Managing IBM Cloud Activity Tracker hosted event search targets
You can manage IBM Cloud® Activity Tracker Event Routing hosted event search targets in your account by using the IBM Cloud Activity Tracker Event Routing CLI, the IBM Cloud Activity Tracker Event Routing REST API, and Terraform scripts. A target is a resource where you can collect auditing events.
For more information on IBM Cloud Activity Tracker Event Routing targets, see Targets.
IAM Access
You must grant users IAM permissions to manage targets. For more information, see Assign access to resources.
When you define a policy, you can indicate the scope of the permissions. You can choose from granting permissions for a specific region or for the entire account.
If you have the IAM permission to create policies and authorizations, you can grant only the level of access that you have as a user of the target service. For example, if you have viewer access for the target service, you can assign only the viewer role for the authorization. If you attempt to assign a higher permission such as administrator, it might appear that permission is granted, however, only the highest level permission you have for the target service, that is viewer, will be assigned.
Users with regional scope will be limited to access targets in their authorized region.
IAM action | IAM Policy scope | IAM Roles | Description |
---|---|---|---|
atracker.target.read |
Region | Administrator Editor Viewer Operator |
Read (view) information about a target |
atracker.target.create |
Region | Administrator Editor |
Create a target |
atracker.target.update |
Region | Administrator Editor |
Update a target |
atracker.target.delete |
Region | Administrator Editor |
Delete a target |
atracker.target.list |
Account | Administrator Editor Viewer Operator |
List all targets |
CLI prerequisites
Before you use the CLI to manage targets, complete the following steps:
-
Log in to IBM Cloud. Run the following command: ibmcloud login
Creating an IBM Cloud Activity Tracker hosted event search offering target using the CLI
Use this command to create an IBM Cloud Activity Tracker hosted event search offering target to be used to configure a destination for activity events.
ibmcloud atracker target create --name TARGET_NAME --type TARGET_TYPE ( [--file LOGDNA_ENDPOINT_DEFINITION_JSON_FILE] | ( [--target-crn LOGDNA_TARGET_CRN] [--ingestion-key LOGDNA_INGESTION_KEY] ) ) [--region REGION] [--output FORMAT]
Command options
--region REGION
|-r REGION
-
Name of the region, for example,
us-south
oreu-gb
. If not specified, the region logged into, or targeted, will be used. --name TARGET_NAME
-
The name to be given to the target.
Do not include any personal identifying information (PII) in any resource names.
--type TARGET_TYPE
-
Set the
TARGET_TYPE
tologdna
for an IBM Cloud Activity Tracker hosted event search offering target. --file @LOGDNA_ENDPOINT_DEFINITION_JSON_FILE
-
A file containing an endpoint definition in the following format:
{ "target_crn": "yyyyy", "ingestion_key": "xxxxxx" }
--target-crn LOGDNA_TARGET_CRN
-
The CRN of the IBM Cloud Activity Tracker hosted event search offering instance.
--ingestion-key LOGDNA_INGESTION_KEY
-
LOGDNA_INGESTION_KEY
is the ingestion key that will be used to gain access to the IBM Cloud Activity Tracker Event Routing instance. --output FORMAT
-
Currently support format is JSON. If specified, output will be returned in JSON format. If
JSON
is not specified, output will be returned in a tabular format. help
|--help
|-h
-
List options available for the command.
Example
The following is an example using the ibmcloud atracker target create --name eu-de-logdna-target --type logdna --target-crn "crn:v1:bluemix:public:logdna:eu-de:a/11111111111111111111111111111111:22222222-2222-2222-2222-222222222222::" --ingestion-key xxxxxx
command.
This example shows an example successful target creation.
OK
Target
Name: eu-de-logdna-target
ID: cccccccc-cccc-cccc-cccc-cccccccccccc
CRN: crn:v1:bluemix:public:atracker:eu-de:a/11111111111111111111111111111111::target:cccccccc-cccc-cccc-cccc-cccccccccccc
Type: logdna
LogDNA Target CRN: crn:v1:bluemix:public:logdna:eu-de:a/11111111111111111111111111111111:22222222-2222-2222-2222-222222222222::
CreatedAt: 2022-05-06T18:59:26.760Z
UpdatedAt: 2022-05-06T18:59:26.760Z
Updating an IBM Cloud Activity Tracker hosted event search offering target using the CLI
Use this command to update an IBM Cloud Activity Tracker hosted event search offering target to be used to configure a destination for activity events.
ibmcloud atracker target update --target TARGET [--name TARGET_NAME] ( --file @LOGDNA_ENDPOINT_DEFINITION_JSON_FILE ) | (--target-crn LOGDNA_TARGET_CRN --ingestion-key LOGDNA_INGESTION_KEY ) [--region REGION] [--output FORMAT]
Command options
--target TARGET
-
The ID or current target name.
