Support for setting defaultDataCollectionRuleResourceId in Log Analytics

[vscoding1988]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

When creating a azurerm_log_analytics_workspace and azurerm_monitor_data_collection_rule there is no way of connecting both, currently we are forced to use az cli to connect both

resource "azurerm_resource_group" "this" {
  location = var.environment_config.location_name
  name     = local.naming.rg_name
}

resource "azurerm_log_analytics_workspace" "this" {
  name                = local.naming.log_name
  location            = azurerm_resource_group.this.location
  resource_group_name = azurerm_resource_group.this.name
}

resource "azurerm_monitor_data_collection_rule" "this" {
  name                = local.naming.dcr_name
  resource_group_name = azurerm_resource_group.this.name
  location            = azurerm_resource_group.this.location

  destinations {
    log_analytics {
      workspace_resource_id = azurerm_log_analytics_workspace.this.id
      name                  = local.naming.log_name
    }
  }

  data_flow {
    streams      = ["Microsoft-Table-Perf"]
    destinations = [local.naming.log_name]
  }
}

resource "null_resource" "connect_dcr_to_log_analytics" {

  provisioner "local-exec" {
    command = "az monitor log-analytics workspace update --resource-group ${local.naming.rg_name} --workspace-name ${local.naming.log_name} --data-collection-rule \"${azurerm_monitor_data_collection_rule.this.id}\""
  }

  depends_on = [
    azurerm_monitor_data_collection_rule.this,
    azurerm_log_analytics_workspace.this
  ]
}

It would be great to have a dedicated resource for that.

New or Affected Resource(s)/Data Source(s)

azurerm_log_analytics_workspace_data_rule_connection

Potential Terraform Configuration

resource "azurerm_log_analytics_workspace_data_rule_connection" "this" {
  resource_group_name = azurerm_resource_group.this.name
  log_analytics_workspace_name = azurerm_log_analytics_workspace.this.name
  data_collection_rule_id = azurerm_monitor_data_collection_rule.this.id
}

References

No response

[eric-mark]

We have seem the same issue as well. In order to associate the DCR rule to a Log Analytics Workspace, we need to use:

data_collection_rule_id

However, this becomes a race condition. We were able to work around this by deploying the LAW block without the DCR association. Then we deploy the DCR rule. Then we update the LAW block with the DCR collection rule ID association.

It would be much better to associate the DCR to the LAW within the same block. This would avoid the race condition between the two.

[jarpoole]

Another option if you don't want to use the null_resource work around with the CLI suggested above is to use the azapi provider:

resource "azapi_update_resource" "dcr" {
  type        = "Microsoft.OperationalInsights/workspaces@2023-09-01"
  resource_id = azurerm_log_analytics_workspace.main.id
  body = {
    properties = {
      defaultDataCollectionRuleResourceId = azurerm_monitor_data_collection_rule.default_dcr.id
    }
  }
}

You'll also need to ignore changes in the main log analytics resource

resource "azurerm_log_analytics_workspace" "main" {
  ...
  lifecycle {
    ignore_changes = [data_collection_rule_id]
  }
}