Use Oracle Log Analytics for Large Activity Stream Payloads

You can publish your activity stream logs to Oracle Log Analytics. This is useful if your activity stream payload is large, because Oracle Cloud Infrastructure (OCI) public logging limits the size of log files.

Note

You must be subscribed to Oracle Log Analytics to publish your activity stream logs there.

To publish the Oracle Integration activity stream logs to Oracle Log Analytics, perform the following tasks:

If you later decide to stop storing activity stream logs in Oracle Log Analytics, you can disable it for your Oracle Integration instance. See Disable Storing Logs in Oracle Log Analytics

Create a Log Group to Store Your Logs in Oracle Log Analytics

To create a log group in Oracle Log Analytics to store your Oracle Integration activity stream logs, perform the following steps:

In the Oracle Cloud Console, open the navigation menu and click Observability & Management, then, under Log Analytics, click Administration.
On the Log Groups page, in the menu on the left, click Log Groups.
Next to Applied filters, make sure you're viewing the compartment in which you want to create the log group.
Click Create Log Group.
Enter a name (for example, OracleIntegration_ActivityStream_LogGroup) and description.
Click Create.

Create a Policy to Allow Log Uploads from Oracle Integration

To create a policy to allow log uploads from Oracle Integration, perform the following steps:

If you haven't already done so, sign in to the Oracle Cloud Console.
Get the client ID for your Oracle Integration instance:
1. In the Oracle Cloud Console navigation menu, click Identity & Security, then, under Identity, click Domains.
2. Open the domain in which you created your Oracle Integration instance.
  If you don't see the domain, make sure you're in the correct region (in the banner) and you're viewing the correct compartment (in the filters).
3. In the tabs across the top, click Oracle cloud services.
4. Open your Oracle Integration instance.
  If you have trouble finding your instance, searching for "Integration" might narrow down your choices.
5. In the tabs across the top, click OAuth configuration.
6. Scroll down to the General information section, and copy the Client ID.
Create a dynamic group to be used in the policy:
1. Go back to your domain by clicking Oracle cloud services at the top of the page.
2. In the tabs across the top, click Dynamic groups.
3. Click Create dynamic group.
4. Enter a Name (for example, OracleIntegration_LogAnalytics_DynamicGroup) and Description for the group.
5. In the Rule 1 box, enter the following rule.
  Syntax:
  - resource.id='OracleIntegration_ClientID'
  Where:
  - OracleIntegration_ClientID is the client ID you copied in step 2
  Example:
  - resource.id='A01BC23DE4567FGH89I0123456J78901_APPID'
Create the policy:
1. In the left navigation pane, click Policies.
2. Click Create Policy.
3. Enter a name (for example, OracleIntegration_LogUploadPolicy) and description for the policy.
4. Click Show manual editor.
5. Enter the following permissions.
  Syntax:
  - allow dynamic-group DynamicGroup to {LOG_ANALYTICS_LOG_GROUP_UPLOAD_LOGS} in compartment LogGroup_Compartment
  - allow dynamic-group DynamicGroup to {LOG_ANALYTICS_SOURCE_READ} in tenancy
  - allow dynamic-group DynamicGroup to use loganalytics-ondemand-upload in tenancy
  - allow dynamic-group DynamicGroup to {LOG_ANALYTICS_LOG_GROUP_UPLOAD_LOGS} in tenancy
  Where:
  - DynamicGroup is the dynamic group you created in step 3
  - LogGroup_Compartment is the compartment in which you created the log group
  Example:
  - allow dynamic-group OracleIntegration_LogAnalytics_DynamicGroup to {LOG_ANALYTICS_LOG_GROUP_UPLOAD_LOGS} in compartment OracleIntegration_LogGroup_Compartment
  - allow dynamic-group OracleIntegration_LogAnalytics_DynamicGroup to {LOG_ANALYTICS_SOURCE_READ} in tenancy
  - allow dynamic-group OracleIntegration_LogAnalytics_DynamicGroup to use loganalytics-ondemand-upload in tenancy
  - allow dynamic-group OracleIntegration_LogAnalytics_DynamicGroup to {LOG_ANALYTICS_LOG_GROUP_UPLOAD_LOGS} in tenancy

Create a Policy to Allow Users to View Logs in Oracle Log Analytics

To create a policy to allow users to view logs in Oracle Log Analytics, perform the following steps:

Create a group for the users you want to be able to view the activity stream logs in Oracle Log Analytics:
1. In the left navigation pane, click Domains.
2. Open the domain in which you created your Oracle Integration instance.
  If you don't see the domain, make sure you're in the correct region (in the banner) and you're viewing the correct compartment (in the filters).
3. In the tabs across the top, click User management.
4. Scroll down to the Groups section, and click Create group.
5. Enter a Name (for example, OracleIntegration_LogAnalytics_Group) and Description for the group.
6. Add users to the group.
7. Click Create.
Create th policy:
1. In the left navigation pane, click Policies.
2. Click Create Policy.
3. Enter a Name (for example, OracleIntegration_LogAnalyticsAccessPolicy) and Description for the policy.
4. Click Show manual editor.
5. In the editor, enter the following permissions.
  Syntax:
  - allow group UserGroup to use loganalytics-features-family in tenancy
  - allow group UserGroup to use loganalytics-resources-family in tenancy
  Where:
  - UserGroup is the group you created in step 1
  Example:
  - allow group OracleIntegration_LogAnalytics_Group to use loganalytics-features-family in tenancy
  - allow group OracleIntegration_LogAnalytics_Group to use loganalytics-resources-family in tenancy

Enable the Option to Publish Logs to Oracle Log Analytics

To enable storing Oracle Integration activity stream logs in Oracle Log Analytics, perform the following steps:

Get the OCID for the log group you created:
1. In the Oracle Cloud Console navigation menu, click Observability & management, then, under Log analytics, click Administration.
2. In the left navigation pane, click Log Groups.
3. Next to the log group you created for Oracle Integration, click , then click Copy OCID.
  If you don't see the log, make sure you're viewing the correct compartment (in the left menu).
Enable the option:
1. In the Oracle Cloud Console navigation menu, click Developer Services, then, under Application Integration, click Integration.
2. Open your Oracle Integration instance.
  If you don't see the instance you're looking for, make sure you're viewing the correct region (in the banner) and compartment (at the top of the instance list, next to Applied filters).
3. Under Settings, next to Store activity stream logs in OCI Log Analytics, click Enable.
4. Paste the OCID you copied into the OCI Log Analytics log group box, and then click Save.
  The service instance status changes to Updating. When it's finished, the status changes to Active, and, under Links, you see a new entry for OCI Log Analytics log group, which shows the log group OCID.

Disable Storing Logs in Oracle Log Analytics

If you want to stop storing activity stream logs in Oracle Log Analytics, you can disable it for your Oracle Integration instance.

In the Oracle Cloud Console navigation menu, click Developer Services, then, under Application Integration, click Integration.
Open your Oracle Integration instance.
If you don't see your instance, make sure you're viewing the correct compartment (in the left menu).
Under Settings, next to Store activity stream logs in OCI Log Analytics, click Disable.
You'll be asked to confirm your action.

The service instance status changes to Updating. When it's finished, the status changes to Active, and Store activity stream logs in OCI Log Analytics shows Not enabled.