IBM Cloud Docs
Activity tracking events for IBM Cloud Logs

Activity tracking events for IBM Cloud Logs

IBM Cloud services, such as IBM Cloud Logs, generate activity tracking events.

Activity tracking events report on activities that change the state of a service in IBM Cloud. You can use the events to investigate abnormal activity and critical actions and to comply with regulatory audit requirements.

You can use IBM Cloud Activity Tracker Event Routing, a platform service, to route auditing events in your account to destinations of your choice by configuring targets and routes that define where activity tracking events are sent. For more information, see About IBM Cloud Activity Tracker Event Routing.

You can use IBM Cloud Logs to visualize and alert on events that are generated in your account and routed by IBM Cloud Activity Tracker Event Routing to an IBM Cloud Logs instance.

Locations where activity tracking events are generated

IBM Cloud Logs sends activity tracking events by IBM Cloud Activity Tracker Event Routing in the regions that are indicated in the following table.

Regions where activity tracking events are sent in Americas locations
Dallas (us-south) Washington (us-east) Toronto (ca-tor) Sao Paulo (br-sao)
Yes Yes Yes Yes
Regions where activity tracking events are sent in Asia Pacific locations
Tokyo (jp-tok) Sydney (au-syd) Osaka (jp-osa) Chennai (in-che)
Yes Yes Yes No
Regions where activity tracking events are sent in Europe locations
Frankfurt (eu-de) London (eu-gb) Madrid (eu-es)
Yes Yes Yes

Viewing activity tracking events for IBM Cloud Logs

You can use IBM Cloud Logs to visualize and alert on events that are generated in your account and routed by IBM Cloud Activity Tracker Event Routing to an IBM Cloud Logs instance.

Launching IBM Cloud Logs from the Observability page

For information on launching the IBM Cloud Logs UI, see Launching the UI.

List of platform events

The following table lists the activity tracking event actions that the IBM Cloud platform generates when IBM Cloud Logs instances are processed.

Actions that generate platform events
Action Description
logs.instance.create An event is generated when you provision a service instance.
logs.instance.update An event is generated when you rename a service instance or when you change the service plan.
logs.instance.delete An event is generated when a service instance is deleted.
logs>.instance.schedule_reclaim An event is generated when a service instance is pending_reclamation.
logs.instance.restore An event is generated when a service instance is restored.

The following table lists the actions that generate an event for managing service credentials that are associated with a service instance.

Actions that generate service credentials events
Action Description
logs.key.create An event is generated when an API key is created for a service instance through the Service credentials section of the service instance UI.
logs.key.delete An event is generated when an API key that is associated with a service instance is deleted from the Service credentials section of the service instance UI.

Data usage events

The following tables lists the data usage events that are generated by IBM Cloud Logs:

Events for data usage
Event Description
logs.data-usage.read Getting data-usage for each requested day

Scope events

The following tables lists the scope events that are generated by IBM Cloud Logs:

Events for scope
Event Description
logs.user-scope.read Getting details of a scope
logs.user-scope.list Listing scopes
logs.user-scope.create Creating a scope
logs.user-scope.update Updating a scope
logs.user-scope.delete Deleting a scope

Action events

The following tables lists the action events that are generated by IBM Cloud Logs:

Events for actions
Event Description
logs.team-action-config.read Reading team-level actions configuration
logs.team-action-config.create Creating team-level actions configuration
logs.team-action-config.update Updating team-level actions configuration
logs.team-action-config.delete Deleting team-level actions configuration
logs.team-action.execute Running team-level actions
logs.user-action-config.read Reading user-level actions configuration
logs.user-action-config.create Creating user-level actions configuration
logs.user-action-config.update Updating user-level actions configuration
logs.user-action-config.delete Deleting user-level actions configuration
logs.user-action.execute Running user-level actions

Alert events

The following tables lists the alert events that are generated by IBM Cloud Logs:

Events for alert
Event Description
logs.alert-config.read Getting an alert
logs.alert-config.read Searching alerts
logs.alert-config.read Searching anomalies grouped by type
logs.alert-config.read Getting an alert
logs.alert-config.list Listing alerts
logs.alert-config.read Getting alert by unique ID
logs.alert-config.read Getting alert mapping
logs.alert-config.list Getting alert events
logs.alert-config.read Validating an alert
logs.alert-config.read Getting the alert events count by severity
logs.alert-config.read Getting the company alerts limit
logs.alert-config.create Creating an alert
logs.alert-config.update Updating an alert
logs.alert-config.delete Deleting an alert
logs.alert.snooze Snoozing or Unsnoozing an alert
logs.alert-map.config Configuring an alert map
logs.alert-map.read Viewing visualized alerts in the alerts map

