Activity tracking events for IBM Cloud Logs
IBM Cloud services, such as IBM Cloud Logs, generate activity tracking events.
Activity tracking events report on activities that change the state of a service in IBM Cloud. You can use the events to investigate abnormal activity and critical actions and to comply with regulatory audit requirements.
You can use IBM Cloud Activity Tracker Event Routing, a platform service, to route auditing events in your account to destinations of your choice by configuring targets and routes that define where activity tracking events are sent. For more information, see About IBM Cloud Activity Tracker Event Routing.
You can use IBM Cloud Logs to visualize and alert on events that are generated in your account and routed by IBM Cloud Activity Tracker Event Routing to an IBM Cloud Logs instance.
Locations where activity tracking events are generated
IBM Cloud Logs sends activity tracking events by IBM Cloud Activity Tracker Event Routing in the regions that are indicated in the following table.
Dallas (us-south) |
Washington (us-east) |
Toronto (ca-tor) |
Sao Paulo (br-sao) |
|---|---|---|---|
| Yes | Yes | Yes | Yes |
Tokyo (jp-tok) |
Sydney (au-syd) |
Osaka (jp-osa) |
Chennai (in-che) |
|---|---|---|---|
| Yes | Yes | Yes | No |
Frankfurt (eu-de) |
London (eu-gb) |
Madrid (eu-es) |
|---|---|---|
| Yes | Yes | Yes |
Viewing activity tracking events for IBM Cloud Logs
You can use IBM Cloud Logs to visualize and alert on events that are generated in your account and routed by IBM Cloud Activity Tracker Event Routing to an IBM Cloud Logs instance.
Launching IBM Cloud Logs from the Observability page
For information on launching the IBM Cloud Logs UI, see Launching the UI.
List of platform events
The following table lists the activity tracking event actions that the IBM Cloud platform generates when IBM Cloud Logs instances are processed.
| Action | Description |
|---|---|
logs.instance.create |
An event is generated when you provision a service instance. |
logs.instance.update |
An event is generated when you rename a service instance or when you change the service plan. |
logs.instance.delete |
An event is generated when a service instance is deleted. |
logs.instance.schedule_reclaim |
An event is generated when a service instance is pending_reclamation. |
logs.instance.restore |
An event is generated when a service instance is restored. |
Action events
The following table lists the action events that are generated by IBM Cloud Logs:
| Event | Description |
|---|---|
logs.action.list |
Reading actions configuration |
logs.action.update |
Updating actions configuration |
logs.action.delete |
Deleting actions configuration |
Alert events
The following table lists the alert events that are generated by IBM Cloud Logs:
| Event | Description |
|---|---|
logs.alert-config.list |
Listing alerts |
logs.alert-config.create |
Creating an alert |
logs.alert-config.update |
Updating an alert |
logs.alert-config.delete |
Deleting an alert |
logs.alert.snooze |
Snoozing or unsnoozing an alert |
Archive log events
The following table lists the archive log events that are generated by IBM Cloud Logs:
| Event | Description |
|---|---|
logs.archive-setup.get |
Run a query directly on the data bucket |
Benchmark events
The following table lists the benchmark events that are generated by IBM Cloud Logs:
| Event | Description |
|---|---|
logs.version-benchmark-tags.update |
Updating version benchmark tags |
logs.version-benchmark-tags.delete |
Deleting version benchmark tags |
Data access rule events
The following table lists the data access rule events that are generated by IBM Cloud Logs:
| Event | Description |
|---|---|
logs.data-access-rule.list |
Listing data access rules |
logs.data-access-rule.create |
Creating a data access rule |
logs.data-access-rule.update |
Updating a data access rule |
logs.data-access-rule.delete |
Deleting a data access rule |
Data usage events
The following table lists the data usage events that are generated by IBM Cloud Logs:
| Event | Description |
|---|---|
logs.data-usage.get |
Getting data usage for each requested day |
logs.data-usage-to-metrics.enable |
Enabling data usage to metrics |
logs.data-usage.export |
Exporting the data usage report |
The requestData.data.value field is set to false when the Enable data usage metrics toggle is disable in the UI.
