英文:

Unable to create Data Collection Rule via Terraform in Azure

问题

"我的代码如下-"
"错误"
"请帮助找出问题所在。"

英文:

My Code looks like-

#dcr

Error

Please help to find where the issue is.

答案1

得分: 0

I tried to provision a Data Collection Rule via Terraform and I was able to deploy successfully using my code.

To achieve this configuration, I referred the documentation from Terraform registry.

I also tried with the code mentioned in Image. The reason for error is incorrect destination names in data flows and version of providers.

By changing the names and update the provider to the latest version and rewriting the code as per the requirement we will be able to provision the resource mentioned.

My Main.tf:

provider "azurerm" {
  features {}
  subscription_id = "00000000"
  client_id       = "0000000"
  tenant_id       = "0000000"
  client_secret   = "0000000"
}


resource "azurerm_resource_group" "example" {
  name     = "Demorg-vk"
  location = "East US"
}

resource "azurerm_user_assigned_identity" "example" {
  name                = "demovk-uai"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
}

resource "azurerm_log_analytics_workspace" "example" {
  name                = "demovk-workspace"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
}

resource "azurerm_log_analytics_solution" "example" {
  solution_name         = "WindowsEventForwarding"
  location              = azurerm_resource_group.example.location
  resource_group_name   = azurerm_resource_group.example.name
  workspace_resource_id = azurerm_log_analytics_workspace.example.id
  workspace_name        = azurerm_log_analytics_workspace.example.name
  plan {
    publisher = "Microsoft"
    product   = "OMSGallery/WindowsEventForwarding"
  }
}

resource "azurerm_eventhub_namespace" "example" {
  name                = "exeventns"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  sku                 = "Standard"
  capacity            = 1
}

resource "azurerm_eventhub" "example" {
  name                = "exevent2"
  namespace_name      = azurerm_eventhub_namespace.example.name
  resource_group_name = azurerm_resource_group.example.name
  partition_count     = 2
  message_retention   = 1
}

resource "azurerm_storage_account" "example" {
  name                     = "demovkstorage"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  account_tier             = "Standard"
  account_replication_type = "LRS"
}

resource "azurerm_storage_container" "example" {
  name                  = "demovkcontainer"
  storage_account_name  = azurerm_storage_account.example.name
  container_access_type = "private"
}

resource "azurerm_monitor_data_collection_endpoint" "example" {
  name                = "demovk-dcre"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location

  lifecycle {
    create_before_destroy = true
  }
}

resource "azurerm_monitor_data_collection_rule" "example" {
  name                        = "demovkrule"
  resource_group_name         = azurerm_resource_group.example.name
  location                    = azurerm_resource_group.example.location
  data_collection_endpoint_id = azurerm_monitor_data_collection_endpoint.example.id

  destinations {
    log_analytics {
      workspace_resource_id = azurerm_log_analytics_workspace.example.id
      name                  = "example-destination-log"
    }

    event_hub {
      event_hub_id = azurerm_eventhub.example.id
      name         = "example-destination-eventhub"
    }

    storage_blob {
      storage_account_id = azurerm_storage_account.example.id
      container_name     = azurerm_storage_container.example.name
      name               = "example-destination-storage"
    }

    azure_monitor_metrics {
      name = "example-destination-metrics"
    }
  }

  data_flow {
    streams      = ["Microsoft-InsightsMetrics"]
    destinations = ["example-destination-metrics"]
  }

  data_flow {
    streams      = ["Microsoft-InsightsMetrics", "Microsoft-Syslog", "Microsoft-Perf"]
    destinations = ["example-destination-log"]
  }

  data_flow {
    streams       = ["Custom-MyTableRawData"]
    destinations  = ["example-destination-log"]
    output_stream = "Microsoft-Syslog"
    transform_kql = "source | project TimeGenerated = Time, Computer, Message = AdditionalContext"
  }

  data_sources {
    syslog {
      facility_names = ["*"]
      log_levels     = ["*"]
      name           = "example-datasource-syslog"
    }

    iis_log {
      streams         = ["Microsoft-W3CIISLog"]
      name            = "example-datasource-iis"
      log_directories = ["C:\\Logs\\W3SVC1"]
    }

    log_file {
      name          = "example-datasource-logfile"
      format        = "text"
      streams       = ["Custom-MyTableRawData"]
      file_patterns = ["C:\\JavaLogs\\*.log"]
      settings {
        text {
          record_start_timestamp_format = "ISO 8601"
        }
      }
    }

