Managing IBM Cloud Logs extensions

In IBM Cloud Logs, extensions offer out of the box configurations to manage log data. An extension contains a set of pre-defined resource definitions such as alerts, parsing rules, dashboards, and more that you can use to get up and running fast and monitor and alert on data that is relevant to the extension.

You can deploy all resources or a subset of resources of an extension in the context of selected applications and subsystems.
You can manage an extension graphically via UI or programmatically via API.
After you deploy resources from an extension, you can customize them.

To prevent overwritting custom changes to predefined resources, you must detach these resources from the extension deployment. You can only detach resources graphically via UI.
Extensions are classified by type. Valid types are Security, and Observability.
Extensions include labels that you can use to filter them. For example, the tag IBM is associated with extensions that you can use to monitor the IBM Cloud.
Extensions can include predefined alerts, parsing rules, Events to Metrics definitions, dashboards and enrichments.

List of available extensions

The following list outlines extensions that you can deploy to monitor logs:

System Monitoring: Use it to get insights into your system's performance and usage of an IBM Cloud Logs instance.
Activity Tracking: Use it to get insights into your IBM Cloud activity tracking data.
IBM Cloud Kubernetes Service: Use it to get insights into your IBM Cloud Kubernetes Service logs.
IBM Cloud® Databases for MySQL: Use it to get insights into your IBM Cloud® Databases for MySQL logs.
IBM Cloud Databases for PostgreSQL: Use it to get insights into your IBM Cloud Databases for PostgreSQL logs.
IBM® Cloudant® for IBM Cloud®: Use it to get insights into your IBM® Cloudant® for IBM Cloud® logs.
Cloudflare: Use it to get insights into your Cloudflare logs.
IBM Cloud® Databases for Redis: Use it to get insights into your IBM Cloud Databases for Redis logs.
Linux: Use it to get insights into your Linux logs.
MongoDB: Use it to get insights into your MongoDB logs.
NGINX: Use it to get insights into your nginx logs.

List of available extensions by ID

The following table lists the IDs of the extensions that you must use when using the Extensions API:

Extension actions by using the IBM Cloud Logs REST API
Extension	ID
System Monitoring	`SystemMonitoring`
Activity Tracking	`ActivityTracking`
IBM Cloud Kubernetes Service	`IBMCloudKubernetes`
IBM Cloud® Databases for MySQL	`IBMMySQL`
IBM Cloud Databases for PostgreSQL	`IBMPostgreSQL`
IBM® Cloudant® for IBM Cloud®	`IBMCloudant`
Cloudflare	`Cloudflare`
IBM Cloud® Databases for Redis	`IBMRedis`
Linux	`Linux`
MongoDB	`MongoDB`
NGINX	`NGINX`

API methods

The following table lists the actions that you can run to manage extensions:

Extension actions by using the IBM Cloud Logs REST API
Action	REST API Method	API_URL
List extensions	`GET`	`<ENDPOINT>/v1/extensions`
Get an extension by ID	`GET`	`<ENDPOINT>/v1/extensions/{id}`
Get deployment details of an extension	`GET`	`<ENDPOINT>/v1/extensions/{id}/deployment`
Deploy an extension	`PUT`	`<ENDPOINT>/v1/extensions/{id}/deployment`
Update an extension	`PUT`	`<ENDPOINT>/v1/extensions/{id}/deployment`
Remove an extension	`DELETE`	`<ENDPOINT>/v1/extensions/{id}/deployment`

You can use the public or the private ENDPOINT to manage extensions. For more information on the endpoints, see Service API endpoints.

For more information about the REST API, see Extensions.

Getting the list of available extensions through the UI

To see the extensions that are available through the IBM Cloud Logs UI, complete the following steps:

Launch the IBM Cloud Logs UI.
Click the Integrations icon > Extensions.

The list of available extensions is displayed.

Getting the list of available extensions by using the API

To get the list of extensions available for deployment, including additional details for the ones that are deployed, complete the following steps:

Get the authentication token. See Authentication via API.
Get the endpoint of the instance where you want to manage extensions. See Service API endpoints.

List all extensions, including version and deployed resources per extension.

curl -X GET --location --header "Authorization: Bearer ${IAM_TOKEN}"   --header "Accept: application/json"   "https://<API_ENDPOINT>/v1/extensions"

Getting the list of deployed extensions by using the API

To get information about the extensions that are deployed in an IBM Cloud Logs instance, you can use the method Get list of extensions. Information includes details on the version and deployed resources.

For example, complete the following steps:

Get the authentication token. See Authentication via API.
Get the endpoint of the instance where you want to deploy an extension. See see Service API endpoints.

