Configuring the data bucket for an IBM Cloud Logs instance

Configure a bucket in IBM Cloud Object Storage to store your IBM Cloud Logs data for long term storage and search.

Prereqs

The IBM Cloud Object Storage service can be in the same account as your IBM Cloud Logs instance, or can be located in a different account.
You must have permissions to create a bucket in an IBM Cloud Object Storage instance or have the details of an existing bucket.
You must have permissions to configure a service to service authorization between the IBM Cloud Object Storage service and the IBM Cloud Logs service.

Data bucket restrictions

Storage classes

IBM Cloud Object Storage buckets used by IBM Cloud Logs as data buckets can be configured only with the following storage classes:

Smart Tier
Standard

The following storage classes are not supported by IBM Cloud Logs as data buckets:

Vault
Cold Vault

Archive rules

IBM Cloud Object Storage allows you to define archive rules on buckets that archive objects automatically after the defined time period. Archived objects have a lower cost than regular objects, but need to be restored before they can be read again.

IBM Cloud Logs cannot read archived objects. IBM Cloud Logs searching of archived objects in the All Logs view, or querying in Archive queries, returns an error message.

IBM Cloud Object Storage buckets used as IBM Cloud Logs data buckets must not define archive rules that immediately archive objects, or archive objects within a few hours.

If you do not need to search logs older than a certain time period, for example, a month, you can define an IBM Cloud Object Storage archive rule to archive objects older that the time period required for searching. Do not configure archiving for a period of less than 7 days.

By archiving data that you do not need to search, you can retain the log data at a reduced cost. If required, you can restore archived objects if you need to search the data by using IBM Cloud Logs in the future.

Successful read activity tracking events

IBM Cloud Activity Tracker Event Routing drops successful cloud-object-storage.object.read events that are initiated by IBM Cloud Logs instances because they are not needed. When reviewing activity tracking events related to IBM Cloud Logs activity, you will not see see successful cloud-object-storage.object.read events.

Configure an IAM Service to service authorization

You must define a service to service (S2S) authorization between IBM Cloud Logs and IBM Cloud Object Storage to allow IBM Cloud Logs to read and write data into the data bucket.

For more information, see:

Configure the data bucket

Complete the following steps to configure a data bucket for an IBM Cloud Logs instance:

Log in to your IBM Cloud account.

After you log in with your user ID and password, the IBM Cloud dashboard opens.
Click the Menu icon > Observability.
Select Logging > Instances. Then, select the instance to which you want to configure a data bucket.
In the Storage section, select Connect in the Data bucket section.
Choose how to enter the bucket details in the Select bucket by section:

Choose Instance and select a COS instance and bucket if your IBM Cloud Logs instance and the bucket are located in the same account.

Choose Bucket CRN and enter the bucket CRN if your IBM Cloud Logs instance and the bucket are located in different accounts.
Configure the direct endpoint as the bucket endpoint.

Direct endpoints are used for requests originating from resources within VPCs. Direct endpoints provide better performance over Public endpoints and do not incur charges for any outgoing or incoming bandwidth even if the traffic is cross regions or across data centers. For more information, see Endpoint Types.
Click Save to save the configuration.

Once a bucket is connected to a IBM Cloud Logs instance, a bucket is always required. It can be changed but not removed.