--region REGION
|-r REGION
-
Name of the region, for example,
us-south
oreu-gb
. If not specified, the region logged into, or targeted, will be used. --name TARGET_NAME
-
The name to be given to the target.
Do not include any personal identifying information (PII) in any resource names.
--file @LOGDNA_ENDPOINT_DEFINITION_JSON_FILE
-
A file containing an endpoint definition in the following format:
{ "target_crn": "yyyyy", "ingestion_key": "xxxxxx" }
--target-crn LOGDNA_TARGET_CRN
-
The CRN of the IBM Cloud Activity Tracker hosted event search offering instance.
--ingestion-key LOGDNA_INGESTION_KEY
-
LOGDNA_INGESTION_KEY
is the ingestion key for the IBM Cloud Activity Tracker Event Routing instance. --output FORMAT
-
Currently support format is JSON. If specified, output will be returned in JSON format. If
JSON
is not specified, output will be returned in a tabular format. help
|--help
|-h
-
List options available for the command.
Example
The following is an example using the ibmcloud atracker target update --name eu-de-logdna-target --target-crn "crn:v1:bluemix:public:logdna:eu-de:a/11111111111111111111111111111111:22222222-2222-2222-2222-222222222222::" --ingestion-key xxxxxx
command.
This example shows an example successful target update.
OK
Target
Name: eu-de-logdna-target
ID: cccccccc-cccc-cccc-cccc-cccccccccccc
CRN: crn:v1:bluemix:public:atracker:eu-de:a/11111111111111111111111111111111::target:cccccccc-cccc-cccc-cccc-cccccccccccc
Type: logdna
LogDNA Target CRN: crn:v1:bluemix:public:logdna:eu-de:a/11111111111111111111111111111111:22222222-2222-2222-2222-222222222222::
CreatedAt: 2022-05-06T18:59:26.760Z
UpdatedAt: 2022-05-06T19:16:50.090Z
Deleting a target using the CLI
Use this command to delete a target.
ibmcloud atracker target rm --target TARGET [--force]
Command options
--target TARGET
- The ID or name of the target.
--force
|-f
- Will delete the target without providing the user with any additional prompt.
help
|--help
|-h
- List options available for the command.
Example
The following is an example using the ibmcloud atracker target rm --target xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
command.
Are you sure you want to remove the target with target ID xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx? [y/N]>y
OK
Target with target ID xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx was successfully removed.
The following is an example using the ibmcloud atracker target rm --target xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -force
command.
This example shows a failed command where the specified target could not be found.
Are you sure you want to remove the Target bearing Target ID 33333333-3333-3333-3333-333333333333? [y/N]> y
FAILED
Something went wrong. Error:
Status Code: 404
Incident ID: 67a33257-d5a4-46ec-94d9-14eb70e94f3d
Code: not_found
Message: The target id specified in `target_id` field is not found.
Validating a target using the CLI
Use this command to validate that a target is correctly configured for an IBM Cloud Activity Tracker Event Routing region.
ibmcloud atracker target validate --target TARGET [--region REGION] [--output FORMAT]
Command options
--target TARGET
- The ID or name of the target.
--region REGION
|-r REGION
- Name of the region, for example,
us-south
oreu-gb
. If not specified, the region logged into, or targeted, will be used. --output FORMAT
- Currently support format is JSON. If specified, output will be returned in JSON format. If
JSON
is not specified, output will be returned in a tabular format. help
|--help
|-h
- List options available for the command.
Example
The following is an example using the ibmcloud atracker target validate --target new-target-name
command.
This example shows a successfully validated IBM Cloud Activity Tracker hosted event search target.
TBD
Getting information about a target using the CLI
Use this command to get information about a target for an IBM Cloud Activity Tracker Event Routing region.
ibmcloud atracker target get --target TARGET [--output FORMAT]
Command options
--target TARGET
- The ID or name of the target.
--output FORMAT
- Currently support format is JSON. If specified, output will be returned in JSON format. If
JSON
is not specified, output will be returned in a tabular format. help
|--help
|-h
- List options available for the command.
