stackitcloud
diff --git a/‎docs/data-sources/observability_alertgroup.md
+2-2 b/‎docs/data-sources/observability_alertgroup.md
+2-2
diff --git a/‎docs/data-sources/observability_logalertgroup.md
+47 b/‎docs/data-sources/observability_logalertgroup.md
+47
diff --git a/‎docs/guides/ske_log_alerts.md
+199 b/‎docs/guides/ske_log_alerts.md
+199
diff --git a/‎docs/resources/observability_alertgroup.md
+2-2 b/‎docs/resources/observability_alertgroup.md
+2-2
diff --git a/‎docs/resources/observability_logalertgroup.md
+80 b/‎docs/resources/observability_logalertgroup.md
+80
diff --git a/‎examples/data-sources/stackit_observability_logalertgroup/data-source.tf
+5 b/‎examples/data-sources/stackit_observability_logalertgroup/data-source.tf
+5
diff --git a/‎examples/resources/stackit_observability_logalertgroup/resource.tf
+32 b/‎examples/resources/stackit_observability_logalertgroup/resource.tf
+32
@@ -3,12 +3,12 @@
 page_title: "stackit_observability_alertgroup Data Source - stackit"
 subcategory: ""
 description: |-
-  Observability alert group resource schema. Must have a region specified in the provider configuration.
+  Observability alert group datasource schema. Used to create alerts based on metrics (Thanos). Must have a region specified in the provider configuration.
 ---
 
 # stackit_observability_alertgroup (Data Source)
 
-Observability alert group resource schema. Must have a `region` specified in the provider configuration.
+Observability alert group datasource schema. Used to create alerts based on metrics (Thanos). Must have a `region` specified in the provider configuration.
 
