Datastream is a serverless and easy-to-use change data capture (CDC) and replication service that lets you synchronize data reliably, and with minimal latency. For more details, refer to the GCP documentation
You can collect the logs for Sumo Logic's Google Cloud Datastream integration by following the below steps.
Configure logs collection
- Collect Audit Logs using the Google Cloud Platform source. These Audit Logs can be accessed based on the permissions and roles. To enable logging for Google Datastream, refer to Google documentation. For more detail on Datastream operations being audited, refer to audited operations. While creating the sync in GCP, as part of the Choose logs to include in sink section, you can use the following query:
(resource.type=audited_resource OR resource.labels.service=datastream.googleapis.com)
- Collect Platform Logs using the Google Cloud Platform source. Datastream platform logs include logs service related logs of stream. While creating the sync in GCP, as part of the Choose logs to include in sink section, you can use the following query: