provision the required resource in Portal.
</details>
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论