Oracle Cloud Infrastructure Resource Manager stack configuration for OCI Logging Analytics and Oracle Configure, Price, Quote (CPQ) event log analysis setup.
The integration configures Logging Analytics components and dashboards for Oracle CPQ events analysis and enables continuous REST API log collection. Log collection is run by the Management Agent, which is a service enabled on an OCI Compute Instance.
Using this integration CPQ customers can quickly gain insight into the performance of product configurations, quote management, and deal negotiation tasks. Ensuring their CPQ applications are fast and reliable is essential to Oracle's customers for maintaining competitiveness in today's dynamic B2B environment and the CPQ - Logging Analytics integration makes it easy to gain insights about CPQ performance.
Keeping a handle on the performance of your CPQ applications can be difficult due the large volume of data that is generated each day. Couple that volume with the complexity of each interaction in your business that is reflected in the logs and the challenge of gaining insight becomes very expensive and labor intensive. The CPQ - OCI Logging Analytics integration will help you wrangle your log data. Here's how:
OCI services enable CPQ customers to automate ingest, enrichment, and analysis of event logs.
Using OCI native services, CPQ admins can automate the continuous collection of CPQ event logs and easily visualize, create alerts, and run advanced analytics on Oracle CPQ performance logs with Logging Analytics.
OCI Logging Analytics supports a rich selection of alert mechanisms including via email, SMS, Slack, or PagerDuty,
Ensure your business goals are consistently met by leveraging Logging Analytics dashboards to surface important information.
With pre-built dashboards, business leaders and their teams can easily review top-level metrics and determine the overall health of their CPQ applications. The CPQ performance dashboard contains both summary and trend information on number of requests, request response times, and number of unique users. Each metric is broken out by node, event type, and component.
Take advantage of Logging Analytics pre-built machine learning algorithms to view behavior over time of key CPQ metrics including:
- Number of concurrent users
- Average response time
- Frequency of Model actions
CPQ admins can now leverage the parsing and data enrichment including Geolocation and Threat Scores for public IPs that come pre-configured in the integration to set up alerts that keep the team informed of any performance threats or degradations so that any incident is handled quickly.
Logging Analytics enables analysis of long-term performance trends, user activity analysis, and object changes through its Log Explorer interactive analytics interface. CPQ admins can leverage these interactive tools to identify trends and perform root cause analysis.
When emergencies occur, ensure that your team is immediately aware of the issue and are given both data and context to be able to solve it as quickly as possible. OCI Logging Analytics allows you to specify alerts that can be configured based on event criteria thresholds you configure and broadcast to your team.
Resource Manager is an Oracle Cloud Infrastructure service that allows you to automate the process of provisioning your Oracle Cloud Infrastructure resources. Using Terraform, Resource Manager helps you install, configure, and manage resources through the "infrastructure-as-code" model.
A Terraform configuration codifies your infrastructure in declarative configuration files. Resource Manager allows you to share and manage infrastructure configurations and state files across multiple teams and platforms. This infrastructure management can't be done with local Terraform installations and Oracle Terraform modules alone
Oracle Logging Analytics is a cloud solution in Oracle Cloud Infrastructure that lets you index, enrich, aggregate, explore, search, analyze, correlate, visualize, and monitor all log data from your applications and system infrastructure.
Oracle CPQ is a cloud-based application that helps sellers configure the right mix of products or services and create accurate, professional quotes to quickly meet their customers’ pricing needs.
Oracle CPQ logs all user actions including logins, logouts, commerce and configuration actions. Each of these events capture elapsed server and browser times to complete which make the log essential in troubleshooting performance issues. CPQ admins can view the performance log in the UI Designer, but potentially more useful, you can also view log entries and download logs using the CPQ REST APIs. This integration uses these APIs to script downloading logs to ingest them into the OCI Observability and Management Logging Analytics service.