    performance_counter {
      streams                       = ["Microsoft-Perf", "Microsoft-InsightsMetrics"]
      sampling_frequency_in_seconds = 60
      counter_specifiers            = ["Processor(*)\\% Processor Time"]
      name                          = "example-datasource-perfcounter"
    }

    windows_event_log {
      streams        = ["Microsoft-WindowsEvent"]
      x_path_queries = ["*![System/Level=1]"]
      name           = "example-datasource-wineventlog"
    }

    extension {
      streams            = ["Microsoft-WindowsEvent"]
      input_data_sources = ["example-datasource-wineventlog"]
      extension_name     = "example-extension-name"
      extension_json = jsonencode({
        a = 1
        b = "hello"
      })
      name = "example-datasource-extension"
    }
  }

  stream_declaration {
    stream_name = "Custom-MyTableRawData"
    column {
      name = "Time"
      type = "datetime"
    }
    column {
      name = "Computer"
      type = "string"
    }
    column {
      name = "AdditionalContext"
      type = "string"
    }
  }

  identity {
    type         = "UserAssigned"
    identity_ids = [azurerm_user_assigned_identity.example.id]
  }

  description = "data collection rule example"
  tags = {
    foo = "bar"
  }
  depends_on = [
    azurerm_log_analytics_solution.example
  ]
}

This script is provided as a demo version. I took this code because the Query asked was Incomplete.

Output:

