I want to create a sink for Stackdriver logs, in Datadog. Steps to integrate that involve creating a Pub-Sub topic, running the query on Stackdriver, and then exporting that to the Pub Sub (which is already configured to push data to Datadog).
I am stuck at the second step where I don't get any logs in Stackdriver.
However, the same query when run from the Google Cloud Armor console, shows results.
Query:
resource.type:(http_load_balancer) AND jsonPayload.enforcedSecurityPolicy.name:(<my security policy>)
Running on Stackdriver: https://console.cloud.google.com/logs/query;duration=P7D?project=<my_project> for the link. When I type in the above query, with varying time durations, I don't get any results. I also tried other variants, such as, enclosing the resource type (http_load_balancer) in double quotes.
However, when I am at the GCA console: https://console.cloud.google.com/net-security/securitypolicies/details/?project=&tab=rules
and if I click on Logs, followed by clicking on "View policy logs", it takes me to a same URL (as far as I can tell), and I can see the logs.
What is the difference in two routes?