When you sign up for an Oracle Cloud Infrastructure account, you’re assigned a secure and isolated partition within the cloud infrastructure called a tenancy. The tenancy is a logical concept and you can think of it as a root container where you create, organize, and administer your cloud resources.
The second logical concept used for organizing and controlling access to cloud resources is compartments. A compartment is a collection of related cloud resources.Every time you create a cloud resource, you must specify the compartment that you want the resource to belong to.
Ensure you have access to a compartment in your tenancy as well as the following services:
Follow the instructions in the Oracle Cloud Infrastructure Logging Analytics Quick Start Guide to enable the Logging Analytics service in your compartment.
The integration leverages Oracle CPQ REST APIs to retrieve event log data. In order to make REST HTTP requests, you need to gather a few bits of information, including:
- Oracle CPQ host name, ie. example.oracle.com
- User name and password. Oracle CPQ service user with permissions to access REST API resources.
You can find the REST Server URL, user name, and password in the welcome email sent to your Oracle CPQ service administrator.
Follow the instructions to create a stack from a zip file
- Open the navigation menu and click Developer Services. Under Resource Manager, click Stacks.
- Choose a compartment that you have permission to work in.
- Click Create stack.
- In the Create stack page, under Choose the origin of the Terraform configuration, select My configuration.
- Under Stack configuration, select .Zip file.
- Drag and drop a .zip file onto the dialog's control or click Browse and navigate to the location of the .zip file you want. The dialog box is populated with information contained in the Terraform configuration.
- Fill in the remaining fields.
- Review and click Create to create your stack.
Use the oci resource-manager stack create command and required parameters to create a stack from a local zip file.
Example request:
oci resource-manager stack create --compartment-id ${compartment.ocid} --config-source ${zipfile} --variables file://variables.json --display-name "CPQ Logging Analytics Integration Stack" --description "Automate Logging Analytics and CPQ reporting setup in your OCI compartment" --working-directory ""
Note, the variables parameter allows you to pass through Terraform variables associated with this resource. Example: {"vcn_cidr_block": "10.0.0.0/16"} This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.
When you run an apply job for a stack, Terraform provisions the resources and executes the actions defined in your Terraform configuration, applying the execution plan to the associated stack to create your Oracle Cloud Infrastructure resources. We recommend running a plan job (generating an execution plan) before running an apply job.
- Open the navigation menu and click Developer Services. Under Resource Manager, click Stacks.
- Choose a compartment that you have permission to work in.
- Click the name of the stack that you want. The Stack details page opens.
- Click Apply.
Use the oci resource-manager job create-apply-job command and required parameters to run an apply job.
Example request using automatically approve option:
oci resource-manager job create-apply-job --execution-plan-strategy AUTO_APPROVED --stack-id ${stack.ocid}
This project includes a number of Python scripts that can be run and tested locally.
Creating a Python virtual environment allows you to manage dependencies separately for your different projects, preventing conflicts and maintaining cleaner setups. To create and activate a virtual environment:
virtualenv <environment name>
source <environment name>/bin/activateFor example:
virtualenv blogs_analysis_env
source blogs_analysis/bin/activate
pip install -r requirements.txtThe integration uses the continuous REST API log collection feature of Logging Analytics, which is recommended for automating log collection from services like Oracle CPQ that emit logs through an API.
Continuous log collection is controlled by a Management Agent running as a plugin on a compute instance. To learn more about how Management Agents work, see the post Demystifying Logging and Monitoring Agent Types in OCI Observability and Management.
The compute instance which the stack will create contains a cloud-init script. Cloud-init is the industry standard multi-distribution method for cross-platform cloud instance initialisation and provides the necessary glue between launching a cloud instance and configuring the Management Agent plugin so that it works as expected.
The cloud-init script will initialize the Management Agent for use of the Logging Analytics (logan) plugin on the newly created compute instance by adding CPQ BasicAuth credentials to the Management Agent wallet.
The following resources are created in the specified compartment.
