-
Notifications
You must be signed in to change notification settings - Fork 547
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"Enable allLogs category group resource logging for supported resources to Log Analytics" creates duplicate logs for Application Insights already using a Log Analytics Workspace #1026
Comments
Hi djbark, I looked at the documentation for the azurerm_application_insights resource and the workspace_id is optional (I didn't do any testing, but I believe you can comment on this parameter and see how the plan behaves). Or if you want to control it through the resource, I believe another option is to add an exemption to this policy/resource and remove the setbypolicy that it will not create again. |
@diegosrp It is optional, but once added it cannot be removed (at least not without deleting and re-creating the resource). Furthermore my understanding is that the recommendation is to migrate to workspace-based Application Insights resources so would seem a backwards step. I would rather not do exemptions to individual policies that are part of an initiative provided as part of the CAF, but maybe that is the only option. |
I understood. In my view, I see CAF as the best practices/recommendations, however it is not suitable for all businesses, sometimes we have a compliance requirement or something that will not meet our needs and we need to adjust. Regarding exemption, you can put it in the specific resource_id, meaning it will not only apply to the specific resource. |
Hi all, In case this option hasn't been considered yet: it looks like it's possible to exclude App Insights from this policy by removing it from the 'resourceTypeList' parameter, where it is included in the default value. That's what we will be doing for now, using the archetype_config_overrides feature of CAF Terraform module. |
Also, Microsoft seems to have updated their documentation recently. The blurb in the red caution shown above seems to have been made less prominent, no longer in red and no longer a caution. The information presented is similar though: https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings#diagnostic-logs-for-application-insights |
Community Note
Versions
module: 6.0.0
Description
Describe the bug
I already have an Application Insights resource which is using a Log Analytics workspace configured via the WORKSPACE config option (actually configured via azurerm_application_insights/workspace_id). This sends all logs to the Log Analytics workspace. I believe this configuration can not be removed.
If I remediate the policy "Enable allLogs category group resource logging for supported resources to Log Analytics" it creates a Diagnostic Setting "setByPolicy-LogAnalytics" for the Application Insights resource which also sends all logs to the Log Analytics workspace. Hence duplicate logs are stored in the Log Analytics workspace.
The text was updated successfully, but these errors were encountered: