gcp_alloydb_clustergcp_alloydb_instancegcp_apikeys_keygcp_app_engine_applicationgcp_artifact_registry_repositorygcp_audit_policygcp_bigquery_datasetgcp_bigquery_jobgcp_bigquery_tablegcp_bigtable_instancegcp_billing_accountgcp_billing_budgetgcp_cloud_assetgcp_cloud_identity_groupgcp_cloud_identity_group_membershipgcp_cloud_run_servicegcp_cloudfunctions_functiongcp_composer_environmentgcp_compute_addressgcp_compute_autoscalergcp_compute_backend_bucketgcp_compute_backend_servicegcp_compute_diskgcp_compute_disk_metric_read_opsgcp_compute_disk_metric_read_ops_dailygcp_compute_disk_metric_read_ops_hourlygcp_compute_disk_metric_write_opsgcp_compute_disk_metric_write_ops_dailygcp_compute_disk_metric_write_ops_hourlygcp_compute_firewallgcp_compute_forwarding_rulegcp_compute_global_addressgcp_compute_global_forwarding_rulegcp_compute_ha_vpn_gatewaygcp_compute_imagegcp_compute_instancegcp_compute_instance_groupgcp_compute_instance_metric_cpu_utilizationgcp_compute_instance_metric_cpu_utilization_dailygcp_compute_instance_metric_cpu_utilization_hourlygcp_compute_instance_templategcp_compute_machine_imagegcp_compute_machine_typegcp_compute_networkgcp_compute_node_groupgcp_compute_node_templategcp_compute_project_metadatagcp_compute_regiongcp_compute_resource_policygcp_compute_routegcp_compute_routergcp_compute_snapshotgcp_compute_ssl_policygcp_compute_subnetworkgcp_compute_target_https_proxygcp_compute_target_poolgcp_compute_target_ssl_proxygcp_compute_target_vpn_gatewaygcp_compute_url_mapgcp_compute_vpn_tunnelgcp_compute_zonegcp_dataplex_assetgcp_dataplex_lakegcp_dataplex_taskgcp_dataplex_zonegcp_dataproc_clustergcp_dataproc_metastore_servicegcp_dns_managed_zonegcp_dns_policygcp_dns_record_setgcp_iam_policygcp_iam_rolegcp_kms_keygcp_kms_key_ringgcp_kms_key_versiongcp_kubernetes_clustergcp_kubernetes_node_poolgcp_logging_bucketgcp_logging_exclusiongcp_logging_log_entrygcp_logging_metricgcp_logging_sinkgcp_monitoring_alert_policygcp_monitoring_groupgcp_monitoring_notification_channelgcp_organizationgcp_projectgcp_project_organization_policygcp_project_servicegcp_pubsub_snapshotgcp_pubsub_subscriptiongcp_pubsub_topicgcp_redis_instancegcp_secret_manager_secretgcp_service_accountgcp_service_account_keygcp_sql_backupgcp_sql_databasegcp_sql_database_instancegcp_sql_database_instance_metric_connectionsgcp_sql_database_instance_metric_connections_dailygcp_sql_database_instance_metric_connections_hourlygcp_sql_database_instance_metric_cpu_utilizationgcp_sql_database_instance_metric_cpu_utilization_dailygcp_sql_database_instance_metric_cpu_utilization_hourlygcp_storage_bucketgcp_storage_objectgcp_tag_bindinggcp_vertex_ai_endpointgcp_vertex_ai_modelgcp_vertex_ai_notebook_runtime_templategcp_vertex_ai_notebook_runtime_template,mdgcp_vpc_access_connector
Table: gcp_logging_sink - Query GCP Logging Sinks using SQL
Google Cloud Logging Sinks are mechanisms in Google Cloud Platform (GCP) that allow you to route log entries from logging services to a variety of supported destinations. These destinations can be Cloud Storage buckets, Pub/Sub topics, or BigQuery datasets. Logging sinks give you the flexibility to manage, analyze, and act on your log data as you see fit.