Example
The following is an example using the ibmcloud atracker target get --target new-target-name
command showing an IBM Cloud Activity Tracker hosted event search target.
OK
Target
Name: new-target-name
ID: cccccccc-cccc-cccc-cccc-cccccccccccc
CRN: crn:v1:bluemix:public:atracker:eu-de:a/11111111111111111111111111111111::target:cccccccc-cccc-cccc-cccc-cccccccccccc
Type: logdna
LogDNA Target CRN: crn:v1:bluemix:public:logdna:eu-de:a/11111111111111111111111111111111:22222222-2222-2222-2222-222222222222::
CreatedAt: 2022-05-06T18:59:26.760Z
UpdatedAt: 2022-05-06T19:16:50.090Z
Listing all targets in a region
Use this command to list the configured targets for an IBM Cloud Activity Tracker Event Routing region.
ibmcloud atracker target ls [--output FORMAT]
Command options
--output FORMAT
- Currently support format is JSON. If specified, output will be returned in JSON format. If
JSON
is not specified, output will be returned in a tabular format. help
|--help
|-h
- List options available for the command.
Example
The following is an example using the ibmcloud atracker target ls
command.
Name ID Region Type Created
test-eu-de-target xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx eu-de logdna 2022-02-26T06:53:13.466Z
API targets and actions
The following table lists the actions that you can run to manage targets:
Action | REST API Method | API_URL |
---|---|---|
Create a target | POST |
<ENDPOINT>/api/v2/targets |
Update a target | PUT |
<ENDPOINT>/api/v2/targets/<TARGET_ID> |
Delete a target | DELETE |
<ENDPOINT>/api/v2/targets/<TARGET_ID> |
Read a target | GET |
<ENDPOINT>/api/v2/targets/<TARGET_ID> |
List all targets | GET |
<ENDPOINT>/api/v2/targets |
Validate a target | POST |
<ENDPOINT>/api/v2/targets/{id}/validate |
You can use private and public endpoints to manage targets. For more information about the list of ENDPOINTS
that are available, see Endpoints.
-
You can manage targets from the private network using an API endpoint with the following format:
https://private.REGION.atracker.cloud.ibm.com
-
You can manage targets from the public network using an API endpoint with the following format:
https://REGION.atracker.cloud.ibm.com
-
You can disable the public endpoints by updating the account settings. For more information, see Configuring target and region settings.
For more information about the REST API, see Targets.
API prerequisites
To make API calls to manage targets, complete the following steps:
- Get an IAM access token. For more information, see Retrieving IAM access tokens.
- Identify the API endpoint in the region where you plan to configure or manage a target. For more information, see Endpoints.
Creating an IBM Cloud Activity Tracker hosted event search offering target using the API
You can use the following cURL command to create an IBM Cloud Activity Tracker hosted event search offering target:
curl -X POST <ENDPOINT>/api/v2/targets
-H "Authorization: Bearer IAM_TOKEN"
-H 'content-type: application/json'
-d '{
"name": "TARGET_NAME",
"target_type": "TARGET_TYPE",
"logdna_endpoint": {
"target_crn": "TARGET_CRN",
"ingestion_key": "TARGET_KEY"
}
}
Where
-
<ENDPOINT>
is the API endpoint in the region where you plan to configure or manage a target. For more information, see Endpoints. -
TARGET_NAME
is the name of the target. The maximum length of the name is 256 characters.Do not include any personal identifying information (PII) in any resource names.
-
TARGET_TYPE
is the type of the target. The valid type islogdna
. -
logdna_endpoint
includes information about the target. This includes the CRN of the IBM Cloud Activity Tracker hosted event search offering instance and the ingestion key of the instance.TARGET_CRN
indicates the CRN of the IBM Cloud Activity Tracker Event Routing instance.TARGET_KEY
is the ingestion key for the IBM Cloud Activity Tracker Event Routing instance.
For example, you can use the following cURL request to create a target in Dallas:
curl -X POST https://private.us-south.atracker.cloud.ibm.com/api/v2/targets -H "Authorization: $ACCESS_TOKEN" -H "content-type: application/json" -d '{
"name": "a-target-us-south",
"target_type": "logdna",
"logdna_endpoint": {
"target_crn": "crn:v1:staging:public:logdna:us-south:a/11111111111111111111111111111111:22222222-2222-2222-2222-222222222222::",
"ingestion_key": "xxxxxxxxxxxxxxxxxx"
}
}'
In the response, you get information about the target such as the id
, that indicates the GUID of the target, and the crn
, that indicates the CRN of the target.
