Activity tracking events for IBM Cloud Logs
IBM Cloud services, such as IBM Cloud Logs, generate activity tracking events.
Activity tracking events report on activities that change the state of a service in IBM Cloud. You can use the events to investigate abnormal activity and critical actions and to comply with regulatory audit requirements.
You can use IBM Cloud Activity Tracker Event Routing, a platform service, to route auditing events in your account to destinations of your choice by configuring targets and routes that define where activity tracking events are sent. For more information, see About IBM Cloud Activity Tracker Event Routing.
You can use IBM Cloud Logs to visualize and alert on events that are generated in your account and routed by IBM Cloud Activity Tracker Event Routing to an IBM Cloud Logs instance.
Locations where activity tracking events are generated
IBM Cloud Logs sends activity tracking events by IBM Cloud Activity Tracker Event Routing in the regions that are indicated in the following table.
Dallas (us-south ) |
Washington (us-east ) |
Toronto (ca-tor ) |
Sao Paulo (br-sao ) |
---|---|---|---|
Yes | Yes | Yes | Yes |
Tokyo (jp-tok ) |
Sydney (au-syd ) |
Osaka (jp-osa ) |
Chennai (in-che ) |
---|---|---|---|
Yes | Yes | Yes | No |
Frankfurt (eu-de ) |
London (eu-gb ) |
Madrid (eu-es ) |
---|---|---|
Yes | Yes | Yes |
Viewing activity tracking events for IBM Cloud Logs
You can use IBM Cloud Logs to visualize and alert on events that are generated in your account and routed by IBM Cloud Activity Tracker Event Routing to an IBM Cloud Logs instance.
Launching IBM Cloud Logs from the Observability page
For information on launching the IBM Cloud Logs UI, see Launching the UI.
List of platform events
The following table lists the activity tracking event actions that the IBM Cloud platform generates when IBM Cloud Logs instances are processed.
Action | Description |
---|---|
logs.instance.create |
An event is generated when you provision a service instance. |
logs.instance.update |
An event is generated when you rename a service instance or when you change the service plan. |
logs.instance.delete |
An event is generated when a service instance is deleted. |
logs>.instance.schedule_reclaim |
An event is generated when a service instance is pending_reclamation. |
logs.instance.restore |
An event is generated when a service instance is restored. |
The following table lists the actions that generate an event for managing service credentials that are associated with a service instance.
Action | Description |
---|---|
logs.key.create |
An event is generated when an API key is created for a service instance through the Service credentials section of the service instance UI. |
logs.key.delete |
An event is generated when an API key that is associated with a service instance is deleted from the Service credentials section of the service instance UI. |
Data usage events
The following tables lists the data usage events that are generated by IBM Cloud Logs:
Event | Description |
---|---|
logs.data-usage.read |
Getting data-usage for each requested day |
Scope events
The following tables lists the scope events that are generated by IBM Cloud Logs:
Event | Description |
---|---|
logs.user-scope.read |
Getting details of a scope |
logs.user-scope.list |
Listing scopes |
logs.user-scope.create |
Creating a scope |
logs.user-scope.update |
Updating a scope |
logs.user-scope.delete |
Deleting a scope |
Action events
The following tables lists the action events that are generated by IBM Cloud Logs:
Event | Description |
---|---|
logs.team-action-config.read |
Reading team-level actions configuration |
logs.team-action-config.create |
Creating team-level actions configuration |
logs.team-action-config.update |
Updating team-level actions configuration |
logs.team-action-config.delete |
Deleting team-level actions configuration |
logs.team-action.execute |
Running team-level actions |
logs.user-action-config.read |
Reading user-level actions configuration |
logs.user-action-config.create |
Creating user-level actions configuration |
logs.user-action-config.update |
Updating user-level actions configuration |
logs.user-action-config.delete |
Deleting user-level actions configuration |
logs.user-action.execute |
Running user-level actions |
Alert events
The following tables lists the alert events that are generated by IBM Cloud Logs:
Event | Description |
---|---|
logs.alert-config.read |
Getting an alert |
logs.alert-config.read |
Searching alerts |
logs.alert-config.read |
Searching anomalies grouped by type |
logs.alert-config.read |
Getting an alert |
logs.alert-config.list |
Listing alerts |
logs.alert-config.read |
Getting alert by unique ID |
logs.alert-config.read |
Getting alert mapping |
logs.alert-config.list |
Getting alert events |
logs.alert-config.read |
Validating an alert |
logs.alert-config.read |
Getting the alert events count by severity |
logs.alert-config.read |
Getting the company alerts limit |
logs.alert-config.create |
Creating an alert |
logs.alert-config.update |
Updating an alert |
logs.alert-config.delete |
Deleting an alert |
logs.alert.snooze |
Snoozing or Unsnoozing an alert |
logs.alert-map.config |
Configuring an alert map |
