1

As per the documentation, GCP audit logs are kept for only 13 months. What we want is export those logs to a BigQuery dataset for traceability reasons. The issue is that GCP starts exporting the logs starting from the export enabling time and we would like to export/migrate the already available logs also.

Any idea how we can accomplish that?

Thanks in advance.

Naran
  • 83
  • 6

1 Answers1

1

I have a solution, but I don't know if it will be the same format, never tested.

  1. Start by activating log analytics on your _Required log storage bucket. Go to log storage and update the storage enter image description here
  2. After a while (2 - 5 minutes) edit the bucket and add a BigQuery dataset link enter image description here
  3. Finally go to BigQuery and query your data. Perform a INSERT INTO <target table> Select * from <analytics logs table> (or similar query) to query your logs and insert them in your target table. image

Again, I never tested that, and the query could require more tuning to fit the destination table, but, like that, you can copy your existing logs in BigQuery.

guillaume blaquiere
  • 66,369
  • 2
  • 47
  • 76