Skip to content
OpsTower Docs

Google Cloud Logging

Google Cloud Logging provides access to your GCP application logs — structured JSON logs, audit logs, and platform logs from services like Cloud Run, Cloud Functions, GKE, and App Engine. Connecting it to OpsTower lets your agents query and filter these logs to investigate issues and answer operational questions.

What This Connection Provides

Section titled “What This Connection Provides”

Once connected, agents can:

  • Query logs — search and filter GCP logs using Cloud Logging filter syntax.
  • List resource types — discover which GCP resource types are generating logs in your project.

Agents construct Cloud Logging filter queries automatically based on your natural language questions.

Credentials Needed

Section titled “Credentials Needed”

To set up this connection, you will need:

  1. Service Account JSON — a Google Cloud service account key file with log reading permissions.
  2. GCP Project ID — the identifier of the Google Cloud project whose logs you want to query.
  3. Default Log Filter (optional) — a filter expression prepended to all queries to scope results.

How to Create a GCP Service Account

Section titled “How to Create a GCP Service Account”
  1. Go to the Google Cloud Console.
  2. Select your project from the project selector dropdown at the top of the page.
  3. Navigate to IAM & Admin > Service Accounts in the left sidebar.
  4. Click Create Service Account.
  5. Enter a name for the service account (e.g., “opstower-logging”) and an optional description.
  6. Click Create and Continue.
  7. In the Grant this service account access to project step, search for and select the role Logs Viewer (roles/logging.viewer).
  8. Click Continue, then click Done.
  9. Back in the service accounts list, click the service account you just created.
  10. Go to the Keys tab.
  11. Click Add Key > Create new key.
  12. Select JSON as the key type and click Create.
  13. The JSON key file will download automatically. Store it securely — this file contains credentials that grant access to your GCP logs.

When configuring the connection in OpsTower, you will paste the contents of this JSON file.

How to Find Your GCP Project ID

Section titled “How to Find Your GCP Project ID”
  1. In the Google Cloud Console, look at the project selector dropdown at the top of the page.
  2. Your project ID is displayed below the project name. It is a lowercase string with hyphens (e.g., my-project-123).
  3. You can also find it by navigating to Settings in the left sidebar under your project.

Default Log Filter (Optional)

Section titled “Default Log Filter (Optional)”

You can provide a default filter expression that will be prepended to every query the agent runs. This is useful for scoping logs to a specific resource type or service.

Examples:

  • resource.type="cloud_run_revision" — scope to Cloud Run logs only.
  • resource.type="cloud_function" — scope to Cloud Functions logs only.
  • resource.labels.service_name="my-api" — scope to a specific Cloud Run service.

If you leave this field blank, agents will query across all log entries in the project.

Setting Up the Connection

Section titled “Setting Up the Connection”
  1. In OpsTower, navigate to Connections in the sidebar.
  2. Click Add Connection and select Google Cloud Logging.
  3. Paste the contents of your Service Account JSON key file.
  4. Enter your GCP Project ID.
  5. Optionally enter a Default Log Filter to scope queries.
  6. Save the connection.

Once the connection shows a green status indicator, you can enable it on any Debugger agent to start querying your GCP logs.