logs.alert-map.read |
Viewing visualized alerts in the alerts map |
View events
The following tables lists the view events that are generated by IBM Cloud Logs:
Event | Description |
---|---|
logs.shared-view.list |
Listing shared views |
logs.shared-view.read |
Viewing a public saved views |
logs.shared-view.create |
Creating a public view |
logs.shared-view.update |
Updating a public view |
logs.shared-view.delete |
Deleting a public saved view |
logs.private-view.list |
Listing private views |
logs.private-view.read |
Viewing private saved views |
logs.private-view.create |
Creating a private view |
logs.private-view.update |
Updating a private view |
logs.private-view.delete |
Deleting a private view |
Dashboard events
The following tables lists the dashboard events that are generated by IBM Cloud Logs:
Event | Description |
---|---|
logs.shared-dashboard.read |
Getting a dashboard |
logs.shared-dashboard.pin |
Pinning a dashboard |
logs.shared-dashboard.unpin |
Unpinning a dashboard |
logs.default-dashboard.set |
Setting the default home dashboard |
logs.default-dashboard.replace |
Replacing the default dashboard |
logs.shared-dashboards.list |
Getting the dashboard catalog |
logs.shared-dashboard.search |
Searching DataPrime |
logs.shared-dashboard.create |
Creating a dashboard |
logs.shared-dashboard.update |
Replacing a dashboard |
logs.shared-dashboard.delete |
Deleting a dashboard |
logs.user-dashboard.list |
Listing private dashboards |
logs.user-dashboard.read |
Viewing a private custom dashboard |
logs.user-dashboard.create |
Creating a private custom dashboard |
logs.user-dashboard.update |
Updating a private custom dashboard |
logs.user-dashboard.delete |
Deleting a private custom dashboard |
DataMap events
The following tables lists the DataMap events that are generated by IBM Cloud Logs:
Event | Description |
---|---|
logs.data-map.read |
Viewing DataMap configurations |
logs.data-map.update |
Configuring a DataMap |
TCO policy events
The following tables lists the TCO policy events that are generated by IBM Cloud Logs:
Event | Description |
---|---|
logs.logs-tco-policy.read |
Getting a policy |
logs.logs-tco-policy.create |
Creating a policy |
logs.logs-tco-policy.update |
Updating a policy |
logs.logs-tco-policy.list |
Getting company policies |
logs.logs-tco-policy.delete |
Deleting a policy |
Enrichment events
The following tables lists the enrichment events that are generated by IBM Cloud Logs:
Event | Description |
---|---|
logs.geo-enrichment-config.read |
Viewing geo enrichment configuration |
logs.geo-enrichment-config.create |
Creating geo enrichment configuration |
logs.geo-enrichment-config.update |
Updating geo enrichment configuration |
logs.geo-enrichment-config.delete |
Deleting geo enrichment configuration |
logs.security-enrichment-config.read |
Viewing unified threat intelligence enrichment configuration |
logs.security-enrichment-config.create |
Creating unified threat intelligence enrichment configuration |
logs.security-enrichment-config.update |
Updating unified threat intelligence enrichment configuration |
logs.security-enrichment-config.delete |
Deleting unified threat intelligence enrichment configuration |
logs.custom-enrichment-config.read |
Getting custom enrichment by ID |
logs.custom-enrichment-config.list |
Getting all custom enrichments |
logs.custom-enrichment-config.create |
Creating custom enrichment |
logs.custom-enrichment-config.update |
Updating custom enrichment |
logs.custom-enrichment-config.delete |
Deleting custom enrichment |
logs.custom-enrichment-data.read |
Getting custom enrichment by ID |
logs.custom-enrichment-data.read |
Getting all custom enrichments |
logs.custom-enrichment-data.create |
Creating a custom enrichment |
logs.custom-enrichment-data.update |
Updating a custom enrichment |
logs.custom-enrichment-data.delete |
Deleting custom enrichment |
Insight events
The following tables lists the insight events that are generated by IBM Cloud Logs:
Event | Description |
---|---|
logs.insight.read |
Searching insights |
Incident events
The following tables lists the incident events that are generated by IBM Cloud Logs:
Event | Description |
---|---|
logs.incident.read |
Getting incident |
logs.incident.list |
Getting incidents list |
logs.incident-aggregations.list |
Listing incident aggregations |
logs.incident.acknowledge |
Acknowledging events in triggered alerts |
logs.incident.snooze |
Snoozing events |
logs.incident.assign |
Assigning incidents |
logs.incident.unassign |
Unassigning incidents |
logs.incident.close |
Closing incidents |
logs.incident.resolve |
Resolving incidents |
Extension events
The following tables lists the extension events that are generated by IBM Cloud Logs:
Event | Description |
---|---|
logs.deployed-extensions.list |
Getting deployed extensions |
logs.extensions.list |
Getting all extensions |
logs.extension.read |
Getting extension by ID |
logs.extension-quota.list |
Getting quotas for various extension domains |
logs.extension.deploy |
Deploying an extension |
logs.extension.update |
Updating an extension |
logs.extension.delete |
Removing an extension |
LiveTail events
The following tables lists the LiveTail events that are generated by IBM Cloud Logs:
Event | Description |
