Migrating alerts

You can use the Migration tool to help you migrate alerts that you have configured in your IBM Cloud Activity Tracker instances and IBM Log Analysis instances.

Before you begin

Learn about migration. For more information, see Migrating IBM Cloud Logs.
Learn about the Migration tool. For more information, see Migration CLI.
Learn about enabling event notifications for IBM Cloud Logs. For more information, see Configuring an outbound integration.
Learn about alerts. For more information, see Alerting.
Learn about the IBM Cloud Event Notifications service. For more information, see What is Event Notifications?.

Alerting in IBM Cloud Activity Tracker or IBM Log Analysis

When you configure alerts in an IBM Cloud Activity Tracker or IBM Log Analysis instance, consider the following information:

You must define a view and attach the alert to the view.
You can define presence or absence alerts. For more information, see Types of alerts.
You can notify through email, slack, webhook, IBM Cloud Monitoring, and PagerDuty. For more information, see Notification channels.
When alerts are triggered, you cannot manage the triggered alerts through the UI.

Alerting in IBM Cloud Logs

When you configure alerts in an IBM Cloud Logs instance, consider the following information:

Alerts are a type of resource. They are not dependent on views.
You can define different types of alerts such as standard alerts, flow alerts, and new value alerts. For information on the alert types that are supported, see Alerts.
You can use the Incidents page to manage alerts that are triggered.
Alerts are triggered through the IBM Cloud Event Notifications service. You configure the notification channels and conditions that trigger the alert in the IBM Cloud Event Notifications service.

Integration with the IBM Cloud Event Notifications service

To configure alerting in IBM Cloud Logs, complete the following steps:

In IBM Cloud Logs, alerts are triggered through the IBM Cloud Event Notifications service. If you do not currently use the service and have alerts configured in your IBM Cloud Activity Tracker instances or your IBM Log Analysis instances, you must provision an instance of the IBM Cloud Activity Tracker service. For more information, see Configuring an outbound integration for IBM Cloud Logs.
In IAM, define a service to service authorization between the IBM Cloud Logs instance and the IBM Cloud Event Notifications instance. For more information, see Creating a S2S authorization to work with the IBM Cloud Event Notifications service.
Configure an outbound integration in your IBM Cloud Logs instance to connect it with the IBM Cloud Event Notifications instance. For more information, see Connecting to Event Notifications in the console.

This task creates a source definition in the IBM Cloud Event Notifications instance, and an integration configuration in the IBM Cloud Logs instance.
Define your alerts in the IBM Cloud Logs instance. Select the outbound integration through which you want to notify when the alert is triggered.
Configure the IBM Cloud Event Notifications instance to route event notifications when an alert is triggered in IBM Cloud Logs to your target destinations.
- Define 1 or more topics.
  
  A topic defines the alert conditions that you want to group together.
  
  For example, if you have multiple alert definitions in your IBM Cloud Logs instance that notify through the same slack channel, you can configure these alerts within the same topic.
  
  Another example, if you have multiple alert definitions in your IBM Cloud Logs instance that notify through different slack channels, you must configure as many topics as slack channels you use, and include in a topic the alerts that notify through the same slack channel.
- Define 1 or more destinations.
  
  A destination defines a notification channel that you can use to notify when an alert is triggered.
  
  For more information on destinations, see Supported destinations.
- Define 1 or more subscriptions.
  
  A subscription links 1 topic with 1 destination.
  
  You must add subscriptions to define the alerts configured in a topic are the ones notified through the destination selected in the subcription configuration.

The following figure shows the high level view of an IBM Cloud Logs instance and the IBM Cloud Event Notifications service that you might configure:

High-level view of an IBM Cloud Logs instance and the IBM Cloud Event Notifications instance

Migrating alerts

When you migrate an instance by using the Migration tool, alerts are migrated, an outbound integration is created and destinations are created.

Queries for views and alerts are migrated. However, since mapping is applied in a generic form across all environments, you might need to modify the proposed mapping created by the migration tool to meet your requirements.