Table Usage Guide
The gcp_logging_sink table provides insights into Logging Sinks within Google Cloud Platform (GCP). As a cloud engineer, you can explore sink-specific details through this table, including the destination, filter, and exclusion details. Utilize it to uncover information about sinks, such as their configured destinations, the filters applied, and to verify if any exclusions are set.
Examples
List writer identity that writes the export logs of logging sink
Identify the unique identities responsible for writing export logs in your logging sink. This can help monitor and manage who is contributing to your logs, enhancing security and accountability.
select name, unique_writer_identityfrom gcp_logging_sink;select name, unique_writer_identityfrom gcp_logging_sink;List the destination path for each sink
Explore which logging sinks are directing data to specific destinations in your Google Cloud Platform. This can help you understand where your log data is being sent and ensure it's reaching the intended targets.
select name, destinationfrom gcp_logging_sink;select name, destinationfrom gcp_logging_sink;Control examples
- All Controls > Logging > Ensure that retention policies on log buckets are configured using Bucket Lock
- CIS v1.2.0 > 2 Logging and Monitoring > 2.2 Ensure that sinks are configured for all log entries
- CIS v1.2.0 > 2 Logging and Monitoring > 2.3 Ensure that retention policies on log buckets are configured using Bucket Lock
- CIS v1.3.0 > 2 Logging and Monitoring > 2.2 Ensure that sinks are configured for all log entries
- CIS v1.3.0 > 2 Logging and Monitoring > 2.3 Ensure that retention policies on log buckets are configured using Bucket Lock
- CIS v2.0.0 > 2 Logging and Monitoring > 2.2 Ensure that sinks are configured for all log entries
- CIS v2.0.0 > 2 Logging and Monitoring > 2.3 Ensure that retention policies on log buckets are configured using Bucket Lock
- CIS v3.0.0 > 2 Logging and Monitoring > 2.2 Ensure That Sinks Are Configured for All Log Entries
- CIS v3.0.0 > 2 Logging and Monitoring > 2.3 Ensure That Retention Policies on Cloud Storage Buckets Used for Exporting Logs Are Configured Using Bucket Lock
- Ensure that Cloud Storage bucket used for exporting logs is not anonymously or publicly accessible
- Ensure that Cloud Storage buckets used for exporting logs are configured using bucket lock
- Ensure that Cloud Storage buckets used for exporting logs have object versioning enabled
- Ensure that Cloud Storage buckets used for exporting logs have retention policy enabled
- Ensure that sinks are configured for all log entries
Schema for gcp_logging_sink
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
| create_time | timestamp with time zone | The creation timestamp of the sink | |
| description | text | A user-specified, human-readable description of the sink | |
| destination | text | Specifies the destination, in which the logs will be exported | |
| disabled | boolean | Specifies whether the sink is disabled, or not | |
| exclusions | jsonb | A list of exclusion filters. Log entries that match any of the exclusion filters will not be exported. | |
| filter | text | An advanced logs filter. The log entries which will match the filter, will be exported. | |
| include_children | boolean | Specifies whether a particular log entry from the children is exported depends on the sink's filter expression | |
| location | text | The GCP multi-region, region, or zone in which the resource is located. | |
| name | text | = | The client-assigned sink identifier, unique within the project |
| project | text | =, !=, ~~, ~~*, !~~, !~~* | The GCP Project in which the resource is located. |
| self_link | text | Server-defined URL for the resource. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| title | text | Title of the resource. | |
| unique_writer_identity | text | An IAM identity—a service account or group—under which Logging writes the exported log entries to the sink's destination | |
| update_time | timestamp with time zone | The last update timestamp of the sink |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- gcpYou can pass the configuration to the command with the --config argument:
steampipe_export_gcp --config '<your_config>' gcp_logging_sink