Skip to content

looker-open-source/block-cloud-logging

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

66 Commits
.github/workflows
.github/workflows
 
 
dashboards
dashboards
 
 
models
models
 
 
views
views
 
 
.gitkeep
.gitkeep
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
manifest.lkml
manifest.lkml
 
 
marketplace.json
marketplace.json
 
 

Repository files navigation

Google Cloud Logging - Log Analytics Block

Google Cloud Logging’s Log Analytics feature centralizes all of your log data (application, audit and network) into a single view within BigQuery. This block allows you to instantly aggregate, visualize, and alert on all of your log data using pre-built dashboards and LookML data models. You can also extend and customize the block to include other datasets and define new logic that is unique to your business.

Log Types Covered

  • Cloud Audit Logs (available now)
  • Application Logs  (coming soon)
  • Network Logs       (coming soon)

Included Dashboards

Cloud Audit Logs

  1. Audit Pulse
  2. Data Access Logs
  3. Unusual API Usage
  4. Principal Lookup

Getting Started

Prerequisites

To make your log data visible to BigQuery, upgrade your bucket to use Log Analytics and then create a linked dataset.

There is also an older method of moving logs into BigQuery by creating sinks. This method creates a different data structure, so you should refer to this Looker block if you are using this method.

Installing the Block

The block is not yet available on the Looker Marketplace, but will be soon. In the meantime, you can clone this git repo when creating a new Looker project.

Adding IP-to-Geography mapping data to BigQuery

A very easy and powerful way to enrich the GCP log data is by including IP Address-to-Geography mapping data, which enables you to visualize the general geographical area related to an IP address. In the block, we have used a free license from Maxmind (they also have a paid version), but you are welcome to use your own sources as well.

To add this data to your BigQuery database, you can follow these steps.

  1. Go to Maxmind website, create an account, and agree to the license agreement.
  2. Download the GeoLite2 City: CSV Format
  3. Import the below files into seperate tables in BigQuery. (Instructions on importing data to BigQuery)
File Name Table Name
GeoLite2-City-Blocks-IPv4.csv ipv4_city_blocks
GeoLite2-City-Locations-en.csv ipv4_city_locations

Customizing the Block

Disabling the IP-Geography mapping data

The block is currently built with the Maxmind data lookml already incorporated. If you'd like to remove it from the model, you can do so by deleting the join join: ip_to_geo_mapping in the model file, and deleting the view files ip_to_geo_mapping and dt_impossible_traveler. You may also receive errors on some of the pre-built dashboards. You can delete any tiles that use this geography data.

About

No description, website, or topics provided.

Resources

Readme

License

View license

Security policy

Security policy
Activity
Custom properties

Stars

4 stars

Watchers

1 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • LookML 100.0%