---|---|
logs.livetail.view |
Viewing LiveTail data |
Analytics events
The following tables lists the analytics events that are generated by IBM Cloud Logs:
Event | Description |
---|---|
logs.data-analytics-high.read |
Viewing Priority insights mapping statistics (Logs) |
logs.data-analytics-low.read |
Viewing archive analytics (Logs) |
Log events
The following tables lists the log events that are generated by IBM Cloud Logs:
Event | Description |
---|---|
logs.logs-timeseries.search |
Searching logs time series |
logs.events-from-logs.search |
Searching logs events |
logs.aggregated-logs-series.search |
Searching grouped logs series |
logs.aggregated-logs-timeseries.search |
Searching grouped logs time series |
logs.logs-events.search |
Searching logs event groups |
logs.aggregated-logs.search |
Searching logs aggregated value |
logs.logs-activity.search |
Searching logs activity |
logs.data.send |
Sending Logs |
Archive log events
The following tables lists the archive log events that are generated by IBM Cloud Logs:
Event | Description |
---|---|
logs.archive-timeseries.search |
Searching archive logs time series |
logs.archive-events.search |
Searching archive logs event groups |
logs.aggregated-archive-series.search |
Searching archive grouped logs series |
logs.aggregated-archive-timeseries.search |
Searching archive grouped logs time series |
logs.aggregated-archive-logs.search |
Searching archive logs aggregated value |
Data setup events
The following tables lists the data setup events that are generated by IBM Cloud Logs:
Event | Description |
---|---|
logs.logs-data-setup-high-config.read |
Reading configuration to send high tier data |
logs.logs-data-setup-high-config.update |
Updating configuration to send high tier data |
logs.logs-data-setup-low-config.read |
Reading configuration to send low tier data |
logs.logs-data-setup-low-config.update |
Updating configuration to send low tier data |
logs.metrics-data-setup-low-config.read |
Reading metrics archive configuration |
Parsing rule events
The following tables lists the parsing rule events that are generated by IBM Cloud Logs:
Event | Description |
---|---|
logs.parsing-rule.read |
Getting rule group |
logs.parsing-rule-usage-limits.read |
Getting company usage with limits |
logs.parsing-rule.create |
Creating a rule group |
logs.parsing-rule.update |
Updating a rule group |
logs.parsing-rule.delete |
Deleting a rule group |
logs.parsing-rules-bulk.delete |
Bulk deleting rule groups |
Events to Metrics events
The following tables lists the Events to Metrics events that are generated by IBM Cloud Logs:
Event | Description |
---|---|
logs.logs-events2metrics-config.read |
Getting events2metrics configuration |
logs.logs-events2metrics-config.unset |
Disabling events2metrics |
logs.logs-events2metrics-config.set |
Enabling events2metrics |
Benchmark events
The following tables lists the benchmark events that are generated by IBM Cloud Logs:
Event | Description |
---|---|
logs.version-benchmark-tag.create |
Creating external tag |
logs.version-benchmark-tag.attach |
Adding external tag with get |
logs.version-benchmark-bitbucket-tag.create |
Creating external bitbucket tag |
logs.version-benchmark-tfs-tag.create |
Creating external tfs tag |
logs.version-benchmark-gitlab-tag.create |
Creating external gitlab tag |
logs.version-benchmark-tag.create |
Creating tag |
logs.version-benchmark-tag.update |
Updating tag |
logs.version-benchmark-tag.delete |
Deleting tag |
logs.version-benchmark-tag.list |
Getting tags |
logs.version-benchmark-tag-summary.read |
Getting tag summary |
logs.version-benchmark-tag-alerts.list |
Getting tag alerts |
logs.version-benchmark-tag-error-volume.read |
Getting tag error volume |
logs.version-benchmark-report.view |
Getting benchmark report |
logs.version-benchmark-report-private-widget.read |
Getting private benchmark report |
logs.version-benchmark-report-private-widget.create |
Creating a private benchmark report |
logs.version-benchmark-report-private-widget.update |
Updating a private benchmark report |
logs.version-benchmark-report-private-widget.delete |
Deleting a private benchmark report |
logs.version-benchmark-report-private-widget.list |
Listing private benchmark report |
logs.version-benchmark-report-shared-widget.list |
Listing shared benchmark report |
logs.version-benchmark-report-shared-widget.read |
Getting shared benchmark report |
logs.version-benchmark-report-shared-widget.create |
Creating a shared benchmark report |
logs.version-benchmark-report-shared-widget.update |
Updating a shared benchmark report |
logs.version-benchmark-report-shared-widget.delete |
Deleting a shared benchmark report |
Metrics searching events
The following tables lists the metrics searching events that are generated by IBM Cloud Logs:
Event | Description |
---|---|
logs.metrics-data-api-high-data.list |
Searching for time series |
logs.metrics-data-api-high-data.list |
Searching for instant values |
logs.metrics-data-api-high-data.list |
Searching for grouped series |
logs.metrics-data-api-high-data.list |
Searching grouped time series |
logs.metrics-data-api-high-data.list |
Searching metrics as events |
logs.metrics-data-api-high-data.list |
Getting the amount of sent metrics |