You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Cloud Logging is Google Cloud's fully managed, real-time log management service. It ingests log data from Google Cloud services, on-premises environments, and other clouds, providing a centralised platform for storing, searching, analysing, and exporting logs. While metrics tell you what is happening, logs tell you why — providing the detail needed for debugging, auditing, and compliance.
Cloud Logging handles several types of logs:
| Log Type | Description | Examples |
|---|---|---|
| Platform logs | Generated automatically by Google Cloud services | Cloud SQL slow query logs, GKE node logs, Cloud Run request logs |
| Audit logs | Record administrative activity and data access | Who created a VM, who accessed a BigQuery table |
| User-written logs | Generated by your application code | Application errors, business events, debug output |
| Agent logs | Collected by the Ops Agent from VMs | System logs, application logs from files, custom log files |
| Category | Description | Enabled By Default |
|---|---|---|
| Admin Activity | Configuration changes (create, delete, update resources) | Yes — always on, cannot be disabled |
| Data Access | Read operations on resource data and configurations | No — must be enabled per service |
| System Event | Google-initiated system events | Yes — always on |
| Policy Denied | Access denied due to security policy violations | Yes — always on |
Every log entry in Cloud Logging follows a structured format:
| Field | Description |
|---|---|
| logName | The full resource path of the log (e.g., projects/my-project/logs/cloudaudit.googleapis.com%2Factivity) |
| resource | The monitored resource that produced the log (type + labels) |
| timestamp | When the log entry was created |
| severity | Log level (DEFAULT, DEBUG, INFO, NOTICE, WARNING, ERROR, CRITICAL, ALERT, EMERGENCY) |
| jsonPayload / textPayload / protoPayload | The actual log message content |
| labels | Key-value pairs for additional metadata |
| insertId | A unique identifier for deduplication |
| httpRequest | HTTP request details (if applicable) |
| trace / spanId | Distributed tracing identifiers for correlation with Cloud Trace |
The Logs Explorer is the primary interface for searching and analysing logs in the Cloud Console. It provides real-time log streaming, powerful filtering, and the ability to save queries for reuse.
Cloud Logging uses a query language for filtering logs:
# Find error logs from a specific Compute Engine instance
resource.type = "gce_instance"
resource.labels.instance_id = "1234567890"
severity >= ERROR
# Find Cloud Run request logs with latency > 1 second
resource.type = "cloud_run_revision"
httpRequest.latency > "1s"
# Find audit logs for IAM policy changes
logName = "projects/my-project/logs/cloudaudit.googleapis.com%2Factivity"
protoPayload.methodName = "SetIamPolicy"
# Text search within log payloads
textPayload : "connection refused"
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.