Sure thing.
Diagnostic settings for azure storage accounts are actually 4 separate diagnostic settings depending on the service (Blob, Table, Queue, File) plus a main diagnostic setting for the account as a whole
A diagnostic setting for a storage account which would log transactions and enable all diagnostics for all types of storage within the storage account would look like this. You might also have a second set of the below to log directly to a storage account (for long term retention)
resource "azurerm_monitor_diagnostic_setting" "main_log_analytics" {
name = "managed-by-terraform-log-analytics"
log_analytics_workspace_id = azurerm_log_analytics_workspace.my_workspace.id
target_resource_id = azurerm_storage_account.my_storage_account.id
metric {
category = "Capacity"
enabled = true
retention_policy {
days = 0
enabled = false
}
}
metric {
category = "Transaction"
enabled = true
retention_policy {
days = 0
enabled = false
}
}
}
resource "azurerm_monitor_diagnostic_setting" "additional_log_analytics" {
for_each = toset(["blob", "table", "queueServices", "fileServices"])
name = "managed-by-terraform-log-analytics"
log_analytics_workspace_id = azurerm_log_analytics_workspace.my_workspace.id
target_resource_id = "${azurerm_storage_account.my_storage_account.id}/${each.key}/default"
log {
category = "StorageDelete"
enabled = true
retention_policy {
days = 0
enabled = false
}
}
log {
category = "StorageRead"
enabled = true
retention_policy {
days = 0
enabled = false
}
}
log {
category = "StorageWrite"
enabled = true
retention_policy {
days = 0
enabled = false
}
}
metric {
category = "Capacity"
enabled = true
retention_policy {
days = 0
enabled = false
}
}
metric {
category = "Transaction"
enabled = true
retention_policy {
days = 0
enabled = false
}
}
}