Updating an IBM Cloud Activity Tracker hosted event search offering target
When you update an IBM Cloud Activity Tracker hosted event search offering target, you must include the target information in the data section of the request.
- You must pass all fields.
- Update the fields that need to be changed.
You can use the following cURL command to update an IBM Cloud Activity Tracker hosted event search offering target:
curl -X PUT <ENDPOINT>/api/v2/targets
-H "Authorization: Bearer IAM_TOKEN"
-H 'content-type: application/json'
-d '{
"name": "TARGET_NAME",
"target_type": "TARGET_TYPE",
"logdna_endpoint": {
"target_crn": "TARGET_CRN",
"ingestion_key": "TARGET_KEY"
}
}'
Where
-
<ENDPOINT>
is the API endpoint in the region where you plan to configure or manage a target. For more information, see Endpoints. -
TARGET_NAME
is the name of the target. The maximum length of the name is 256 characters.Do not include any personal identifying information (PII) in any resource names.
-
TARGET_TYPE
is the type of the target. The valid type islogdna
. -
logdna_endpoint
includes information about the target. This includes the CRN of the IBM Cloud Activity Tracker hosted event search offering instance and the ingestion key of the instance.TARGET_CRN
indicates the CRN of the IBM Cloud Activity Tracker Event Routing instance.TARGET_KEY
is the ingestion key for the IBM Cloud Activity Tracker Event Routing instance.
For example, you can use the following cURL request to update a target in Dallas:
curl -X PUT https://private.us-south.atracker.cloud.ibm.com/api/v2/targets -H "Authorization: $ACCESS_TOKEN" -H "content-type: application/json" -d '{
"name": "a-target-us-south",
"target_type": "logdna",
"logdna_endpoint": {
"target_crn": "crn:v1:staging:public:logdna:us-south:a/11111111111111111111111111111111:22222222-2222-2222-2222-222222222222::",
"ingestion_key": "xxxxxxxxxxxxxxxxxx"
}
}'
Deleting a target using the API
You can use the following cURL command to delete a target:
curl -X DELETE <ENDPOINT>/api/v2/targets/TARGET_ID -H "Authorization: $ACCESS_TOKEN" -H "content-type: application/json"
Where
<ENDPOINT>
is the API endpoint in the region where you plan to configure or manage a target. For more information, see Endpoints.TARGET_ID
is the ID of the target.
Validating a target using the API
You can use the following cURL command to validate a target by checking the credentials to write to the target.
curl -X POST <ENDPOINT>/api/v2/targets/TARGET_ID/validate -H "Authorization: $ACCESS_TOKEN" -H "content-type: application/json"
Where
<ENDPOINT>
is the API endpoint in the region where you plan to configure or manage a target. For more information, see Endpoints.TARGET_ID
is the ID of the target.
For example, you can use the following cURL request to validate a target in US-South:
curl -X POST https://private.us-south.atracker.cloud.ibm.com/api/v2/targets/<TARGET_ID>/validate -H "Authorization: $ACCESS_TOKEN" -H "content-type: application/json"
In the response, you get information in the section cos_write_status
, for example:
"write_status": {
"status": "success"
},
Viewing a target using the API
You can use the following cURL command to view the configuration details of 1 target:
curl -X GET <ENDPOINT>/api/v2/targets/TARGET_ID -H "Authorization: $ACCESS_TOKEN" -H "content-type: application/json"
Where
<ENDPOINT>
is the API endpoint in the region where you plan to configure or manage a target. For more information, see Endpoints.TARGET_ID
is the ID of the target.
For example, you can run the following cURL request to get information about a target with the ID 00000000-0000-0000-0000-000000000000
:
curl -X GET https://private.us-south.atracker.cloud.ibm.com/api/v2/targets/00000000-0000-0000-0000-000000000000 -H "Authorization: $ACCESS_TOKEN" -H "content-type: application/json"
Results will show if the target is a COS ("target_type": "cloud_object_storage"
) target or an IBM Cloud Activity Tracker hosted event search offering
("target_type": "logdna"
) target.
