Configuring account settings

You can configure IBM Cloud Logs Routing account settings to define where and how platform logs are collected, routed, and managed in your account. You can do it through the UI, or by using the CLI, the REST API V3, or Terraform scripts.

Before you disable public endpoints by setting --private-api-endpoint-only TRUE, make sure your account has access to the private endpoint. You can do this by running the command ibmcloud account show. If VRF Enabled is true and Service Endpoint Enabled is true then you have access to the private endpoint. If you do not have access to the private endpoint, you will be unable to re-enable the public endpoint since private endpoint access is required to re-enable the public endpoint.

For more information, see About account settings.

IAM permissions

Ensure you have the correct IAM permissions to configure IBM Cloud Logs Routing settings.

Getting details of the account settings by using the UI

Complete the following steps to view the account settings for IBM Cloud Logs Routing by using the UI:

  1. Log in to your IBM Cloud account.

  2. Click the Menu icon Menu icon > Observability.

  3. Click Logging > Routing.

  4. Click the Settings tab.

On this page you can view the following settings:

  • Metadata location: Displays primary metadata region and backup metadata region.

  • Permitted target regions. Displays the targets regions where platform logs can be sent.

  • Default targets: Displays the configured default targets.

  • Public endpoints: Displays if public endpoints are enabled. When disabled, the IBM Cloud Logs Routing UI cannot be accessed.

  • Reports: Displays the configurations in JSON format.

Updating the account settings using the UI

  1. Log in to your IBM Cloud account.

  2. Click the Menu icon Menu icon > Observability.

  3. Click Logging >Routing.

  4. Click the Settings tab.

  5. Click Edit next to the setting to be changed. You can modify the following settings:

  • Metadata location: Select your desired primary metadata region and backup metadata region.

  • Permitted target regions: Select the region where targets can be created. If no regions are selected, then all regions can receive platform logs.

  • Default targets: Select the target that will be used by default when routing rules do not exist or are not matched.

CLI prerequisites

Before you use the the CLI to manage IBM Cloud Logs Routing account settings, Install the IBM Cloud Logs Routing CLI.

Check that you have IAM permissions to read, update, or both the IBM Cloud Logs Routing account settings.

Getting details of the account settings by using the CLI

Use this command to get the settings for the IBM Cloud Logs Routing account configurations.

ibmcloud logs-router setting get [--output FORMAT]

Command options

--output FORMAT
If JSON is specified, output will be returned in JSON format. If JSON is not specified, output will be returned in a tabular format.
help | --help | -h
List options available for the command.

Example

The following is an example where no default or permitted targets have been set.

Default Targets             -
Permitted Target Regions    -
Primary Metadata Region
Backup Metadata Region
Private Api Endpoint Only   false
Api Version                 1

Updating the account settings using the CLI

Use this command to modify current account settings such as the default targets, permitted target regions, and the primary metadata region.

ibmcloud logs-router setting update [--default-targets DEFAULT-TARGETS | @DEFAULT-TARGETS-FILE] [--permitted-target-regions PERMITTED-TARGET-REGIONS] [--primary-metadata-region PRIMARY-METADATA-REGION] [--backup-metadata-region BACKUP-METADATA-REGION] [--private-api-endpoint-only=PRIVATE-API-ENDPOINT-ONLY] [--output FORMAT] [--force]

Command options

primary-metadata-region

Specify the REGION where the metadata associated with route and target definitions is stored.

The maximum length is 256 characters. The minimum length is 3 characters.

backup-metadata-region

Specify the REGION where the metadata associated with route and target definitions is stored as a backup.

The maximum length is 256 characters. The minimum length is 3 characters.

private-api-endpoint-only

Specifies whether nor not a private endpoint can be used. If TRUE only a private endpoint can be used.

default-targets

Is a list of target IDs. If no routing rules cause platform logs to be sent to other targets, these targets will received the platform logs. TARGETS is a comma-separated list of target IDs.

The maximum length is 2 items. The minimum length is 0 items.

permitted-target-regions

Is the list of regions that can be used to define a target. REGIONS is a comma-separated list of regions.

The maximum length is 16 items. The minimum length is 0 items.

--output FORMAT

If JSON specified, output will be returned in JSON format. If JSON is not specified, output will be returned in a tabular format.

help | --help | -h

List options available for the command.

If the update is successful, the current settings will be displayed.

API prerequsites

To make API calls to manage settings, complete the following steps:

  1. Get an IAM access token. For more information, see Retrieving IAM access tokens.
  2. Identify the API endpoint in the region where you plan to configure or manage settings. For more information, see Endpoints.

Getting details of the account settings by using the API

You can use the following cURL command to get existing settings information:

curl -X GET  ENDPOINT/api/v3/settings   -H "Authorization:  $ACCESS_TOKEN"

Where:

ENDPOINT
Is the API endpoint in the region where you plan to configure or manage a target. For more information, see Endpoints.

For example, you can use the following cURL request to get the account settings information:

curl -X GET   https://api.<region>.logs-router.cloud.ibm.com/v3/settings   -H "Authorization:  $ACCESS_TOKEN"

A response similar to the following is returned:

{
  "default_targets":[],
  "permitted_target_regions":[],
  "primary_metadata_region":"",
  "backup_metadata_region":"",
  "private_api_endpoint_only":false,
  "api_version":1
}

Where:

default_targets
Is a list of target IDs. If no routing rules cause platform logs to be sent to other targets, these targets will received the platform logs.
permitted_target_regions
Is the list of regions that can be used to define a target. A maximum of two permitted target regions are allowed.
primary_metadata_region
Is the region where the metadata associated with route and target definitions is stored.
backup_metadata_region
Is the region where the metadata associated with route and target definitions is stored as a backup.
private_api_endpoint_only
Specifies whether nor not a private endpoint can be used. If true only a private endpoint can be used.
api_version
Is the version of the API configured for this account.

Updating the account settings using the API

When you update settings, consider the following information:

  • You must include the settings information in the data section of the request.

  • You must pass the data that is configured for each setting.

    Data that is configured and not included in an update request is deleted.

  • Update the data for the fields that need changing.

  • Changing the API version is only permitted as part of the migration process from V1 to V3. See Transitioning from v1 to v3.

You can use the following cURL command to update settings:

curl -X PATCH   https://api.<region>.logs-router.cloud.ibm.com/v3/settings
-H "Authorization: Bearer <IAM_TOKEN>"
-H 'accept: application/json'
-d '{
    "default_targets": [
      {
        "id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
      }
    ],
    "permitted_target_regions": ["us-south", "us-east"],
    "primary_metadata_region": "us-south",
    "backup_metadata_region": "us-east",
    "private_api_endpoint_only": false
  }'

Where:

ENDPOINT
Is the API endpoint in the region where you plan to configure or manage a target. For more information, see Endpoints.
default_targets
Is a list of target IDs. If no routing rules cause platform logs to be sent to other targets, these targets will received the platform logs.
permitted_target_regions
Is the list of regions that can be used to define a target. A maximum of two permitted target regions can be specified.
primary_metadata_region
Is the region where the metadata associated with route and target definitions is stored.
backup_metadata_region
Is the region where the metadata associated with route and target definitions is stored for backup purposes.
private_api_endpoint_only
Specifies whether or not a private endpoint can be used. If true only a private endpoint can be used.