Network resources include a Virtual Cloud Network (VCN), public and private subnets, and the corresponding route table, internet gateway and security list. Security list ingress rules allow traffic on port 22 for SSH access to the compute instance.
| Name | Type | Description |
|---|---|---|
| vcn-oci-server | oci_core_vcn | Virtual Cloud Network (VCN) in specified compartment. See VCNs and Subnets |
| public-subnet-vcn-oci-server | oci_core_subnet | Public subnet resource in the specified VCN |
| private-subnet-vcn-oci-server | oci_core_subnet | Private subnet resource in the specified VCN |
| ig-vcn-oci-server | oci_core_internet_gateway | Internet gateway resource in the specified VCN |
| routetable-vcn-oci-server | oci_core_route_table | Route table resource in the specified VCN |
| seclist-vcn-oci-server | oci_core_security_list | Security list resource in the specified VCN see Security Lists |
Compute resources include the compute instance with the "Management Agent" plugin enabled for REST API log collection.
| Name | Type | Description |
|---|---|---|
| mgmtagent_instance | oci_core_instance | Compute instance resource in the specified compartment. |
Management Agent resources include the Logging Analytics (logan) plugin which uses the credentials in its wallet to authenticate with the CPQ REST API when collecting logs.
| Name | Type | Description |
|---|---|---|
| logan_management_agent | oci_management_agent_management_agent | Management Agent resource in the specified compartment. |
Logging Analytics resources include the entity, log groups, sources, and parsers.
| Name | Type | Description |
|---|---|---|
| logan_entity | oci_log_analytics_log_analytics_entity | Entity resource in the specified compartment which links the Management Agent to log sources. |
| logan_log_group | oci_log_analytics_log_analytics_log_group | Logical location where logs are stored in the specified compartment. |
| cpq_sources | oci_log_analytics_log_analytics_import_custom_content | Imports the specified custom content including log sources and parsers from the input in zip format. |
Management Dashboards, part of OCI Observability & Management, allow you to build performance monitoring, diagnosis and data analysis solutions and consist of query-based widgets, which are a single data visualization for one type of resource.
| Name | Type | Description |
|---|---|---|
| cpq_dashboards | oci_management_dashboard_management_dashboards_import | Imports an array of dashboards and their saved searches in the specified compartment. |
There are a number of variables that are employed by the stack.
| Name | Description | Default Value |
|---|---|---|
| tenancy_ocid | Tenancy OCID | Automatically populated by OCI. See Terraform Configurations for Resource Manager |
| region | Region name | Automatically populated by OCI. See Terraform Configurations for Resource Manager |
| compartment_ocid | Compartment OCID | Automatically populated by OCI. See Terraform Configurations for Resource Manager |
| ssh_public_key | SSH public Key used to login to compute instance | |
| vcn_ocid | Virtual cloud network OCID | |
| public_subnet_ocid | Public subnet OCID | |
| cpq_logan_prefix | CPQ-Logging Analytics resource prefix | |
| cpq_host | CPQ host name | |
| cpq_version | CPQ API Version | |
| cpq_username | CPQ Username | |
| cpq_pwd | CPQ Password | |
| ad | Availability domain to deploy resources | 1 |
| image_operating_system | Compute image operating system | Oracle Linux |
| image_operating_system_version | Compute image operating system version | 9 |
| instance_shape | Compute image shape | VM.Standard.E2.1 |
| num_iterations | Number of iterations to wait for CPQ credentials to be added to agent wallet | 10 |
| wait_duration | Wait duration per iteration for CPQ credentials to be added to agent wallet | 50 |
| dashboard_files | Dashboard JSON files list |
The cloud-init script will take the following actions. You can see cloud-init output logs at var/log/cloud-init-output.log.