Listing all targets using the API
You can use the following cURL command to view all targets:
curl -X GET <ENDPOINT>/api/v2/targets -H "Authorization: $ACCESS_TOKEN" -H "content-type: application/json"
Where
<ENDPOINT>
is the API endpoint in the region where you plan to configure or manage a target. For more information, see Endpoints.
For example, you can run the following cURL request to get information about the targets that are defined in Dallas:
curl -X GET https://private.us-south.atracker.cloud.ibm.com/api/v2/targets -H "Authorization: $ACCESS_TOKEN" -H "content-type: application/json"
Results will show if the target is COS ("target_type": "cloud_object_storage"
) or an IBM Cloud Activity Tracker hosted event search offering ("target_type": "logdna"
).
HTTP response codes
When you use the IBM Cloud Activity Tracker Event Routing REST API, you can get standard HTTP response codes to indicate whether a method completed successfully.
- A 200 response always indicates success.
- A 4xx response indicates a failure.
- A 5xx response usually indicates an internal system error.
See the following table for some HTTP response codes:
Status code | Status | Description |
---|---|---|
200 |
OK | The request was successful. |
201 |
OK | The request was successful. A resource is created. |
400 |
Bad Request | The request was unsuccessful. You might be missing a parameter that is required. |
401 |
Unauthorized | The IAM token that is used in the API request is invalid or expired. |
403 |
Forbidden | The operation is forbidden due to insufficient permissions. |
404 |
Not Found | The requested resource doesn't exist or is already deleted. |
429 |
Too Many Requests | Too many requests hit the API too quickly. |
500 |
Internal Server Error | Something went wrong in IBM Cloud Activity Tracker Event Routing processing. |
Creating an IBM Cloud Activity Tracker hosted event search offering target using the UI
Only resources in your account are listed and selectable. To specify a resource in a different account, select Specify CRN under Choose destination.
- Log in to your IBM Cloud account.
- Click the Menu icon > Observability.
- Select Activity Tracker.
- Select Routing.
- Select Targets.
- Click Create to open the create panel.
- Choose type: Click Activity Tracker.
- Choose destination: Pick Search by instance or Specify CRN
- Search by instance: Select an IBM Cloud Activity Tracker hosted event search instance from the table or click Create to create a new IBM Cloud Activity Tracker hosted event search instance.
- Specify CRN: Enter the Cloud Resource Name (CRN) of the IBM Cloud Activity Tracker hosted event search instance. If you want to target an instance in a different account, you must specify the CRN.
- Ingestion key: Select or enter the ingestion key for the targeted IBM Cloud Activity Tracker hosted event search instance.
- Target name: Enter a meaningful name for the target.
- Target region: Select the region that will process the event data.
- Toggle Set as default target to automatically set your new target as a default target in your IBM Cloud Activity Tracker Event Routing settings. See the default targets documentation for more details.
- Click Create target.
Updating an IBM Cloud Activity Tracker hosted event search offering target using the UI
Only resources in your account are listed and selectable. To specify a resource in a different account, select Specify CRN under Choose destination.
- Log in to your IBM Cloud account.
- Click the Menu icon > Observability.
- Select Activity Tracker.
- Select Routing.
- Select Targets.
- Determine which target to update and click the .
- Click Unset as default to remove your target as a default target in your IBM Cloud Activity Tracker Event Routing settings. See the default targets documentation for more details.
- Click Edit to open the update panel.
- Details: Click Edit to update your target's name or region. You can also toggle Default target to add or remove your target as a default target in your IBM Cloud Activity Tracker Event Routing settings.
- Click Save to update your target.
- Destination: Click Edit to change the IBM Cloud Activity Tracker hosted event search instance and ingestion key associated with your target.
- Click Save to update your target.
Deleting a target using the UI
You cannot delete an IBM Cloud Activity Tracker Event Routing target if it is used in a route or as a default target setting.
- Log in to your IBM Cloud account.
- Click the Menu icon > Observability.
- Select Activity Tracker.
- Select Routing.
- Select Targets.
- Determine which target to delete and click the .
- Click Delete and then click Delete in the confirmation panel.
Listing all targets in a region using the UI
- Log in to your IBM Cloud account.
- Click the Menu icon > Observability.
- Select Activity Tracker.
- Select Routing.
- Select Targets.
The table details:
- Target type
- Destination name
- Destination region
- Routes: If it is used in any routes
- Target status:
- Active: The target is working as expected
- Error: The target is misconfigured and events will not be routed to the destination. Update your target details or destination to fix the target configuration or delete the target if it is no longer needed