terraform plan
<details>
<summary>英文:</summary>
&gt; I tried to provision a Data Collection Rule via Terraform and I was able to deploy successfully using my code.
To achieve this configuration, I referred the documentation from [Terraform](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_data_collection_rule) registry.
I also tried with the code mentioned in Image. The reason for error is incorrect destination names in data flows and version of providers.
By changing the names and update the provider to the latest version and rewriting the code as per the requirement we will be able to provision the resource mentioned.
My **Main.tf**:
provider &quot;azurerm&quot; {
features {}
subscription_id = &quot;00000000&quot;
client_id       = &quot;0000000&quot;
tenant_id       = &quot;0000000&quot;
client_secret   = &quot;0000000&quot;
}
resource &quot;azurerm_resource_group&quot; &quot;example&quot; {
name     = &quot;Demorg-vk&quot;
location = &quot;East US&quot;
}
resource &quot;azurerm_user_assigned_identity&quot; &quot;example&quot; {
name                = &quot;demovk-uai&quot;
resource_group_name = azurerm_resource_group.example.name
location            = azurerm_resource_group.example.location
}
resource &quot;azurerm_log_analytics_workspace&quot; &quot;example&quot; {
name                = &quot;demovk-workspace&quot;
resource_group_name = azurerm_resource_group.example.name
location            = azurerm_resource_group.example.location
}
resource &quot;azurerm_log_analytics_solution&quot; &quot;example&quot; {
solution_name         = &quot;WindowsEventForwarding&quot;
location              = azurerm_resource_group.example.location
resource_group_name   = azurerm_resource_group.example.name
workspace_resource_id = azurerm_log_analytics_workspace.example.id
workspace_name        = azurerm_log_analytics_workspace.example.name
plan {
publisher = &quot;Microsoft&quot;
product   = &quot;OMSGallery/WindowsEventForwarding&quot;
}
}
resource &quot;azurerm_eventhub_namespace&quot; &quot;example&quot; {
name                = &quot;exeventns&quot;
location            = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
sku                 = &quot;Standard&quot;
capacity            = 1
}
resource &quot;azurerm_eventhub&quot; &quot;example&quot; {
name                = &quot;exevent2&quot;
namespace_name      = azurerm_eventhub_namespace.example.name
resource_group_name = azurerm_resource_group.example.name
partition_count     = 2
message_retention   = 1
}
resource &quot;azurerm_storage_account&quot; &quot;example&quot; {
name                     = &quot;demovkstorage&quot;
resource_group_name      = azurerm_resource_group.example.name
location                 = azurerm_resource_group.example.location
account_tier             = &quot;Standard&quot;
account_replication_type = &quot;LRS&quot;
}
resource &quot;azurerm_storage_container&quot; &quot;example&quot; {
name                  = &quot;demovkcontainer&quot;
storage_account_name  = azurerm_storage_account.example.name
container_access_type = &quot;private&quot;
}
resource &quot;azurerm_monitor_data_collection_endpoint&quot; &quot;example&quot; {
name                = &quot;demovk-dcre&quot;
resource_group_name = azurerm_resource_group.example.name
location            = azurerm_resource_group.example.location
lifecycle {
create_before_destroy = true
}
}
resource &quot;azurerm_monitor_data_collection_rule&quot; &quot;example&quot; {
name                        = &quot;demovkrule&quot;
resource_group_name         = azurerm_resource_group.example.name
location                    = azurerm_resource_group.example.location
data_collection_endpoint_id = azurerm_monitor_data_collection_endpoint.example.id
destinations {
log_analytics {
workspace_resource_id = azurerm_log_analytics_workspace.example.id
name                  = &quot;example-destination-log&quot;
}
event_hub {
event_hub_id = azurerm_eventhub.example.id
name         = &quot;example-destination-eventhub&quot;
}
storage_blob {
storage_account_id = azurerm_storage_account.example.id
container_name     = azurerm_storage_container.example.name
name               = &quot;example-destination-storage&quot;
}
azure_monitor_metrics {
name = &quot;example-destination-metrics&quot;
}
}
data_flow {
streams      = [&quot;Microsoft-InsightsMetrics&quot;]
destinations = [&quot;example-destination-metrics&quot;]
}
data_flow {
streams      = [&quot;Microsoft-InsightsMetrics&quot;, &quot;Microsoft-Syslog&quot;, &quot;Microsoft-Perf&quot;]
destinations = [&quot;example-destination-log&quot;]
}
data_flow {
streams       = [&quot;Custom-MyTableRawData&quot;]
destinations  = [&quot;example-destination-log&quot;]
output_stream = &quot;Microsoft-Syslog&quot;
transform_kql = &quot;source | project TimeGenerated = Time, Computer, Message = AdditionalContext&quot;
}
data_sources {
syslog {
facility_names = [&quot;*&quot;]
log_levels     = [&quot;*&quot;]
name           = &quot;example-datasource-syslog&quot;
}
iis_log {
streams         = [&quot;Microsoft-W3CIISLog&quot;]
name            = &quot;example-datasource-iis&quot;
log_directories = [&quot;C:\\Logs\\W3SVC1&quot;]
}
log_file {
name          = &quot;example-datasource-logfile&quot;
format        = &quot;text&quot;
streams       = [&quot;Custom-MyTableRawData&quot;]
file_patterns = [&quot;C:\\JavaLogs\\*.log&quot;]
settings {
text {
record_start_timestamp_format = &quot;ISO 8601&quot;
}
}
}
performance_counter {
streams                       = [&quot;Microsoft-Perf&quot;, &quot;Microsoft-InsightsMetrics&quot;]
sampling_frequency_in_seconds = 60
counter_specifiers            = [&quot;Processor(*)\\% Processor Time&quot;]
name                          = &quot;example-datasource-perfcounter&quot;
}
windows_event_log {
streams        = [&quot;Microsoft-WindowsEvent&quot;]
x_path_queries = [&quot;*![System/Level=1]&quot;]
name           = &quot;example-datasource-wineventlog&quot;
}
extension {
streams            = [&quot;Microsoft-WindowsEvent&quot;]
input_data_sources = [&quot;example-datasource-wineventlog&quot;]
extension_name     = &quot;example-extension-name&quot;
extension_json = jsonencode({
a = 1
b = &quot;hello&quot;
})
name = &quot;example-datasource-extension&quot;
}
}
stream_declaration {
stream_name = &quot;Custom-MyTableRawData&quot;
column {
name = &quot;Time&quot;
type = &quot;datetime&quot;
}
column {
name = &quot;Computer&quot;
type = &quot;string&quot;
}
column {
name = &quot;AdditionalContext&quot;
type = &quot;string&quot;
}
}
identity {
type         = &quot;UserAssigned&quot;
identity_ids = [azurerm_user_assigned_identity.example.id]
}
description = &quot;data collection rule example&quot;
tags = {
foo = &quot;bar&quot;
}
depends_on = [
azurerm_log_analytics_solution.example
]
}
This script is provided as demo version. I took this code because Query asked was Incomplete.
**Output :**
terraform plan
![enter image description here](https://i.imgur.com/eWmuMmg.png)
terraform apply
![enter image description here](https://i.imgur.com/i84Za6s.png)
![enter image description here](https://i.imgur.com/LLykLZR.png)
By making the changes in the code snippet with the code as I mentioned. we will be able to provision the required resource in Portal.
</details>