 ## Example Usage
 
 
@@ -0,0 +1,47 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "stackit_observability_logalertgroup Data Source - stackit"
+subcategory: ""
+description: |-
+  Observability log alert group datasource schema. Used to create alerts based on logs (Loki). Must have a region specified in the provider configuration.
+---
+
+# stackit_observability_logalertgroup (Data Source)
+
+Observability log alert group datasource schema. Used to create alerts based on logs (Loki). Must have a `region` specified in the provider configuration.
+
+## Example Usage
+
+```terraform
+data "stackit_observability_logalertgroup" "example" {
+  project_id  = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  instance_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  name        = "example-log-alert-group"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `instance_id` (String) Observability instance ID to which the log alert group is associated.
+- `name` (String) The name of the log alert group. Is the identifier and must be unique in the group.
+- `project_id` (String) STACKIT project ID to which the log alert group is associated.
+
+### Read-Only
+
+- `id` (String) Terraform's internal resource ID. It is structured as "`project_id`,`instance_id`,`name`".
+- `interval` (String) Specifies the frequency at which rules within the group are evaluated. The interval must be at least 60 seconds and defaults to 60 seconds if not set. Supported formats include hours, minutes, and seconds, either singly or in combination. Examples of valid formats are: '5h30m40s', '5h', '5h30m', '60m', and '60s'.
+- `rules` (Attributes List) (see [below for nested schema](#nestedatt--rules))
+
+<a id="nestedatt--rules"></a>
+### Nested Schema for `rules`
+
+Read-Only:
+
+- `alert` (String) The name of the alert rule. Is the identifier and must be unique in the group.
+- `annotations` (Map of String) A map of key:value. Annotations to add or overwrite for each alert
+- `expression` (String) The LogQL expression to evaluate. Every evaluation cycle this is evaluated at the current time, and all resultant time series become pending/firing alerts.
+- `for` (String) Alerts are considered firing once they have been returned for this long. Alerts which have not yet fired for long enough are considered pending. Default is 0s
+- `labels` (Map of String) A map of key:value. Labels to add or overwrite for each alert
@@ -0,0 +1,199 @@
+---
+page_title: "SKE Log Alerts with STACKIT Observability"
+---
+# SKE Log Alerts with STACKIT Observability
+
+## Overview
+
+This guide walks you through setting up log-based alerting in STACKIT Observability using Promtail to ship Kubernetes logs.
+
+1. **Set Up Providers**
+
+   Begin by configuring the STACKIT and Kubernetes providers to connect to the STACKIT services.
+
+   ```hcl
+   provider "stackit" {
+     region = "eu01"
+   }
+
+   provider "kubernetes" {
+     host                   = yamldecode(stackit_ske_kubeconfig.example.kube_config).clusters.0.cluster.server
+     client_certificate     = base64decode(yamldecode(stackit_ske_kubeconfig.example.kube_config).users.0.user.client-certificate-data)
+     client_key             = base64decode(yamldecode(stackit_ske_kubeconfig.example.kube_config).users.0.user.client-key-data)
+     cluster_ca_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.example.kube_config).clusters.0.cluster.certificate-authority-data)
+   }
+
+   provider "helm" {
+     kubernetes {
+       host                   = yamldecode(stackit_ske_kubeconfig.example.kube_config).clusters.0.cluster.server
+       client_certificate     = base64decode(yamldecode(stackit_ske_kubeconfig.example.kube_config).users.0.user.client-certificate-data)
+       client_key             = base64decode(yamldecode(stackit_ske_kubeconfig.example.kube_config).users.0.user.client-key-data)
+       cluster_ca_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.example.kube_config).clusters.0.cluster.certificate-authority-data)
+     }
+   }
+   ```
+
+2. **Create SKE Cluster and Kubeconfig Resource**
+
+   Set up a STACKIT SKE Cluster and generate the associated kubeconfig resource.
+
+   ```hcl
+   resource "stackit_ske_cluster" "example" {
+     project_id         = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+     name               = "example"
+     kubernetes_version = "1.31"
+     node_pools = [
+       {
+         name               = "standard"
+         machine_type       = "c1.4"
+         minimum            = "3"
+         maximum            = "9"
+         max_surge          = "3"
+         availability_zones = ["eu01-1", "eu01-2", "eu01-3"]
+         os_version_min     = "4081.2.1"
+         os_name            = "flatcar"
+         volume_size        = 32
+         volume_type        = "storage_premium_perf6"
+       }
+     ]
+     maintenance = {
+       enable_kubernetes_version_updates    = true
+       enable_machine_image_version_updates = true
+       start                                = "01:00:00Z"
+       end                                  = "02:00:00Z"
+     }
+   }
+
+   resource "stackit_ske_kubeconfig" "example" {
+     project_id   = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+     cluster_name = stackit_ske_cluster.example.name
+     refresh      = true
+   }
+   ```
+
+3. **Create Observability Instance and Credentials**
+
+   Establish a STACKIT Observability instance and its credentials to handle alerts.
+
+   ```hcl
+   locals {
+     alert_config = {
+       route = {
+         receiver        = "EmailStackit",
+         repeat_interval = "1m",
+         continue        = true
+       }
+       receivers = [
+         {
+           name = "EmailStackit",
+           email_configs = [
+             {
+               to = "<email>"
+             }
+           ]
+         }
+       ]
+     }
+   }
+
+   resource "stackit_observability_instance" "example" {
+     project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+     name       = "example"
+     plan_name  = "Observability-Large-EU01"
+     alert_config = local.alert_config
+   }
+
+   resource "stackit_observability_credential" "example" {
+     project_id  = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+     instance_id = stackit_observability_instance.example.instance_id
+   }
+   ```
+
+4. **Install Promtail**
+
+   Deploy Promtail via Helm to collect logs and forward them to the STACKIT Observability Loki endpoint.
+
+   ```hcl
+   resource "helm_release" "promtail" {
+     name       = "promtail"
+     repository = "https://grafana.github.io/helm-charts"
+     chart      = "promtail"
+     namespace  = kubernetes_namespace.monitoring.metadata.0.name
+     version    = "6.16.4"
+
+     values = [
+       <<-EOF
+       config:
+         clients:
+         # Loki push url is available in the dashboard
+         - url: "https://${stackit_observability_credential.example.username}:${stackit_observability_credential.example.password}@<your-loki-push-url>/instances/${stackit_observability_instance.example.instance_id}/loki/api/v1/push"
+       EOF
+     ]
+   }
+   ```
+
+5. **Create Alert Group**
+
+   Create a log alert that triggers when a specific pod logs an error message.
+
+   ```hcl
+   resource "stackit_observability_logalertgroup" "example" {
+     project_id  = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+     instance_id = stackit_observability_instance.example.instance_id
+     name        = "TestLogAlertGroup"
+     interval    = "60m"
+     rules = [
+       {
+         alert      = "SimplePodLogAlertCheck"
+         expression = "sum(rate({namespace=\"example\", pod=\"logger\"} |= \"Simulated error message\" [1m])) > 0"
+         for        = "60s"
+         labels = {
+           severity = "critical"
+         },
+         annotations = {
+           summary : "Test Log Alert is working"
+           description : "Test Log Alert"
+         },
+       },
+     ]
+   }
+   ```
+
+6. **Deploy Test Pod**
+
+   Launch a pod that emits simulated error logs. This should trigger the alert if everything is set up correctly.
+
+   ```hcl
+   resource "kubernetes_namespace" "example" {
+     metadata {
+       name = "example"
+     }
+   }
+
+   resource "kubernetes_pod" "logger" {
+     metadata {
+       name      = "logger"
+       namespace = kubernetes_namespace.example.metadata[0].name
+       labels = {
+         app = "logger"
+       }
+     }
+
+     spec {
+       container {
+         name  = "logger"
+         image = "bash"
+         command = [
+           "bash",
+           "-c",
+           <<EOF
+           while true; do
+             sleep $(shuf -i 1-3 -n 1)
+             echo "ERROR: $(date) - Simulated error message $(shuf -i 1-100 -n 1)" 1>&2
+           done
+           EOF
+         ]
+       }
+     }
+   }
+   ```
@@ -3,12 +3,12 @@
 page_title: "stackit_observability_alertgroup Resource - stackit"
 subcategory: ""
 description: |-
-  Observability alert group resource schema. Must have a region specified in the provider configuration.
+  Observability alert group resource schema. Used to create alerts based on metrics (Thanos). Must have a region specified in the provider configuration.
 ---
 
