IBM Cloud Docs
Getting started with IBM Cloud Monitoring

Getting started with IBM Cloud Monitoring

IBM Cloud® Monitoring is a cloud-native, and container-intelligence management system that you can include as part of your IBM Cloud architecture. Use it to gain operational visibility into the performance and health of your applications, services, and platforms. It offers administrators, DevOps teams and developers full-stack telemetry with advanced features to monitor and troubleshoot, define alerts, and design custom dashboards. In architectures that are focused on container and microservices, you can use Secure to protect, monitor, and enhance forensic analysis of your pipeline and runtime components.

Before you begin

You must have a user ID that is a member or an owner of an IBM Cloud account. To get an IBM Cloud user ID, go to: Registration.

Check the regions where the service is available. Learn more.

Read the About section:

You can complete the getting started steps in any of the supported regions.

Step 1. Manage user access

Every user that accesses the IBM Cloud Monitoring service in your account must be assigned an access policy with an IAM user role defined. The policy determines what actions the user can perform within the context of the service or instance you select. The allowable actions are customized and defined as operations that are allowed to be performed on the service. The actions are then mapped to IAM user roles. For more information, see Managing user access in the IBM Cloud.

When a user is granted permissions in the IBM Cloud to work with the IBM Cloud Monitoring service, the user is automatically granted a service role. This role determines the actions that a user has permissions to run. For more information, see Controlling access through IAM.

Before you can provision an instance, understand the following:

  • The account owner can create, view, and delete an instance of a service in the IBM Cloud, and can grant permissions to other users to work with the IBM Cloud Monitoring service.
  • You must have permissions to create resources in the Default resource group.
  • Other IBM Cloud users with administrator or editor permissions can manage the IBM Cloud Monitoring service in the IBM Cloud. These users must also have platform permissions to create resources within the context of the resource group where they plan to provision the instance.

To grant a user the administrator role for the service and to manage instances within a resource group in the account, the user must have an IAM policy for the IBM Cloud Monitoring service with the platform role Administrator within the context of the resource group. Do the following to assign a user this role:

  1. From the menu bar, click Manage > Access (IAM), and then select Users.

  2. From the row for the user that you want to assign access, select the Actions menu, and then click Assign access.

  3. Select Assign access within a resource group.

  4. Select a resource group.

  5. If the user does not have a role already granted for the selected resource group, choose a role for the Assign access to a resource group field.

    Depending on the role that you select, the user can view the resource group on their dashboard, edit the resource group name, or manage user access to the group.

    You can select No access, if you want the user to only have access to the IBM Cloud Monitoring service in the resource group.

  6. Select IBM Cloud Monitoring.

  7. Select the platform role Administrator.

  8. Click Assign.

Step 2. Provision an instance of the Monitoring service

To add monitoring features with IBM Cloud Monitoring in the IBM Cloud, you must provision an instance of the IBM Cloud Monitoring service.

Instances are provisioned in the context of a resource group. A resource group organizes your services for access control and billing purposes. You can provision the IBM Cloud Monitoring instance in the default resource group or in a custom resource group.

Provision an IBM Cloud Monitoring instance from the IBM Cloud catalog by completing the following steps:

  1. Log in to the IBM Cloud console.

  2. Click Catalog. The list of the services that are available on IBM Cloud opens.

  3. Filter the list of services by selecting the Logging and Monitoring category.

  4. Click the IBM Cloud Monitoring tile.

  5. Select Create.

  6. Select the location where the IBM Cloud Monitoring is to be created.

  7. Select a service plan. By default, the Lite plan is set.

    To provision an instance with the full monitoring funnctionality of the Monitor component, select the Graduated Tier plan.

    To provision an instance that include the Monitor and the Workload Protection (IBM Cloud Security and Compliance Center Workload Protection) components, select the plan Graduated Tier - Sysdig Secure + Monitor.

    The Graduated Tier - Sysdig Secure + Monitor plan is now deprecated. All new IBM Cloud Monitoring instances where IBM Cloud Security and Compliance Center Workload Protection functionality is also required should provision an IBM Cloud Monitoring instance with a connected IBM Cloud Security and Compliance Center Workload Protection instance.

    For more information about Workload Protection, see the IBM Cloud Security and Compliance Center Workload Protection documentation.

    For more information about the service plans, see Service plans.

  8. In Configure resource details enter a name for your instance.

  9. Select a resource group. By default, the Default resource group is set.

  10. Optionally specify any desired tags or access management tags.

  11. You can have one IBM Cloud Monitoring instance in a region configured to receive platform metrics. To configure the instance to receive platform metric, set the Enable platform metrics switch to on.

  12. (Optional) Connect an IBM Cloud Security and Compliance Center Workload Protection instance to your IBM Cloud Monitoring instance.

    An IBM Cloud Security and Compliance Center Workload Protection instance can be linked to your IBM Cloud Monitoring instance so that a single agent can collect both metrics and security data both provisioned services.