Check progress in Linux 7.9 using sudo grep cloud-init /var/log/messages
- Add CPQ authentication credentials to management agent wallet specified by
cpq_usernameandcpq_pwd. - Create credentials json file. After deploying plug-ins on a Management Agent, configure source credentials to allow the agent to collect data from different sources See examples of Logging Analytics Credential JSON files.
{
"source":"lacollector.la_rest_api",
"name":"${cpq_cred_name}",
"type":"HTTPSBasicAuthCreds",
"description":"These are CPQ BasicAuth credentials.",
"properties":
[
{ "name":"HTTPSUserName", "value":"CLEAR[${cpq_username}]" },
{ "name":"HTTPSPassword", "value":"CLEAR[${cpq_pwd}]" }
]
}- Update credentials calling
credential_mgmt.shwithupsertCredentialsargument and credentials JSON file. - Check response if credentials script is available and management agent installed.
- Delete credentials json file when complete.
As a prerequisite to running this integration, perform these configuration tasks in your OCI tenancy.
-
Identify OCI Compartments to Place the Logging Analytics Resources
-
Create User Groups to Implement Access Control
It is recommended that you create the user groups similar to the following examples to get started:
- Logging-Analytics-Users: The users that you add to this group will be able to query the logs and see various configurations. However, they cannot enable or disable log collection, change configurations, or delete logs.
- Logging-Analytics-Admins: The users that you add to this group will have Logging-Analytics-Users privileges and additionally can create or edit sources, parsers, entities, and log groups. These users can also enable or disable log collection. However, they cannot purge logs.
- Logging-Analytics-SuperAdmins: The users in this group have the privileges of Logging-Analytics-Admins and can additionally perform lifecycle activities such as onboarding and offboarding from Oracle Logging Analytics, and purging logs.
-
Allow Continuous Log Collection Using Management Agents
- Create a dynamic group for the Management Agent if it already doesn't exist, for example
Management-Agent-Dynamic-Group. See allow continuous log collection using management agent dynamic groups
ALL {resource.type='managementagent', resource.compartment.id='<management_agent_compartment_OCID>'}Create IAM policies for
Management-Agent-Dynamic-Groupto enable log collection and metrics generation:ALLOW DYNAMIC-GROUP Management-Agent-Dynamic-Group TO USE METRICS IN TENANCYALLOW DYNAMIC-GROUP Management-Agent-Dynamic-Group TO {LOG_ANALYTICS_LOG_GROUP_UPLOAD_LOGS} IN TENANCY - Create a dynamic group for the Management Agent if it already doesn't exist, for example
You can review and troubleshoot typical issues and resolutions related to the Management Agents service, such as installing, and deinstalling with Management Agents.
- Generate Management Agent diagnostic support bundle
sudo -u oracle-cloud-agent /var/lib/oracle-cloud-agent/plugins/oci-managementagent/polaris/agent_inst/bin/generateDiagnosticBundle.sh
- Check agent wallet contents
sudo -u oracle-cloud-agent bash /var/lib/oracle-cloud-agent/plugins/oci-managementagent/polaris/agent_inst/bin/credential_mgmt.sh -s logan -o listCredentials
- View agent log directory
cd /var/lib/oracle-cloud-agent/plugins/oci-managementagent/polaris/agent_inst/log
tail mgmt_agent_logan.log
- View agent configuration directory
cd /var/lib/oracle-cloud-agent/plugins/oci-managementagent/polaris/agent_inst/config
- View agent utilities directory
cd /var/lib/oracle-cloud-agent/plugins/oci-managementagent/polaris/agent_inst/bin
This project welcomes contributions from the community. Before submitting a pull request, please review our contribution guide
Please consult the security guide for our responsible security vulnerability disclosure process
Copyright (c) 2025, Oracle and/or its affiliates. Released under the Universal Permissive License v1.0 as shown at https://oss.oracle.com/licenses/upl/.
Developers choosing to distribute a binary implementation of this project are responsible for obtaining and providing all required licenses and copyright notices for the third-party code used in order to ensure compliance with their respective open source licenses.