IBM Cloud Docs
Logging for Secrets Manager

Logging for Secrets Manager

IBM Cloud services, such as Secrets Manager, generate platform logs that you can use to investigate abnormal activity and critical actions in your account, and troubleshoot problems.

You can use IBM Cloud Logs Routing, a platform service, to route platform logs in your account to a destination of your choice by configuring a tenant that defines where platform logs are sent. For more information, see About Logs Routing.

You can use IBM Cloud Logs to visualize and alert on platform logs that are generated in your account and routed by IBM Cloud Logs Routing to an IBM Cloud Logs instance.

As of 28 March 2024, the IBM Log Analysis service is deprecated and will no longer be supported as of 30 March 2025. Customers will need to migrate to IBM Cloud Logs before 30 March 2025. During the migration period, customers can use IBM Log Analysis along with IBM Cloud Logs. Logging is the same for both services. For information about migrating from IBM Log Analysis to IBM Cloud Logs and running the services in parallel, see migration planning.

Before you begin

If you're working with Log Analysis for the first time, be sure that you create an instance in the same location as your Secrets Manager instance. For more information, see Configuring platform logs through the Observability dashboard.

For more information about regions where Secrets Manager supports logging, check out Regions and endpoints.

Viewing logs

Logs that are generated by a Secrets Manager service instance are forwarded automatically to the Log Analysis instance that is available in the same location.

Only logs with the level ERROR are forwarded.

To view Secrets Manager logs, complete the following steps:

  1. Log in to the IBM Cloud console.

  2. Go to IBM Cloud > Observability to access your Observability dashboard.

  3. From the navigation menu, click Logging.

  4. Select a Log Analysis instance, and click Open Dashboard.

    Don't have a Log Analysis instance? Create an instance in the same location as your Secrets Manager instance. Then, click Configure platform logs to receive logs from supported services in your account.

  5. In the logging UI, filter by secrets-manager to view logs that are generated by Secrets Manager.

    For more information about searching and filtering logs, check out the Log Analysis documentation.

Analyzing logs

You can create views and alerts from all of your Secrets Manager instances, or from a specific instance. To target a specific instance, replace host:secrets-manager with app:{INSTANCE_CRN}.

Query for finding all errors from all instances

Run the following query to find all errors from all of your instances.

host:secrets-manager

Query for finding all errors from a specific instance

Run the following query to find all errors from a specific instance.

app:crn:v1:bluemix:public:secrets-manager:au-syd:a/9add8f16c5a24a6ea8ce5d8b89b15b28:ee536f33-48ce-4125-ae4a-37b46cdc802d::

To learn more about creating views and alerts, see the IBM Cloud Logs documentation.