 # stackit_observability_alertgroup (Resource)
 
-Observability alert group resource schema. Must have a `region` specified in the provider configuration.
+Observability alert group resource schema. Used to create alerts based on metrics (Thanos). Must have a `region` specified in the provider configuration.
 
 ## Example Usage
 
 
@@ -0,0 +1,80 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "stackit_observability_logalertgroup Resource - stackit"
+subcategory: ""
+description: |-
+  Observability log alert group resource schema. Used to create alerts based on logs (Loki). Must have a region specified in the provider configuration.
+---
+
+# stackit_observability_logalertgroup (Resource)
+
+Observability log alert group resource schema. Used to create alerts based on logs (Loki). Must have a `region` specified in the provider configuration.
+
+## Example Usage
+
+```terraform
+resource "stackit_observability_logalertgroup" "example" {
+  project_id  = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  instance_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  name        = "example-log-alert-group"
+  interval    = "60m"
+  rules = [
+    {
+      alert      = "example-log-alert-name"
+      expression = "sum(rate({namespace=\"example\", pod=\"logger\"} |= \"Simulated error message\" [1m])) > 0"
+      for        = "60s"
+      labels = {
+        severity = "critical"
+      },
+      annotations = {
+        summary : "example summary"
+        description : "example description"
+      }
+    },
+    {
+      alert      = "example-log-alert-name-2"
+      expression = "sum(rate({namespace=\"example\", pod=\"logger\"} |= \"Another error message\" [1m])) > 0"
+      for        = "60s"
+      labels = {
+        severity = "critical"
+      },
+      annotations = {
+        summary : "example summary"
+        description : "example description"
+      }
+    },
+  ]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `instance_id` (String) Observability instance ID to which the log alert group is associated.
+- `name` (String) The name of the log alert group. Is the identifier and must be unique in the group.
+- `project_id` (String) STACKIT project ID to which the log alert group is associated.
+- `rules` (Attributes List) Rules for the log alert group (see [below for nested schema](#nestedatt--rules))
+
+### Optional
+
+- `interval` (String) Specifies the frequency at which rules within the group are evaluated. The interval must be at least 60 seconds and defaults to 60 seconds if not set. Supported formats include hours, minutes, and seconds, either singly or in combination. Examples of valid formats are: '5h30m40s', '5h', '5h30m', '60m', and '60s'.
+
+### Read-Only
+
+- `id` (String) Terraform's internal resource ID. It is structured as "`project_id`,`instance_id`,`name`".
+
+<a id="nestedatt--rules"></a>
+### Nested Schema for `rules`
+
+Required:
+
+- `alert` (String) The name of the alert rule. Is the identifier and must be unique in the group.
+- `expression` (String) The LogQL expression to evaluate. Every evaluation cycle this is evaluated at the current time, and all resultant time series become pending/firing alerts.
+
+Optional:
+
+- `annotations` (Map of String) A map of key:value. Annotations to add or overwrite for each alert
+- `for` (String) Alerts are considered firing once they have been returned for this long. Alerts which have not yet fired for long enough are considered pending. Default is 0s
+- `labels` (Map of String) A map of key:value. Labels to add or overwrite for each alert
@@ -0,0 +1,5 @@
+data "stackit_observability_logalertgroup" "example" {
+  project_id  = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  instance_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  name        = "example-log-alert-group"
+}
@@ -0,0 +1,32 @@
+resource "stackit_observability_logalertgroup" "example" {
+  project_id  = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  instance_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  name        = "example-log-alert-group"
+  interval    = "60m"
+  rules = [
+    {
+      alert      = "example-log-alert-name"
+      expression = "sum(rate({namespace=\"example\", pod=\"logger\"} |= \"Simulated error message\" [1m])) > 0"
+      for        = "60s"
+      labels = {
+        severity = "critical"
+      },
+      annotations = {
+        summary : "example summary"
+        description : "example description"
+      }
+    },
+    {
+      alert      = "example-log-alert-name-2"
+      expression = "sum(rate({namespace=\"example\", pod=\"logger\"} |= \"Another error message\" [1m])) > 0"
+      for        = "60s"
+      labels = {
+        severity = "critical"
+      },
+      annotations = {
+        summary : "example summary"
+        description : "example description"
+      }
+    },
+  ]
+}