IBM Cloud Docs
Activity Tracker events

Activity Tracker events

Gen 2

Use the IBM® Cloud Logs service to track how users and applications interact with the Event Streams service on the various Event Streams service plans in IBM Cloud®.

The IBM Cloud Logs service records user-initiated activities that change the state of a service in IBM Cloud. For more information, see IBM Cloud Logs.

Events are formatted according to the Cloud Auditing Data Federation (CADF) standard. For further details of the information they include, see CADF standard.

Topic events

Event Streams instances that are on the Enterprise plans or the Standard plan automatically generate topic events.

The following table lists the topic events:

Event Streams topic events
Action Description
event-streams.topic.create An event is created when you create a topic.
event-streams.topic.delete An event is created when you delete a topic.
event-streams.topic.update An event is created when you update a topic's configuration or increase partitions.

Additional information about topic configuration is logged in the update and delete events, for example partitions, retentionMs, and segmentMs.

Message audit events

You can enable message audit events on a per topic basis for Event Streams instances that are on the Enterprise Gen2 plan. Also, see How to enable message audit events.

The following table lists the message audit events:

Event Streams message events
Action Description
event-streams.message.read An event is created when message audit is enabled on a topic and a consumer is reading data from the topic.
event-streams.message.write An event is created when message audit is enabled on a topic and a producer is writing data to the topic.
event-streams.message.delete An event is created when message audit is enabled on a topic and records are deleted from the topic. Records deletion because of retention policy does not generate.

Event Streams can sustain high request rates, so not every request triggers an event. Instead, events are aggregated by initiator (user ID or service ID), host (IP address), operation (read, write, delete), outcome (success or failure), and topic over a 1-hour period.

Other events

Event Streams instances that are on the Enterprise Gen2 plan automatically generate events so that you can track activity on your service.

Event Streams events
Action Description
event-streams.storage-key.read Key management events are now created by the underlying block storage, which are described here.
event-streams.storage-key.update Key management events are now created by the underlying block storage, which are described here.

Where to view the events

IBM Cloud Logs events are available in the IBM Cloud Logs account domain that is available in the IBM Cloud location (region) where the events are generated.

Events that are generated by an instance of the Event Streams service are automatically forwarded to the IBM Cloud Logs service instance that is available in the same location.

IBM Cloud Logs can have only one instance per location. To view events, you must access the web UI of the IBM Cloud Logs service in the same location where your service instance is available. For more information, see Launch the Cloud Logs UI.

How to enable message audit events

Message audit events can be enabled on a per topic basis. To do so, complete the following steps:

  1. Install Event Streams CLI plug-in v2.3 or later:

    ibmcloud plugin install event-streams

  2. Enable message audit on an existing topic:

    ibmcloud es topic-update <topic-name> --config message.audit.enable=true

    Or create a new topic with message audit enabled:

    ibmcloud es topic-create <topic-name> --partitions <number-of-partitions> --config message.audit.enable=true

After the topic's message audit config is updated, it takes about 5 minutes for message audit events to show up in Activity Tracker.

Additionally, be aware of the implications of enabling message audit events:

  1. An internal Kafka topic is used for streaming events to IBM Cloud Logs, thus it uses a small amount of the cluster's network bandwidth and storage. Typically throughput is less than 1 KB/s, and storage does not exceed 1 GB.

  2. Because more events are sent to IBM Cloud Logs, enabling message audit events incurs extra storage costs for IBM Cloud Logs. Each event's size is about 1 KB, see the following rough estimation of how much storage it takes. Assuming that the cluster has 100 topics, each topic has 10 clients actively producing and consuming, and each client runs on three different locations. It then generates 100x10x3=3000 events per hour, so 2 GB per month.