IBM Cloud Docs
Collecting failed events

Collecting failed events

As part of the Integrations in Event Notifications, you can enable collecting failed events and take appropriate action.

Collect failed events helps you to identify which messages have failed and can take remedial action.

When a message fails to be delivered a set number of times, the failed message ends up in a IBM Cloud Object Storage bucket. You can able to identify the subscription or topic to which that failed message belongs and take further action, if required.

Before you enable collecting failed events in Destinations, make sure that you have an IBM Cloud Object Storage instance created and configured in the same account as your Event Notifications instance.

If you are using Event Notifications CLI or API to configure IBM Cloud Object Storage service instance, ensure that you have enabled authorization to grant access between services before integrating with IBM Cloud Object Storage. For more information, see Using authorizations to grant access between services.

If you want to enforce access restrictions based on IP addresses, it is recommended to use context-based restrictions instead of a legacy bucket firewall. For details, see Restricting access by network context in the Object Storage documentation. If your setup must continue use of a legacy firewall, use the Support Center to create a support case for assistance with the IP range information.

To configure and collect failed events, do the following steps:

  1. From your Event Notifications instance dashboard, click Integrations. By default, Key Management and Collect Failed Events tile will be displayed.

  2. Click Connect in the Collect Failed Events tile. The Collect Failed Events side panel displays.

  3. Instance name - Select the IBM Cloud Object Storage instance name from the list, if you already have an IBM Cloud Object Storage instance. Otherwise, click the Create new instance link, to create an IBM Cloud Object Storage instance.

    When you select an IBM Cloud Object Storage instance, the authorization between the services will be created internally between the two service instances, if the authorization between the services doesn't exist.

  4. Bucket name - Enter the Bucket name to be used for storing the failed events.

    You can get the bucket name from your IBM Cloud Object Storage instance. For more information, see Bucket name.

    The pattern (is a combination of destination name and notification ID) that Event Notifications uses to store the object in IBM Cloud Object Storage bucket is similar to the following example :

    Rhonda Macejkovic/013f87bc-0537-4dad-8511-8cb054890ffc.json,

    where Rhonda Macejkovic is destination name and 013f87bc-0537-4dad-8511-8cb054890ffc is notification ID. .json is the payload format.

  5. Endpoint - Enter the IBM Cloud Object Storage endpoint URL. For more information, see Endpoint url.

  6. Click Save.

  7. From your Event Notifications instance dashboard, click Destinations.

  8. Click the toggle switch to ON status under the Collect failed events column for the destination for which you want to collect the failed events. A success message is displayed for switching ON for collecting failed events for the selected destination.

Available list of destinations for collecting failed events

After configuration and enabling collecting of failed events for a destination, the failed events gets added to the IBM Cloud Object Storage bucket. You can take further action on the failed events as per your requirements.

If you disconnect Collect Failed Events from the Integrations > Collect Failed Events overflow menu option, then all the destinations that are enabled to collect the failed events, will be switched to OFF state.

Using authorizations to grant access between services

Use IBM Cloud® Identity and Access Management (IAM) to create or remove an authorization that grants one service access to another service.

Creating an authorization in the console

  1. In the IBM Cloud console, click Manage > Access (IAM), and select Authorizations.

  2. Click Create.

  3. Select a source account.

    • If the source service that needs access to the target service is in this account, select This account.
  4. Select a Source service as Event Notifications.

  5. Specify whether you want the authorization to be for all resources or Resources based on selected attributes. If you selected Resources based on selected attributes, then specify the Add attributes: only source resource group or only source service instance.

  6. Select a Target service as IBM Cloud Object Storage.

  7. For the target service, specify whether you want the authorization to be for all instances, only to a specific instance in the account, or instances only in a certain resource group.

  8. Select both the roles (Reader, and Object Writer) to assign access to the source service that accesses the target service.

    If you have selected only one of these two roles (Reader or Object Writer) during the service to service authorization, you may endup with not able to write or read from the IBM Cloud Object Storage bucket. You will get an error for service to service authorization failure in these cases. Make sure to recreate an authorization between the services with both the roles selected.

  9. Click Authorize.

Creating an authorization by using the CLI

To authorize a source service to access a target service, run the ibmcloud iam authorization-policy-create command.

For more information about all of the parameters that are available for this command, see ibmcloud iam authorization-policy-create.

How to find the Bucket name in the IBM Cloud Object Storage service instance?

  1. Login to your IBM Cloud account.

  2. Navigate to Resource List in the menu.

  3. Navigate to Storage in the Resource list.

  4. Click the IBM Cloud Object Storage name that will display your IBM Cloud Object Storage console.

  5. In the IBM Cloud Object Storage console, navigate to Buckets.

  6. Select and copy the required Bucket name. Use this copied Bucket name in the Collect Failed Events screen.

How to find the Endpoint URL of the IBM Cloud Object Storage service instance?

Endpoints are used with your credentials (Bucket name, API Key, SDK) to tell your service where to look for your bucket.

  1. Login to your IBM Cloud account.

  2. Navigate to Resource List in the menu.

  3. Navigate to Storage in the Resource list.

  4. Click the IBM Cloud Object Storage name that will display your IBM Cloud Object Storage console.

  5. In the IBM Cloud Object Storage console, navigate to Buckets in the menu.

  6. Click the required Bucket name to view the Bucket configuration details.

  7. Navigate to Endpoints section and copy your public or private endpoints as required.