Get details of an deployed extensions.

curl -X GET --location --header "Authorization: Bearer ${IAM_TOKEN}"   --header "Accept: application/json"   "https://<API_ENDPOINT>/v1/extensions?deployed=true"

Getting the list of extensions that are not deployed by using the API

To get information about the extensions that are not yet deployed in an IBM Cloud Logs instance, you can use the method Get list of extensions.

For example, complete the following steps:

Get the authentication token. See Authentication via API.
Get the endpoint of the instance where you want to deploy an extension. See see Service API endpoints.

Get details of an deployed extensions.

curl -X GET --location --header "Authorization: Bearer ${IAM_TOKEN}"   --header "Accept: application/json"   "https://<API_ENDPOINT>/v1/extensions?deployed=false"

Deploying an extension by using the API

To deploy resources included in an extension, you can use the API method Deploy or update deployment of an extension..

Complete the following steps to deploy an extension:

Get the authentication token. See Authentication via API.
Get the endpoint of the instance where you want to deploy an extension. See see Service API endpoints.
Get the ID of the extension and that you want to deploy. See List of available extensions.

Get details of an extension by ID including information about deployed resources.

curl -X GET --location --header "Authorization: Bearer ${IAM_TOKEN}"   --header "Accept: application/json"   "https://<API_ENDPOINT>/v1/extensions/<ExtensionID>"

For example, to get the information for the Kubernetes extension, run:

curl -X GET --location --header "Authorization: Bearer ${IAM_TOKEN}"   --header "Accept: application/json"   "https://<ENDPOINT>/v1/extensions/IBMCloudKubernetes"

You will see a response that looks as follows:

{
"id": "IBMCloudKubernetes",
"name": "IBM Cloud Kubernetes Service",
"revisions": [
    {
        "version": "1.0.0",
        "description": "# IBM Cloud Kubernetes Service\nThe dashboard provides an in-depth analysis of IBM Cloud Kubernetes Service, offering a comprehensive view of cluster performance, node activity, pod logs, and error analysis. It enables quick issue identification, trend analysis, and efficient Kubernetes monitoring.\n",
        "excerpt": "",
        "labels": [
            "IBM",
            "Kubernetes",
            "Сluster",
            "K8S",
            "Cloud",
            "Compute",
            "Observability"
        ],
        "items": [
            {
                "id": "1405e028-dd50-48a0-86c5-b361e029a3f1",
                "name": "IBM Kubernetes",
                "description": "Dashboard for IBM Cloud Kubernetes Service.",
                "target_domain": "dashboard"
            },
            {
                "id": "93cda01a-526e-4872-b29a-125645abf784",
                "name": "IBM Kubernetes - No logs from service",
                "description": "No logs have been received from the kubernetes service, indicating potential issues with logging configuration, service downtime, or connectivity problems affecting log transmission.",
                "target_domain": "alert"
            },
            {
                "id": "9e2099ee-78f4-4070-a1fd-7be109f136ce",
                "name": "IBM Kubernetes - More than 5 erroneous cluster logs within 15 minutes",
                "description": "Over five error logs have been recorded at the cluster level within a 15-minute window, indicating potential issues affecting the Kubernetes cluster's overall health or configuration.",
                "target_domain": "alert"
            },
            {
                "id": "f242dd8a-138a-4dcc-92b9-09f5ec1b4840",
                "name": "IBM Kubernetes - More than 5 erroneous pod logs within 15 minutes",
                "description": "More than five error logs have been detected in pod-level operations within 15 minutes, suggesting issues with workloads or pod-level configurations.",
                "target_domain": "alert"
            },
            {
                "id": "504c4f1a-4185-4619-bc7c-9d011b3f3245",
                "name": "IBM Kubernetes - Host change",
                "description": "A host change event has been detected, which might indicate a node replacement, scaling operation, or unexpected infrastructure changes.",
                "target_domain": "alert"
            },
            {
                "id": "c179c165-b12e-4f40-8e87-e4627d6dbdef",
                "name": "IBM Kubernetes - Permission denied",
                "description": "A permission denial has occurred during a Kubernetes operation, possibly caused by misconfigured access controls or insufficient permissions for the requested action.",
                "target_domain": "alert"
            }
        ]
    }
],
"changelog": [
    {
        "version": "1.0.0",
        "description_md": "### Changed\nRelease of an extension for the IBM Cloud Kubernetes Service.\n"
    }
]
}

Deploy the extension. For example, you can run the following cURL command to deploy partially the Kubernetes extension. This sample creates a dashboard and 2 alerts:

curl -X PUT --location --header "Authorization: Bearer ${IAM_TOKEN}"   --header "Accept: application/json"   --header "Content-Type: application/json"   --data   '{
"version": "1.0.0",
"item_ids": [
  "1405e028-dd50-48a0-86c5-b361e029a3f1",
  "93cda01a-526e-4872-b29a-125645abf784",
  "9e2099ee-78f4-4070-a1fd-7be109f136ce"
],
"applications": [
  "myapp"
],
"subsystems": [
  "mysubsystem"
]

}' "https:// /v1/extensions/IBMCloudKubernetes/deployment" ```

Updating an extension by using the API

You might want to deploy a new version of an extension, deploy additional resources, or modify the applications and subsystems that are configured as sources of data relevant to the extension. To update resources that are included in an extension, you can use the API method Deploy or update deployment of an extension..

