Azure Log Analytics工作区仅采集单台VM数据的Terraform部署问题求助
2026-4-20
Azure Log Analytics工作区仅采集单台VM数据的Terraform部署问题求助
大家好,我在编写Terraform部署Azure监控相关资源时遇到了一个棘手的问题,想请各位帮忙分析下。
我想要实现的Terraform部署逻辑如下:
- 给现有多台VM安装Azure Monitor Agent(同时也加了Change Tracking扩展,不确定是否必须)
- 创建数据收集规则(DCR)和数据收集端点(DCE),将数据目标指向我的Log Analytics工作区(LAW)
- 创建数据收集规则关联,把DCR绑定到目标资源(也就是我的多台现有VM)
目前Terraform的执行计划看起来完全符合预期,执行后也成功完成了上述所有步骤,所有VM都完成了扩展安装和关联配置。但奇怪的是,当我在Log Analytics工作区中查询数据时,只有一台VM的数据能返回结果,其他VM的数据完全看不到。
我已经排查了以下几个点:
- 所有目标VM上的Azure Monitor Agent和Change Tracking扩展都已成功安装,预配状态均返回"Succeeded"
- 所有预期VM都显示在数据收集规则的关联列表中
- 每台VM都存在对应的Data Collection Rule Association资源
以下是我的Terraform代码:
resource "azurerm_virtual_machine_extension" "ama_windows" { for_each = { for i, v in flatten(data.azurerm_resources.vms[*].resources): i => v } name = "AzureMonitorWindowsAgent" virtual_machine_id = each.value.id publisher = "Microsoft.Azure.Monitor" type = "AzureMonitorWindowsAgent" type_handler_version = "1.0" auto_upgrade_minor_version = true settings = <<SETTINGS { "workspaceId": "${azurerm_log_analytics_workspace.law.id}", "stopOnMultipleConnections": "false" } SETTINGS protected_settings = <<PROTECTED_SETTINGS { "workspaceKey": "${data.azurerm_log_analytics_workspace.key.primary_shared_key}" } PROTECTED_SETTINGS } resource "azurerm_virtual_machine_extension" "ChangeTracking-Windows" { for_each = { for i, v in flatten(data.azurerm_resources.vms[*].resources): i => v } name = "ChangeTracking-Windows" virtual_machine_id = each.value.id publisher = "Microsoft.Azure.ChangeTrackingAndInventory" type = "ChangeTracking-Windows" type_handler_version = "2.0" automatic_upgrade_enabled = true auto_upgrade_minor_version = true depends_on = [ azurerm_virtual_machine_extension.ama_windows, azurerm_log_analytics_workspace.law ] settings = <<SETTINGS { "workspaceId": "${azurerm_log_analytics_workspace.law.id}", "stopOnMultipleConnections": "false" } SETTINGS protected_settings = <<PROTECTED_SETTINGS { "workspaceKey": "${data.azurerm_log_analytics_workspace.key.primary_shared_key}" } PROTECTED_SETTINGS } resource "azurerm_automation_account" "aa" { name = "${module.config.azure_automation_account}001" location = var.aa_location resource_group_name = module.rg.name public_network_access_enabled = true identity { type = "SystemAssigned, UserAssigned" identity_ids = [azurerm_user_assigned_identity.AzureMonitoring-UID.id] } sku_name = "Basic" depends_on = [module.rg] } resource "azurerm_log_analytics_workspace" "law" { name = "${module.config.azure_log_analytics_workspace}001" location = var.location resource_group_name = module.rg.name sku = "PerGB2018" retention_in_days = 30 } resource "azurerm_log_analytics_solution" "vminsights" { solution_name = "${module.config.azure_log_analytics_solution}001" resource_group_name = module.rg.name location = var.location workspace_resource_id = azurerm_log_analytics_workspace.law.id workspace_name = azurerm_log_analytics_workspace.law.name plan { publisher = "Microsoft.Azure.Monitor" product = "ChangeTrackingAndInventory" } } resource "azurerm_log_analytics_linked_service" "laws" { resource_group_name = module.rg.name workspace_id = azurerm_log_analytics_workspace.law.id read_access_id = azurerm_automation_account.aa.id } resource "azurerm_monitor_data_collection_endpoint" "endpoint" { name = "${module.config.azure_monitor_data_collection_rule_endpoint}001" resource_group_name = module.rg.name location = var.location kind = "Windows" public_network_access_enabled = true description = "connection that Logs ingestion API uses to send collected data to Azure Monitor" } resource "azurerm_monitor_data_collection_rule" "default-rule" { name = "${module.config.azure_monitor_data_collection_rule}001" location = var.location resource_group_name = module.rg.name data_collection_endpoint_id = azurerm_monitor_data_collection_endpoint.endpoint.id depends_on = [ azurerm_monitor_data_collection_endpoint.endpoint ] destinations { log_analytics { workspace_resource_id = azurerm_log_analytics_workspace.law.id name = "log-analytics" } } data_flow { streams = [ "Microsoft-InsightsMetrics", "Microsoft-Syslog", "Microsoft-Event", "Microsoft-Perf", "Microsoft-W3CIISLog" ] destinations = ["log-analytics"] } data_sources { extension { extension_name = "ChangeTracking-Windows" name = "CTDataSource-Windows" streams = [ "Microsoft-ConfigurationChange", "Microsoft-ConfigurationChangeV2", "Microsoft-ConfigurationData" ] } syslog { facility_names = ["*"] log_levels = ["*"] name = "Syslog" streams = ["Microsoft-Syslog"] } iis_log { streams = ["Microsoft-W3CIISLog"] name = "iis-Logs" log_directories = ["C:\\Logs\\W3SVC1"] } performance_counter { streams = ["Microsoft-Perf", "Microsoft-InsightsMetrics"] sampling_frequency_in_seconds = 60 name = "Performance-Data" counter_specifiers = [ "\\Processor Information(_Total)\\% Processor Time", "Memory(*)\\% Used Memory", "Processor(*)\\% Processor Time", "ServiceName\\Status" ] } } } resource "azurerm_monitor_data_collection_rule_association" "dcr-association" { for_each = { for i, v in flatten(data.azurerm_resources.vms[*].resources): i => v } name = "${module.config.azure_monitor_data_collection_rule_association}00${each.key}" target_resource_id = each.value.id data_collection_rule_id = azurerm_monitor_data_collection_rule.default-rule.id description = "Associates the DCR to the resource for monitoring" depends_on = [ azurerm_monitor_data_collection_rule.default-rule ] }
非常感谢各位的宝贵建议!
备注:内容来源于stack exchange,提问作者TheMilli
