Skip to main content
Sumo Logic

Collect Logs for Google Cloud Load Balancing

This page has instructions for configuring Google Cloud Load Balancing to send logs to Sumo.

Configure Cloud Load Balancing  to export logs to Stackdriver

If you haven't already done so, set up Google Cloud Load Balancing  to export logs to Stackdriver. For more information, see Overview of Logs Export in GCP in Google Cloud help.

Set up Google-validated HTTP source and Pub/Sub topic 

In this step, you set up an HTTP source in Sumo, register it with Google, and create a Pub/Sub topic to send data to the HTTP source. Follow the instructions in Google Cloud Platform Source.

You don't have to perform this step if you have already configured an HTTP source and a pub/sub topic for another Sumo Google Cloud Platform app. You can use the same HTTP source and pub/sub topic for all Sumo Google Cloud Platform apps.

Create export of Google Cloud Load Balancing logs from Stackdriver

In this step you export Google Cloud Load Balancing logs from Stackdriver to the Pub/Sub topic you created in the previous step.

  1. Click Logging in the STACKDRIVER section in the left hand pane of the GCP console.
  2. Go to Exports.
    exports.png

  3. Click Create Export.
    gcp7.png
  4. In the center pane, select "Cloud HTTP Load Balancer" as the service to filter the logs. 
  5. In the Edit Export pane on the right:
    1. Set the Sink Name. For example, "gce-applications".
    2. Set Sink Service to “Cloud Pub/Sub”.
    3. Set Sink Destination to your Pub/Sub topic. For example, "pub-sub-logs".
    4. Click Create Sink.
      edit-export.png

Sample Log Message

{"remoteIp":"98.243.249.133","requestUrl":"http:\/\/35.201.123.100\/","requestMethod":"POST","serverIp":"10.128.0.9","responseSize":"415","userAgent":"Mozilla\/5.0 (Windows NT 6.3; WOW64; Trident\/7.0; rv:11.0) like Gecko","requestSize":"1347","status":501}

Query Sample

Status codes per load balancer

_sourceCategory=*gcp* data logName resource "\"type\":\"http_load_balancer\""
| parse regex "\"logName\":\"(?<log_name>[^\"]+)\"" 
| where log_name matches "projects/*/logs/requests"
| json "message.data.resource.labels", "message.data.httpRequest.status" as labels, status
| json field=labels "project_id", "zone", "url_map_name" as project, zone, load_balancer
| if(status matches "20*", 1, 0) as resp_200
| if(status matches "30*", 1, 0) as resp_300
| if(status matches "40*", 1, 0) as resp_400
| if(status matches "50*", 1, 0) as resp_500
| if(!(status matches "20*" or status matches "30*" or status matches "40*" or status matches "50*"), 1, 0) as resp_others
| sum(resp_200) as tot_200, sum(resp_300) as tot_300, sum(resp_400) as tot_400, sum(resp_500) as tot_500, sum(resp_others) as tot_others by load_balancer, project