Connect Azure Log Workspace with Data Collection Rule (Terrraform)

Question

I am trying to create a Data Collection Rule for the table "Perf" by terrafrom, but I have trouble get my "azurerm_log_analytics_workspace" connected to the "azurerm_monitor_data_collection_rule".

resource "azurerm_resource_group" "this" {
  location = var.environment_config.location_name
  name     = local.naming.rg_name
}

resource "azurerm_log_analytics_workspace" "this" {
  name                = local.naming.log_name
  location            = azurerm_resource_group.this.location
  resource_group_name = azurerm_resource_group.this.name
}

resource "azurerm_monitor_data_collection_rule" "this" {
  name                = local.naming.dcr_name
  resource_group_name = azurerm_resource_group.this.name
  location            = azurerm_resource_group.this.location

  destinations {
    log_analytics {
      workspace_resource_id = azurerm_log_analytics_workspace.this.id
      name                  = local.naming.log_name
    }
  }

  data_flow {
    streams      = ["Microsoft-Table-Perf"]
    destinations = [local.naming.log_name]
  }
}

Both resources are in the same resource group and same region.

I tried to create a DCR through portal and compare the templates with the one created by terraform and they are the same. The only difference is in the Log Analytics workspace where I find "defaultDataCollectionRuleResourceId" with the ID of the the created DCR. Then I tried to add my terraform DCR manually to the Log Analytics, but when selecting the table "Perf" and clicking on "Create Transformation" I can't even select the DCR. I also tried to create it via "azapi_resource", but had the same Issue.

resource "azapi_resource" "azurerm_monitor_data_collection_rule" {
  type      = "Microsoft.Insights/dataCollectionRules@2021-09-01-preview"
  name      = local.naming.dcr_name
  location  = azurerm_resource_group.this.location
  parent_id = azurerm_resource_group.this.id

  body = jsonencode({
    properties = {
      dataFlows = [
        {
          destinations = [local.naming.log_name]
          streams      = ["Microsoft-Table-Perf"]
        }
      ]

      destinations = {
        logAnalytics = [
          {
            name                = local.naming.log_name
            workspaceResourceId = azurerm_log_analytics_workspace.this.id
          }
        ]
      }
    }
    kind = "WorkspaceTransforms"
  })
  lifecycle {
    ignore_changes = [
      tags
    ]
  }
}

I would have expected the DCR connect automatically to Log Analytics, or that there is an additional resource for connection, but I could not find anything like this.

Answer 1

The AzureRM release v3.75.0 added this feature Sep 29, 2023

data_collection_rule_id - (Optional) The ID of the Data Collection Rule to use for this workspace. See AzureRM documentation

Answer 2

I found a workaround for this Issue by using log analytics command from CLI directly:

resource "null_resource" "connect_dcr_to_log_analytics" {

  provisioner "local-exec" {
    command = "az monitor log-analytics workspace update --resource-group ${local.naming.rg_name} --workspace-name ${local.naming.log_name} --data-collection-rule \"${azapi_resource.azurerm_monitor_data_collection_rule.id}\""
  }

  depends_on = [
    azapi_resource.azurerm_monitor_data_collection_rule,
    azurerm_log_analytics_workspace.this
  ]
}

I found this in the log analytics cli documentation. When you execute the terraform, DCR is connected correctly, but you will not be able to create transformations in the azure portal, which is fine for us, as we have everything inside terraform, but just as remark.