View events

The following tables lists the view events that are generated by IBM Cloud Logs:

Events for views
Event Description
logs.shared-view.list Listing shared views
logs.shared-view.read Viewing a public saved views
logs.shared-view.create Creating a public view
logs.shared-view.update Updating a public view
logs.shared-view.delete Deleting a public saved view
logs.private-view.list Listing private views
logs.private-view.read Viewing private saved views
logs.private-view.create Creating a private view
logs.private-view.update Updating a private view
logs.private-view.delete Deleting a private view

Dashboard events

The following tables lists the dashboard events that are generated by IBM Cloud Logs:

Events for dashboards
Event Description
logs.shared-dashboard.read Getting a dashboard
logs.shared-dashboard.pin Pinning a dashboard
logs.shared-dashboard.unpin Unpinning a dashboard
logs.default-dashboard.set Setting the default home dashboard
logs.default-dashboard.replace Replacing the default dashboard
logs.shared-dashboards.list Getting the dashboard catalog
logs.shared-dashboard.search Searching DataPrime
logs.shared-dashboard.create Creating a dashboard
logs.shared-dashboard.update Replacing a dashboard
logs.shared-dashboard.delete Deleting a dashboard
logs.user-dashboard.list Listing private dashboards
logs.user-dashboard.read Viewing a private custom dashboard
logs.user-dashboard.create Creating a private custom dashboard
logs.user-dashboard.update Updating a private custom dashboard
logs.user-dashboard.delete Deleting a private custom dashboard

DataMap events

The following tables lists the DataMap events that are generated by IBM Cloud Logs:

Events for DataMap actions
Event Description
logs.data-map.read Viewing DataMap configurations
logs.data-map.update Configuring a DataMap

TCO policy events

The following tables lists the TCO policy events that are generated by IBM Cloud Logs:

Events for TCO policies
Event Description
logs.logs-tco-policy.read Getting a policy
logs.logs-tco-policy.create Creating a policy
logs.logs-tco-policy.update Updating a policy
logs.logs-tco-policy.list Getting company policies
logs.logs-tco-policy.delete Deleting a policy

Enrichment events

The following tables lists the enrichment events that are generated by IBM Cloud Logs:

Events for enrichment
Event Description
logs.geo-enrichment-config.read Viewing geo enrichment configuration
logs.geo-enrichment-config.create Creating geo enrichment configuration
logs.geo-enrichment-config.update Updating geo enrichment configuration
logs.geo-enrichment-config.delete Deleting geo enrichment configuration
logs.security-enrichment-config.read Viewing unified threat intelligence enrichment configuration
logs.security-enrichment-config.create Creating unified threat intelligence enrichment configuration
logs.security-enrichment-config.update Updating unified threat intelligence enrichment configuration
logs.security-enrichment-config.delete Deleting unified threat intelligence enrichment configuration
logs.custom-enrichment-config.read Getting custom enrichment by ID
logs.custom-enrichment-config.list Getting all custom enrichments
logs.custom-enrichment-config.create Creating custom enrichment
logs.custom-enrichment-config.update Updating custom enrichment
logs.custom-enrichment-config.delete Deleting custom enrichment
logs.custom-enrichment-data.read Getting custom enrichment by ID
logs.custom-enrichment-data.read Getting all custom enrichments
logs.custom-enrichment-data.create Creating a custom enrichment
logs.custom-enrichment-data.update Updating a custom enrichment
logs.custom-enrichment-data.delete Deleting custom enrichment

Insight events

The following tables lists the insight events that are generated by IBM Cloud Logs:

Events for insights
Event Description
logs.insight.read Searching insights

Incident events

The following tables lists the incident events that are generated by IBM Cloud Logs:

Events for incidents
Event Description
logs.incident.read Getting incident
logs.incident.list Getting incidents list
logs.incident-aggregations.list Listing incident aggregations
logs.incident.acknowledge Acknowledging events in triggered alerts
logs.incident.snooze Snoozing events
logs.incident.assign Assigning incidents
logs.incident.unassign Unassigning incidents
logs.incident.close Closing incidents
logs.incident.resolve Resolving incidents

Extension events

The following tables lists the extension events that are generated by IBM Cloud Logs:

