Question 280841 in Azure Question posted in
The official documentation to get you started can be found here.

Deploying Data Collection Rule in Azure with Terrafrom with multiple workspace destination?

Is there any way we can deploy azure DCR with two or more log analytics workspace destinations?

I have Tried basic code with one destination but I am not able to add another one

resource "azurerm_monitor_data_collection_rule" "this" {
  name                = local.naming.dcr_name
  resource_group_name = azurerm_resource_group.this.name
  location            = azurerm_resource_group.this.location

  destinations {
    **log_analytics {
      workspace_resource_id = azurerm_log_analytics_workspace.this.id
      name                  = local.naming.log_name
    }**
  }

  data_flow {
    streams      = ["Microsoft-Table-Perf"]
    destinations = [local.naming.log_name]
  }
}
Tags:

2

Answers


  1. 0

    Is there any way we can deploy azure DCR with two or more log analytics workspace destinations?

    I used the below terraform code to create a DCR rule and associate it with two log analytics workspaces.

    provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "example" {
  name     = "dcr-resources"
  location = "East US"
}

resource "azurerm_log_analytics_workspace" "workspace1" {
  name                = "workspace1"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  sku                 = "PerGB2018"
  retention_in_days   = 30
  depends_on = [ azurerm_resource_group.example ]
}

resource "azurerm_log_analytics_workspace" "workspace2" {
  name                = "workspace2"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  sku                 = "PerGB2018"
  retention_in_days   = 30
  depends_on = [ azurerm_log_analytics_workspace.workspace1 ]
}

resource "azurerm_monitor_data_collection_rule" "example" {
  name                = "sample-dcr-rule"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location

  destinations {
    log_analytics {
      workspace_resource_id = azurerm_log_analytics_workspace.workspace1.id
      name                  = "destination-log1"
    }
    log_analytics {
      workspace_resource_id = azurerm_log_analytics_workspace.workspace2.id
      name                  = "destination-log2"
    }
  }

  data_sources {
    syslog {
      facility_names = ["*"]
      log_levels     = ["*"]
      name           = "datasource-syslog"
      streams        = ["Microsoft-Syslog"]
    }
     performance_counter {
      streams                       = ["Microsoft-Perf"]
      sampling_frequency_in_seconds = 60
      counter_specifiers            = ["Processor(*)\% Processor Time"]
      name                          = "datasource-perfcounter"
    }
  }

data_flow {
    streams      = ["Microsoft-Syslog"]
    destinations = ["destination-log1"]
  }

  data_flow {
    streams      = ["Microsoft-Perf"]
    destinations = ["destination-log2"]
  }


  description = "data collection rule example"
  tags = {
    foo = "bar"
  }

  depends_on = [
    azurerm_log_analytics_workspace.workspace1,
    azurerm_log_analytics_workspace.workspace2
  ]
}

    After running the code, a DCR was created with two log analytics workspaces.

    enter image description here

    Login or Signup to reply.
  2. 0

    Can we send syslog to two different workspaces? I can manually add two or more workspace but how will it work using terraform?

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search