Dashboard events
The following table lists the dashboard events that are generated by IBM Cloud Logs:
| Event | Description |
|---|---|
logs.dashboard.get |
Getting a dashboard |
logs.dashboard.pin |
Marking a dashboard as Favorite |
logs.dashboard.unpin |
Unmarking a dashboard as Favorite |
logs.dashboard.set-as-default |
Marking dashboard as Default |
logs.dashboard.create |
Creating a dashboard |
logs.dashboard.update |
Updating a dashboard |
logs.dashboard.delete |
Deleting a dashboard |
Enrichment events - listing
The following table lists the events that are generated by IBM Cloud Logs when listing enrichments:
| Event | Description |
|---|---|
logs.enrichment.list |
Listing the geo or custom enrichment configurations |
Enrichment events - custom enrichments
The following table lists the custom enrichment events that are generated by IBM Cloud Logs:
| Event | Description |
|---|---|
logs.custom-enrichment.overwrite |
Creating or updating the custom enrichment configuration |
logs.custom-enrichment-data.list |
Getting all custom enrichment data |
logs.custom-enrichment-data.create |
Creating a custom enrichment |
logs.custom-enrichment-data.update |
Updating a custom enrichment |
logs.custom-enrichment-data.delete |
Deleting a custom enrichment |
Enrichment events - geo enrichment
The following table lists the geo enrichment events that are generated by IBM Cloud Logs:
| Event | Description |
|---|---|
logs.geo-enrichment.create |
Creating a geo enrichment configuration |
logs.geo-enrichment.delete |
Deleting a geo enrichment configuration |
Events to Metrics events
The following table lists the Events to Metrics events that are generated by IBM Cloud Logs:
| Event | Description |
|---|---|
logs.events2metrics.list |
Listing the events2metrics configuration |
logs.events2metrics.create |
Creating the events2metrics configuration |
logs.events2metrics.update |
Updating the events2metrics configuration |
logs.events2metrics.delete |
Deleting the events2metrics configuration |
[*] Only generated via API.
Extension events
The following table lists the extension events that are generated by IBM Cloud Logs:
| Event | Description |
|---|---|
logs.extension.list |
Getting all extensions |
logs.extension.get |
Getting an extension by ID |
logs.extension.deploy |
Deploying an extension |
logs.extension.update |
Updating an extension |
logs.extension.undeploy |
Removing/undeploying an extension |
Folder events
The following table lists the folder events that are generated by IBM Cloud Logs:
| Event | Description |
|---|---|
logs.view-folder.list |
Listing the view folders |
logs.view-folder.get |
Getting the view folder |
logs.view-folder.create |
Creating the view folder |
logs.view-folder.update |
Updating the view folder |
logs.view-folder.delete |
Deleting the view folder |
Incident events
The following table lists the incident events that are generated by IBM Cloud Logs:
| Event | Description |
|---|---|
logs.incident.get |
Getting an incident |
logs.incident.list |
Listing incidents |
logs.incident.acknowledge |
Acknowledging an event in a triggered incident |
logs.incident.close |
Closing incidents |
LiveTail events
The following table lists the LiveTail events that are generated by IBM Cloud Logs:
| Event | Description |
|---|---|
logs.livetail.search |
Searching LiveTail data |
Log events
The following table lists the log events that are generated by IBM Cloud Logs:
| Event | Description |
|---|---|
logs.logs-data.search |
Searching logs data |
Logs Stream events
The following table lists the logs stream events that are generated by IBM Cloud Logs:
| Event | Description |
|---|---|
logs.logs-stream-setup.list |
Listing logs stream |
Outbound Integrations events
The following table lists the outbound integrations events that are generated by IBM Cloud Logs:
| Event | Description |
|---|---|
logs.webhook.list |
Listing webhook outbound integrations |
logs.webhook.get |
Getting webhook outbound integrations |
logs.webhook.create |
Creating webhook outbound integrations |
logs.webhook.update |
Updating webhook outbound integrations |
logs.webhook.delete |
Deleting webhook outbound integrations |
logs.webhook.test |
Testing webhook outbound integrations |
Parsing rule events
The following table lists the parsing rule events that are generated by IBM Cloud Logs:
| Event | Description |
|---|---|
logs.parsing-rule.get |
Getting rule groups |
logs.parsing-rule.list |
Listing rule groups |
logs.parsing-rule.create |
Creating a rule group |
logs.parsing-rule.update |
Updating a rule group |
logs.parsing-rule.delete |
Deleting a rule group |
logs.parsing-rule.order |
Reordering the sequence of the rule groups |
Suppression Rule events
The following table lists the suppression rule events that are generated by IBM Cloud Logs:
| Event | Description |
|---|---|
logs.suppression-rule.list |
Listing suppression rules |
logs.suppression-rule.create |
Creating suppression rule |
logs.suppression-rule.update |
Updating suppression rule |
logs.suppression-rule.delete |
Deleting suppression rule |
TCO policy events
The following table lists the TCO policy events that are generated by IBM Cloud Logs:
| Event | Description |
|---|---|
logs.logs-tco-policy.get |
Getting a TCO policy |
logs.logs-tco-policy.create |
Creating a TCO policy |
logs.logs-tco-policy.update |
Updating a TCO policy |
logs.logs-tco-policy.list |
Listing TCO policies |
logs.logs-tco-policy.delete |
Deleting a TCO policy |
View events
The following table lists the view events that are generated by IBM Cloud Logs:
| Event | Description |
|---|---|
logs.view.list |
Listing views |
logs.view.get |
Viewing a views |
logs.view.create |
Creating a view |
logs.view.update |
Updating a view |
logs.view.delete |
Deleting a view |
The requestData.newValue.isPublic field is set to true for public views and false for private views.