Learning about IBM Cloud Logs Routing

You can use the IBM Cloud Logs Routing service to route logs from your IBM Cloud account to your chosen target. You can route logs from your own IBM Cloud workloads, such as, applications on your IBM Cloud Kubernetes Service or Red Hat OpenShift on IBM Cloud clusters, and from selected IBM Cloud service instances.

Tenants and targets

IBM Cloud Logs Routing uses tenants and targets.

A tenant is the account-specific configuration of IBM Cloud Logs Routing running within a region. The tenant configuration includes the target definition. The target defines where the logs are routed.

You must create (onboard) a tenant in your account in each region where you want to use IBM Cloud Logs Routing. Each region is independent and regions do not share data.

IBM Cloud Logs Routing supports the following IBM Cloud services as targets:

IBM Log Analysis
IBM Cloud Logs Instances can be in the same account, a different account, and the same or different region as the IBM Cloud Logs Routing tenant.

Connecting to IBM Cloud Logs Routing

IBM® Cloud Logs Routing provides API endpoints for both management functions, such as creating (onboarding) as a tenant, and ingestion of logs. These API endpoints are separate endpoints that are accessed by using specific URLs in each supported region. You can find the endpoints for each supported region here.

You can manage IBM Cloud Logs Routing by using the management API. The management API supports either a public endpoint or a private endpoint. A public endpoint can be reached over the internet, whereas a private endpoint can be accessed only from within the IBM Cloud private network.

You can send logs to a target destination by using the ingestion API. The ingestion API supports only private endpoints and is therefore not accessible from the public internet.

Through the IBM Cloud Logs Routing UI, you can create a tenant in a region by using the public network.

You must ensure that you can connect to both the management and ingestion endpoints.

The IBM® Cloud Logs Routing supports the following types of endpoints to privately connect to IBM Cloud Logs Routing:

IBM Cloud Cloud Service Endpoint (CSE)
Virtual Private Endpoint (VPE) for VPC for VPC.

If you are connecting from an IBM Cloud VPC, you can connect by using either a CSE or VPE for VPC. For more information, see Using virtual private endpoints for VPC to privately connect to IBM Cloud Logs Routing.

If you are connecting from a system that is not contained in an IBM Cloud VPC, your only private endpoint option is to connect by using a CSE. Connecting to IBM Cloud Logs Routing by using a CSE might not require any additional work on your part. Access to CSEs is only available from within the IBM Cloud private network. For more information, see Using service endpoints to privately connect to IBM Cloud Logs Routing.

You can only access the IBM Cloud Logs Routing UI through the public network.

Log sources

Logs can be received by IBM® Cloud Logs Routing from two sources:

Log data sent to IBM® Cloud Logs Routing by IBM Cloud services that support IBM® Cloud Logs Routing..
Applications with a running IBM® Cloud Logs Routing agent on IBM Cloud Kubernetes Service or Red Hat OpenShift on IBM Cloud clusters.

Determining the origin of IBM Cloud log data

You can determine the IBM Cloud service routing log data by the logSourceCRN value that is included in the log line. The logSourceCRN value is the Cloud Resource Name (CRN) of the originating IBM Cloud service.

This value is not provided for logs that are sent by the IBM Cloud Logs Routing agent.