Excluding ingestion data by using exclusion rules
In an IBM Cloud Activity Tracker instance, you can configure exclusion rules through the UI to stop events from counting against your data usage quota and from being stored for search.
As of 28 March 2024 the IBM Log Analysis and IBM Cloud Activity Tracker services are deprecated and will no longer be supported as of 30 March 2025. Customers will need to migrate to IBM Cloud Logs, which replaces these two services, prior to 30 March 2025. For information about IBM Cloud Logs, see the IBM Cloud Logs documentation.
Prereqs
You must have manager access to define exclusion rules.
Configuring an exclusion rule through the UI
Complete the following steps to define an exclusion rule:
Verify that each exclusion rule that you add behaves as expected. Improper configured exclusion rules can result in storing data not intended for storage.
-
Select the Settings icon . Then select Usage > Exclusion Rules.
-
Select Add Rule. The Create Rule section opens.
-
Enter a name for the rule in the section What is this rule for?.
-
Enter the exclusion criteria. You can select 1 or more hosts, 1 or more apps, enter a query, or a combination of hosts, apps and query.
For example, to exclude all the lines from a specific host, select that host and leave the apps and query fields blank. A host represents a service or resource.
You can enter a query to define the exclusion rule, or to refine the exclusion rule when you specify a host, an app, or both.
-
Select Preserve these lines for live-tail and alerting to show through the live tail the log lines that are excluded. Notice that you can still use these log lines to set up an alert.
-
Click Save.
-
After you configure an exclusion rule, verify that the exclusion rule behaves as you expect.
Check the query in a custom view by entering the search criteria in the search bar of the Everything view, and validating that the data that is displayed is the data that you want excluded.