Events for extension data
Event Description
logs.deployed-extensions.list Getting deployed extensions
logs.extensions.list Getting all extensions
logs.extension.read Getting extension by ID
logs.extension-quota.list Getting quotas for various extension domains
logs.extension.deploy Deploying an extension
logs.extension.update Updating an extension
logs.extension.delete Removing an extension

LiveTail events

The following tables lists the LiveTail events that are generated by IBM Cloud Logs:

Events for LiveTail data
Event Description
logs.livetail.view Viewing LiveTail data

Analytics events

The following tables lists the analytics events that are generated by IBM Cloud Logs:

Events for data analytics
Event Description
logs.data-analytics-high.read Viewing Priority insights mapping statistics (Logs)
logs.data-analytics-low.read Viewing archive analytics (Logs)

Log events

The following tables lists the log events that are generated by IBM Cloud Logs:

Events for logs
Event Description
logs.logs-timeseries.search Searching logs time series
logs.events-from-logs.search Searching logs events
logs.aggregated-logs-series.search Searching grouped logs series
logs.aggregated-logs-timeseries.search Searching grouped logs time series
logs.logs-events.search Searching logs event groups
logs.aggregated-logs.search Searching logs aggregated value
logs.logs-activity.search Searching logs activity
logs.data.send Sending Logs

Archive log events

The following tables lists the archive log events that are generated by IBM Cloud Logs:

Events for archive logs
Event Description
logs.archive-timeseries.search Searching archive logs time series
logs.archive-events.search Searching archive logs event groups
logs.aggregated-archive-series.search Searching archive grouped logs series
logs.aggregated-archive-timeseries.search Searching archive grouped logs time series
logs.aggregated-archive-logs.search Searching archive logs aggregated value

Data setup events

The following tables lists the data setup events that are generated by IBM Cloud Logs:

Events for data setup
Event Description
logs.logs-data-setup-high-config.read Reading configuration to send high tier data
logs.logs-data-setup-high-config.update Updating configuration to send high tier data
logs.logs-data-setup-low-config.read Reading configuration to send low tier data
logs.logs-data-setup-low-config.update Updating configuration to send low tier data
logs.metrics-data-setup-low-config.read Reading metrics archive configuration

Parsing rule events

The following tables lists the parsing rule events that are generated by IBM Cloud Logs:

Events for parsing rules
Event Description
logs.parsing-rule.read Getting rule group
logs.parsing-rule-usage-limits.read Getting company usage with limits
logs.parsing-rule.create Creating a rule group
logs.parsing-rule.update Updating a rule group
logs.parsing-rule.delete Deleting a rule group
logs.parsing-rules-bulk.delete Bulk deleting rule groups

Events to Metrics events

The following tables lists the Events to Metrics events that are generated by IBM Cloud Logs:

Events for events2metrics
Event Description
logs.logs-events2metrics-config.read Getting events2metrics configuration
logs.logs-events2metrics-config.unset Disabling events2metrics
logs.logs-events2metrics-config.set Enabling events2metrics

Benchmark events

The following tables lists the benchmark events that are generated by IBM Cloud Logs:

Events for benchmarks
Event Description
logs.version-benchmark-tag.create Creating external tag
logs.version-benchmark-tag.attach Adding external tag with get
logs.version-benchmark-bitbucket-tag.create Creating external bitbucket tag
logs.version-benchmark-tfs-tag.create Creating external tfs tag
logs.version-benchmark-gitlab-tag.create Creating external gitlab tag
logs.version-benchmark-tag.create Creating tag
logs.version-benchmark-tag.update Updating tag
logs.version-benchmark-tag.delete Deleting tag
logs.version-benchmark-tag.list Getting tags
logs.version-benchmark-tag-summary.read Getting tag summary
logs.version-benchmark-tag-alerts.list Getting tag alerts
logs.version-benchmark-tag-error-volume.read Getting tag error volume
logs.version-benchmark-report.view Getting benchmark report
logs.version-benchmark-report-private-widget.read Getting private benchmark report
logs.version-benchmark-report-private-widget.create Creating a private benchmark report
logs.version-benchmark-report-private-widget.update Updating a private benchmark report
logs.version-benchmark-report-private-widget.delete Deleting a private benchmark report
logs.version-benchmark-report-private-widget.list Listing private benchmark report
logs.version-benchmark-report-shared-widget.list Listing shared benchmark report
logs.version-benchmark-report-shared-widget.read Getting shared benchmark report
logs.version-benchmark-report-shared-widget.create Creating a shared benchmark report
logs.version-benchmark-report-shared-widget.update Updating a shared benchmark report
logs.version-benchmark-report-shared-widget.delete Deleting a shared benchmark report