Creating a Log

Create a log that contains critical diagnostic information that tells you how your Oracle Cloud Infrastructure (OCI) services are performing and being accessed.

  • Log groups are logical containers for organizing logs. Logs must always be inside log groups. You must create a log group before you create a log.

    For more information about logs and required permissions for working with them, see Log Group Management.

    1. Open the navigation menu and click Observability & Management. Under Logging, click Logs.
    2. Under List scope, select a compartment that you have permission to work in.
    3. Click Create custom log.
    4. In the Create custom log page, enter a name for the custom log. Avoid entering confidential information.
    5. From Compartment, select the compartment that you want to create the log in.
    6. From Log group, select a log group to place the custom log into.
    7. Optionally, click Show additional options and provide the following values:
      • In Log Retention, select how long to retain the log in 30-day increments, up to a maximum of 180 days.

        If you change the retention period from six months to one month, all the logs older than one month will no longer be accessible. For example, if changing from one month to six months, logs will not be available after one month, and six-month old logs will not be available.

        Furthermore, the future time and date that a log no longer becomes available is based on the exact time and date that you created the log. For example, if you created a log on July 21 at 15:05 UTC with a retention period of three months, then on October 19 at 15:05 the log will no longer be searchable.

      • Under Add Tags, add one or more tags to the log by entering a tag namespace (for a defined tag), key, and value.
    8. Click Create custom log.
      In the Create agent config page, you can create a new configuration to define the parameters for the associated log data (the default), or add it later. The agent configuration defines what instances the configuration applies to (Host groups), which log files are obtained, and what parser (if any) is used (Configure log inputs).
      • If you select Create new configuration, go to the next step.
      • If you select Add configuration later, skip to step 16.
    9. Enter a name and description for the configuration. Avoid entering confidential information.
    10. Select the compartment that you want to create the configuration in.
    11. Under Host Groups, where you define which VMs apply to this configuration, select one of the following options from the Group type list:
      • Dynamic group: Dynamic Group refers to a group of instances that you can create in the IAM feature of the Console. For more information, see About Dynamic Groups. Select a dynamic group from the Group list.
      • User group: User group refers to the IAM Groups feature of the Console. For more information, see Managing Groups. Select a user group from the Group list.
    12. To add more groups, click + Another host group.

      You can add a combination of group types for the agent configuration.


      A maximum of five groups per configuration is allowed, and a host can be in a maximum of five different groups.
    13. Under Agent configuration, define the format of the logs (what logs you want to watch for) in Configure log inputs. Select one of the options from the Input type list:
      • For Windows event log, enter an input name and select one or more event channels.
      • For Log path, enter an input name and one or more file paths. For example, /<log_path>/<log_name>.

      You can specify multiple log file paths, separated by a comma (,). For more information, see

      @type tail
      tag 757261.oc_oslogs_linux
      path /var/log/.log,/var/log/.out,/var/log/dmesg,var/log/grubby,/var/log/messages*,
      pos_file /etc/unifiedmonitoringagent/pos/757261-oc_oslogs_linux.pos
      path_key tailed_path
      Example configuration:
      {{path C:\Program Files (x86)\<application>\<directory>*, 
       C:\Program Files (x86)\<application>\<application_logs_directory>\<directory>* }}
    14. Click Advanced parser options, and in the Advanced parser options panel, select a parser to specify how to parse the log. Some parsers require further input and have more options, depending on the type chosen.

      For example for JSON, you must select a Time type value from the list, while optionally, you can specify event time and null field settings. For REGEXP, you can specify the regular expression for matching logs, along with the time format. For more information, see Log Inputs and Parsers.


      The NONE parser type is required, even if you don't want to specify a particular parser type.
    15. After configuring the log inputs and the parser, you can optionally specify tag settings.
    16. Click Create agent config.

      The custom log object is created, along with the its associated agent configuration (if specified), which pulls data from instances, and pushes into the custom log object.

  • Use the oci logging log create command and required parameters to create a log in a log group:

    oci logging log create --display-name display_name --log-group-id log_group_ocid --log-type log_type [OPTIONS]

    For a complete list of parameters and variable options for CLI commands, see the Command Line Reference.

  • Run the CreateLog operation to create a log in a log group.