Activity tracking events for Schematics
You can view, manage, and audit user-initiated activities made in your {{site.data.keyword.bplong_full}} service instance by using the IBM Cloud® Activity Tracker service. For more information, see About IBM Cloud Activity Tracker Event Routing.
IBM Cloud Activity Tracker records user-initiated activities that change the state of a service in IBM Cloud. You can use this service to investigate abnormal activity and critical actions and to follow regulatory audit requirements. You can also be alerted about actions as they happen. The events that are collected follow the Cloud Auditing Data Federation (CADF) standard. For more information, see the Getting Started tutorial for IBM Cloud Activity Tracker.
As of 28 March 2024, the IBM Cloud Activity Tracker service is deprecated and will no longer be supported as of 30 March 2025. Customers will need to migrate to IBM Cloud Logs before 30 March 2025. During the migration period, customers can use IBM Cloud Activity Tracker along with IBM Cloud Logs. Activity tracking events are the same for both services. For information about migrating from IBM Cloud Activity Tracker to IBM Cloud Logs and running the services in parallel, see migration planning.
Locations where activity tracking events are generated
Locations where activity tracking events are sent to IBM Cloud Activity Tracker hosted event search
Schematics sends activity tracking events to IBM Cloud Activity Tracker hosted event search in the regions that are indicated in the following table.
To monitor the service, start the Activity Tracker UI to access your events.
Dallas (us-south) |
Washington (us-east) |
|---|---|
| Yes | Yes |
Frankfurt (eu-de) |
London (eu-gb) |
|---|---|
| Yes | Yes |
Locations where activity tracking events are sent by IBM Cloud Activity Tracker Event Routing
Schematics sends activity tracking events by IBM Cloud Activity Tracker Event Routing in the regions that are indicated in the following table.
Dallas (us-south) |
Washington (us-east) |
|---|---|
| Yes | Yes |
Frankfurt (eu-de) |
London (eu-gb) |
|---|---|
| Yes | Yes |
Viewing activity tracking events for Schematics
You can use IBM Cloud Logs to visualize and alert on events that are generated in your account and routed by IBM Cloud Activity Tracker Event Routing to an IBM Cloud Logs instance.
Launching IBM Cloud Logs
For information on launching the IBM Cloud Logs UI, see Launching the UI in the IBM Cloud Logs documentation.
List of platform events
Following are the activity tracking event actions that the IBM Cloud platform generates when Schematics instances are processed.
Terraform (Workspace) events
The following table lists the actions that generate an event for the Schematics Workspace that are associated with a service instance.
| Action | Description |
|---|---|
schematics.workspace.read |
An event is generated for a request to view a Schematics workspace by a user. |
schematics.workspace.create |
An event is generated for a request to create a Schematics workspace. |
schematics.workspace.update |
An event is generated for a request to update a Schematics workspace. |
schematics.workspace.delete |
An event is generated for a request to delete a Schematics workspace. |
schematics.workspace-resources.create |
An event is generated when a Terraform execution apply is created for a workspace. |
schematics.workspace-resources.plan |
An event is generated when a Terraform execution plan is created for a workspace. |
schematics.workspace-resources.delete |
An event is generated for a request to delete the IBM Cloud resources that are provisioned through a Terraform plan and the workspace. |
Ansible events
The following table lists the actions that generate an event for the Schematics Ansible that are associated with a service instance.
| Action | Description |
|---|---|
schematics.action.create |
A Schematics action is created or failed to create. |
schematics.action.delete |
A Schematics action was deleted or failed to delete. |
schematics.action.read |
A user views the Schematics action. |
schematics.action.update |
A Schematics action is updated successfully or failed to update. |
Job events
The following table lists the actions that generate an event for the Schematics job that are associated with a service instance.
| Action | Description |
|---|---|
schematics.job.create |
A Schematics job is created or failed to create. |
schematics.job.delete |
A Schematics job was deleted or failed to delete. |
schematics.job.read |
A user views the Schematics job. |
schematics.job.update |
A Schematics job is updated successfully or failed to update. |
Analyzing Schematics activity tracking events
Creating a workspace
When you create your first workspace, the following events are sent to Schematics owned service ID and IBM Cloud Activity Tracker.
When you manage a workspace, the Schematics service creates the following events:
- An event
schematics.instance.create, when a first workspace is created. - An event
schematics.instance.update, when a workspace is modified. - An event
schematics.instance.delete, when a workspace is deleted.
The initiatorId of the request for these actions is set to a service ID where the Schematics service owns.
In addition, when a workspace is created, more events are also generated:
- Event
schematics.tag.attachto report tagging of the workspace - Event
schematics.instance.createto report the creation of the workspace instance in your account - Event
schematics.instance.updateto report updates to the workspace properties
You can search by target.id to identify all events that report actions on a workspace. For example, you can use a query, such as crn:v1:bluemix:public:schematics:eu-de:a/xxxxxx:xxxxxxx:workspace:eu-de.workspace.observability-workspace.xxxxxxxx.
Events that are generated by Schematics are automatically forwarded to your IBM Cloud Activity Tracker service instance based on the regions.