IBM Cloud Docs
About IBM Cloud Logs

About IBM Cloud Logs

IBM® Cloud Logs provides observability services for IBM Cloud so you can view, analyze, and alert on activity tracking events and logging activity. Logging data can be sent from orchestrated and nonorchestrated environments.

As workloads generate an expanding amount of observability data, pressure is increasing on collection tools to process all the data. The data becomes expensive to manage and makes it harder to obtain actionable insights. It is harder to have fast, effective, and cost-efficient operational and performance management.

IBM Cloud Logs is designed to help users take control of their observability data and expedite insights to reduce application downtime.

IBM Cloud Logs supports integration with common workload environments on IBM Cloud including IBM Cloud Kubernetes Service and Red Hat OpenShift on IBM Cloud. Integration with nonorchestrated environments, such as Linux, is also supported.

With IBM Cloud Logs, you can send both log data and activity tracking events into the service, which gives you flexibility in how you handle your data. Log and event data can be sent to separate IBM Cloud Logs instances or combined into a single instance to expand observability insights.

IBM Cloud Logs processes incoming data and applies machine learning algorithms, including log aggregation and anomaly detection. This processing helps you focus on the root cause of issues.

Alerting

Sophisticated alert rules can be configured to reduce triage time. Examples include:

  • Notifying when a combination of alert events happens within a defined set of criteria.

  • Receiving alerts when new errors or log types are detected, or anomalous values occur on established data.

Parsing

You can parse log data to aid processing and increase the value of your data.

IBM Cloud Logs parsing tools help you evaluate if data is essential or redundant. Restructuring data can help you aggregate dissimilar nformation that teams need to quickly find to address incidents. Often a simple sparkline of frequency over time will provide the needed insight to quickly determine the problem.

IBM Cloud Logs is designed to convert log data to summarize what is happening. Using metrics that are generated from log data is a great way to look at vast amounts of data quickly when you search on different data sources.

Enriching

You can easily enrich your log data with IBM Cloud Logs. You can automatically add fields to your JSON logs based on specific matches in your log data by using a pre-defined custom data source of your own. This way, you can enhance your log data with business, operations, or security information that is not available at run time.

Configuration

You can configure IBM Cloud Logs dashboards to better visualize your environments. Preconfigured alerts and dashboards for common application environments can be tailored to your specific environment needs. Dashboard insights, which are paired with IBM Cloud Logs machine learning analytics, gives SREs the ability to quickly identify the start of an incident before it becomes a significant issue.

IBM Cloud Logs provides alert incident management control. This control helps manage the operation of workloads and comprehensive environments with maintenance windows that can be managed within the tool. When complex incidents occur triggering multiple alarms, users can see the situation quickly within IBM Cloud Logs. Configured alert management within IBM Cloud Logs can suppress unnecessary alerts to other alert management solutions.

Integrating with other applications

IBM Cloud Logs is designed to integrate with most common application and systems management tools and fit within most toolchains. Sharing data with other operational tools is built in by design:

  • Integrate with alert management tools by using webhook values within alert messages so that information is included in the alert. This information can be used to quickly identify the source that triggered the alert.

  • Share alert data with the IBM Cloud Event Notifications service for comprehensive IBM Cloud alert management visibility and control.

  • Share alert data with PagerDuty and other specialized alert management tools.

  • Integrate with other observability, SIEM, and data analysis tools. IBM Cloud Logs can send data to IBM® Event Streams for IBM Cloud®, a Kafka service implementation, where data can be shared with a wide variety of tools and applications.

  • Integrate with your workload and bespoke tools. IBM Cloud Logs supports launching into and out of the service by using a defined set of parameters. You can automate and streamline your SRE or users’ ability to navigate the comprehensive workloads and maintain smooth context-switching between tools.

Optimizing value and controlling your observability budget

Not all data is valued equally. IBM Cloud Logs helps optimize the value of the data that you keep. When you review your observability needs and budget, you can select from three tiers of log and event processing:

  • Store and search: Data that is retained primarily for compliance obligations can be stored and searched as necessary at a low cost/GB.

  • Analyze and alert: Log and event data with analysis and alert value is processed at a mid-tier cost/GB. The mid-tier includes adding the definition of metrics from logs, allowing the visualization of trends and preparation for quickly handling future incidents.

  • Priority insights: Select and configure most critical and highest value data to your operations for priority query results. Data in this tier is retained in hot storage.

Learn more

For more information about IBM Cloud Logs features, see the following topics.

Links where you can find more information about IBM Cloud Logs features
For more information about See
Overview of features Link
TCO Optimizer Link
Parsing rules Link
Enriching data Link
Alerting Link
Extensions Link
Data usage Link
Metadata fields Link