How to query for VM compliance report in Google Cloud Logs Explorer

Question

I am able to see the compliance state for VMs(on whom I have applied custom OS policy via OS Configuration Management in VM Manager) in a given project and zone in the Google Cloud console as well as via using API like below:

GET https://osconfig.googleapis.com/v1alpha/projects/PROJECT_ID/locations/ZONE/instanceOSPoliciesCompliances

Is there a way I can view compliance state via Google Cloud Logs Explorer?

If I click on View in the Logs tab above, I am directed to Logs Explorer with the Query framed as:

resource.type="gce_instance" 
resource.labels.instance_id="<instance_id>" 
labels.os_policy_assignment="projects/<project_id>/locations/<zone>/osPolicyAssignments/<assignment>@<some_alphanumeric_id>" 
labels.os_policy_id="<custom-policy-id>" 
labels.task_type="APPLY_CONFIG_TASK"

But this does not provide me any information on the Compliance State as shown in the screenshot above.

How can I frame a query to get the Compliance State related logs?

Answer 1

To view compliance state in Logs use the following query,

resource.type="gce_instance" 
resource.labels.instance_id="<instance_id>" 
labels.os_policy_assignment="projects/<project_id>/locations/<zone>/osPolicyAssignments/<assignment>@<some_alphanumeric_id>" 
labels.os_policy_id="<custom-policy-id>"
labels.task_type="APPLY_CONFIG_TASK"
jsonPayload.message:"state: COMPLIANT"

We can find compliant state of VM in “jsonPayload.message” field of a log.