Complete the following steps to update an extension:

Make sure that you specify in the API call all the resources from that extension that are currently deployed. If you have modified any resources previously deployed from this extension, detach the resources before running the update. If you do not include all resources previously deployed, they ones that are not included are removed.

Get the authentication token. See Authentication via API.
Get the endpoint of the instance where you want to deploy an extension. See see Service API endpoints.
Get the ID of the extension and that you want to deploy. See List of available extensions.

Get details of an extension by ID including information about deployed resources. Check the deployment section to see what resources are already deployed.

curl -X GET --location --header "Authorization: Bearer ${IAM_TOKEN}"   --header "Accept: application/json"   "https://<API_ENDPOINT>/v1/extensions/<ExtensionID>"

Update the extension. For example, you can run the following cURL command to update the Kubernetes extension and keep only 1 dashboard and 1 alert:

curl -X PUT --location --header "Authorization: Bearer ${IAM_TOKEN}"   --header "Accept: application/json"   --header "Content-Type: application/json"   --data   '{
"version": "1.0.0",
"item_ids": [
  "1405e028-dd50-48a0-86c5-b361e029a3f1",
  "93cda01a-526e-4872-b29a-125645abf784"
],
"applications": [
  "myapp"
],
"subsystems": [
  "mysubsystem"
]

}' "https:// /v1/extensions/IBMCloudKubernetes/deployment" ```

Deploying an extension

To deploy an extension, complete the following steps:

Log in to your IBM Cloud account.
Access your IBM Cloud Logs instance
Click the Integrations icon > Extensions.
Click Deploy on the tile of the extension you want to deploy.
Select the Applications and Subsystems where the extension will be applied.
By default everything defined in the extension will be deployed. You can remove the checkmark for any item you don't want to deploy.
Click + Deploy to install the extension in your IBM Cloud Logs instances.

Modifying a deployed extension

You might want to deploy a new version of an extension, deploy additional resources, or modify the applications and subsystems that are configured as sources of data relevant to the extension.

Make sure that you keep selected all the resources from that extension that are currently deployed. If you have modified any resources previously deployed from this extension, detach the resources before running the update. If you do not include all resources previously deployed, they ones that are not included are removed.

Complete the following steps to update an extension:

Log in to your IBM Cloud account.
Access your IBM Cloud Logs instance
Click the Integrations icon > Extensions.
Click the tile of the deployed extension you want to modify.
Change the Applications and Subsystems values as needed.

When you update the Applications and Subsystems values in the extension, all resources in the extension that you deploy are updated with the new list of Applications and Subsystems values.
Click Update.

Removing an extension

To remove an extension you already have deployed in your instance, complete the following steps:

Log in to your IBM Cloud account.
Access your IBM Cloud Logs instance
Click the Integrations icon > Extensions.
Click the tile of the deployed extension you want to remove.
Click - Remove.
Select if your want to delete or keep the deployed assets.

If you choose to delete the deployed assets, the extension is deleted along with the assets deployed by the extension in your IBM Cloud Logs instance.

If you choose to keep the deployed assets when deleting the extension, the assets deployed by the extension will remain in your IBM Cloud Logs instance, but will no longer be associated with the extension. If you deploy the extension again, a new copy of the extension will be deployed and the assets previously deployed will remain in your IBM Cloud Logs instance and will not be overwritten.
Click Remove.

Dettaching resources from a deployed extension

To dettach resources from a deployed extension, complete the following steps:

Log in to your IBM Cloud account.
Access your IBM Cloud Logs instance
Click the Integrations icon > Extensions.
Click the tile of the deployed extension you want to remove.
Click - Remove.
Choose Retain all assets to keep the modified assets that are deployed by the extension in your IBM Cloud Logs instance.
Click Remove.

Dettach resources will no longer be associated with the extension.

If you deploy the extension again, a new copy of the extension will be deployed and the assets previously deployed will remain in your IBM Cloud Logs instance and will not be overwritten.

Removing an extension

To delete an extension, you can run the following API call:

% curl -X DELETE --location --header "Authorization: Bearer ${IAM_TOKEN}"   --header "Accept: application/json"   "https://<ENDPOINT>/v1/extensions/<ExtensionID>/deployment"