    To link an IBM Cloud Security and Compliance Center Workload Protection instance to your IBM Cloud Monitoring instance:

    1. Set the Connect a Workload Protection instance switch to on.

    2. If you have an existing IBM Cloud Security and Compliance Center Workload Protection instance you can connect to the existing instance or create a new instance.

      • To create a new instance:

        1. Select Connect new instance.

        2. To change any of the default details for the new IBM Cloud Security and Compliance Center Workload Protection instance, click Edit, make any required changes and click Save to save your changes.

      • To use an existing instance, select Connect existing instance.

        1. Select Connect existing instance.

        2. Select the instance to be connected from the list.

  13. Confirm that you have read and agreed to the license agreements.

  14. Click Create.

After you provision an instance:

  • The details for the IBM Cloud Monitoring instance are displayed along with whether or not a IBM Cloud Security and Compliance Center Workload Protection instance is connected.
  • A service ID is automatically created. You can use this service ID to get the access key for your instance. The name of the service ID has the following format: {InstanceName}-key-Administrator.

To provision an instance through the CLI, see Provisioning a Monitoring instance through the IBM Cloud CLI.

Step 3. Collect metrics

Next, configure your hosts to send metrics.

You can collect metrics from a number of platforms, orchestrators, and a wide range of applications such as Prometheus, JMX, StatsD, Kubernetes, and other application stacks, that are available in the IBM Cloud®, outside the IBM Cloud, or on-prem. You can also add more metrics by creating custom metrics and adding integrations. Learn more:

Configure platform metrics

Platform metrics are metrics that are exposed by enabled-monitoring services and the platform in IBM Cloud. You must configure a IBM Cloud Monitoring instance in a region to monitor these metrics. Learn more.

To see the list of enabled-monitoring services, see Cloud services.

For example, to configure platform metrics in a region, complete the following steps:

  1. From theIBM Cloud dashboard, go to the menu icon menu icon > Observability to access the Observability dashboard.

  2. Select Monitoring > Options > Edit platform.

  3. Select a region.

  4. Choose the Monitoring instance that will collect metrics from the enabled services on that location.

  5. Click Save.

The main Observability page opens.

The instance that you configured to receive metrics shows the flag Platform metrics.

Configure a monitoring agent

After you provision an instance, you can configure a monitoring agent for each host, where agents are supported, that you want to monitor. For example, a host can be a cloud resource that you want to monitor and control its performance and health such as a Kubernetes cluster. You might also monitor hosts outside the IBM Cloud.

The monitoring agent automatically collects and reports on pre-defined metrics. You use the access key to configure the monitoring agent that is responsible for collecting and forwarding metric data to your instance. For more information, see Working with access keys.

You can configure a monitoring agent for different environments. For example, to configure your Kubernetes cluster to send metrics to your IBM Cloud Monitoring instance, you must install a monitoring-agent pod on each node of your cluster. The monitoring agent collects data from the pod where it is installed, and forwards it to your IBM Cloud Monitoring instance.

Complete one of the following tutorials to learn how to deploy a monitoring agent:

Table 1. Tutorials to get started working with IBM Cloud Monitoring
Tutorial
Monitoring a Linux VPC server instance
Monitoring a Linux bare metal server
Monitoring a Windows environment
Monitoring a Kubernetes cluster
Monitoring a Red Hat OpenShift cluster
Monitoring VMware vCenter server deployments

After the monitoring agent is deployed, the monitoring agent automatically collects and reports on pre-defined and custom metrics. These metrics are forwarded to the IBM Cloud Monitoring instance. You can configure which metrics are monitored in an environment.

If you have connected an instance of IBM Cloud Security and Compliance Center Workload Protection to your IBM Cloud Monitoring instance, the agent will provide data to both services without having to configure two separate agents.

Step 4. Launch the web UI

After you provision an instance of the IBM Cloud Monitoring service in the IBM Cloud, and configure a monitoring agent for your node, you can view, monitor, and manage data through the service's web UI.

You launch the web UI within the context of the IBM Cloud Monitoring instance, from the IBM Cloud UI.

Complete the following steps to launch the monitoring UI:

  1. Log in to your IBM Cloud account.

    Open the IBM Cloud dashboard.

    After you log in with your user ID and password, the IBM Cloud Dashboard opens.

  2. In the navigation menu, select Observability.

  3. Select Monitoring.

    The list of available IBM Cloud Monitoring instances that are available on IBM Cloud is displayed.

  4. Select one instance. Then, click Open dashboard.

The IBM Cloud Monitoring Web UI opens. By default, the Overview tab is displayed.

By default, users are automatically added as members of the Monitor Operations team that is predefined for each Monitoring instance. Users have full permissions to see all the data in the web UI.

An administrator can restrict access to data by managing users in teams and controlling what data is visible. For example, to restrict users viewing permissions, an administrator can create a default team with limited scope and visibility. Then, manually assign users to other teams. For more information, see Working with teams.

Step 5. Next steps