IBM Cloud Docs
Getting started with IBM® Cloud Logs Routing

Getting started with IBM® Cloud Logs Routing

Use the IBM Cloud Logs Routing service to route platform logs from your IBM Cloud account to your chosen target destination.

Flow of routed logs
Figure 1. Flow of routed logs

Complete the following steps to start using IBM® Cloud Logs Routing:

Before you begin

  1. If you don't have an IBM Cloud account, register an IBM Cloud account. You need an IBMid to work in IBM Cloud.

  2. To configure platform logs, you must configure tenants and targets (destinations) in your IBM Cloud account.

    A tenant is the account-specific configuration of IBM Cloud Logs Routing running within a region. You can define up to 2 target destinations per tenant per region. Destinations must be of different type. The target defines where the logs are routed.

    For more information, see Learn more about IBM Cloud Logs Routing.

  3. Check the regions where the IBM Cloud Logs Routing service is available. Identify a region where you operate in IBM Cloud and check is in the list of supported regions.

  4. Check that the user who is configuring IBM Cloud Logs Routing for the IBM Cloud® account has sufficient permissions to manage the IBM Cloud Logs Routing service. For more information, see Managing IAM access for IBM Cloud Logs Routing.

    You need service role reader to view tenants and targets.

    You need service role manager to create, delete, update tenants and targets.

  5. Install the following tools:

Retrieving the IAM bearer token

You must get an IBM Cloud® Identity and Access Management (IAM) access token to authenticate your requests to the IBM® Cloud Logs Routing service. For more information, see Retrieving an access token.

For example, you can retrieve your IAM bearer token and export it as an environment variable by running the following CLI command:

export IAM_TOKEN=`ibmcloud iam oauth-tokens --output json | jq -r '.iam_token'`

Creating a service to service authorization

You must use IBM Cloud® Identity and Access Management (IAM) to create an authorization that grants IBM Cloud Logs Routing access to IBM Cloud Logs so the IBM Cloud Logs Routing service can send logs to your IBM Cloud Logs instance destination (target).

Complete the following steps:

  1. In the IBM Cloud console, click Manage > Access (IAM), and select Authorizations.

  2. Click Create.

  3. Configure the source account. Select This account.

  4. Select Logs Routing as the source service. Then, set the scope of the access to All resources.

  5. Select Cloud Logs as the target service. Then, set the scope of the access to All resources, which grants access to all IBM Cloud Logs instances, or a single instance by configuring Resources based on selected attributes > Service Instance.

    Other attributes are not supported for this type of authorization.

  6. In the Service Access section, select Sender to assign access to the source service that accesses the target service.

  7. Click Authorize.

For more information, see Creating a S2S authorization to grant access to send logs to IBM Cloud Logs.

Creating a tenant

When the IBM Cloud Logs Routing console is first displayed, any existing target information is displayed.

If no target is configured for a region, the region displays the Set target option.

From the IBM Cloud Logs Routing console, you can create a tenant and a target destination by configuring the option Set target for the region that you want to configure.

Complete the following steps:

  1. Log in to your IBM Cloud account.

  2. Click the Menu icon Menu icon > Observability.

  3. Click Logging > Routing.

  4. Click Set target.

  5. Click the tab Cloud Logs and select an IBM Cloud Logs instance from the list. This is the instance where you want to receive logs that are routed by IBM Cloud Logs Routing.

    You can select a IBM Cloud Logs instance from the list.

    The IBM Cloud Logs instance must be located in the same account that you are configuring.

  6. Click Save.

Verifying that logs are sent to the destination target

Verify that the logs for your cluster are routed to your IBM Cloud Logs instance.

All platform logs are generated in JSON. You can filter platform logs in your instance be selecting the value of ibm-platform-logs as the applicationName.

Complete the following steps:

  1. Launch the IBM Cloud Logs web UI for the IBM Cloud Logs instance that is configured as the target to collect platform logs in a region. This is the instance that you selected in the step where you setup a target.
  2. View logs through custom views. For more information, see Viewing logs.