copyright | lastupdated | keywords | subcollection | ||
---|---|---|---|---|---|
|
2024-10-09 |
logs-router |
{{site.data.keyword.attribute-definition-list}}
{: #getting-started}
Use the {{site.data.keyword.logs_routing_full_notm}} service to route platform logs from your {{site.data.keyword.cloud_notm}} account to your chosen target destination. {: shortdesc}
{: caption="Flow of routed logs" caption-side="bottom"}
Complete the following steps to start using {{site.data.keyword.logs_routing_full}}:
{: #getting-started-before-you-begin} {: step}
-
If you don't have an {{site.data.keyword.cloud_notm}} account, register an {{site.data.keyword.cloud_notm}} account{: external}. You need an IBMid to work in {{site.data.keyword.cloud_notm}}.
-
To configure platform logs, you must configure tenants and targets (destinations) in your {{site.data.keyword.cloud_notm}} account.
{{site.data.content.tenant_definition-paragraph}}
For more information, see Learn more about {{site.data.keyword.logs_routing_full_notm}}.
-
Check the regions where the {{site.data.keyword.logs_routing_full_notm}} service is available. Identify a region where you operate in {{site.data.keyword.cloud_notm}} and check is in the list of supported regions.
-
Check that the user who is configuring {{site.data.keyword.logs_routing_full_notm}} for the {{site.data.keyword.cloud}} account has sufficient permissions to manage the {{site.data.keyword.logs_routing_full_notm}} service. For more information, see Managing IAM access for {{site.data.keyword.logs_routing_full_notm}}.
You need service role reader to view tenants and targets.
You need service role manager to create, delete, update tenants and targets.
-
Install the following tools:
-
Provision an {{site.data.keyword.logs_full_notm}} instance. For more information, see Provisioning an instance.
-
Download and install jq{: external} to process output and query desired results.
{: #getting-started-retrieve-iam-token} {: step}
You must get an {{site.data.keyword.iamlong}} (IAM) access token to authenticate your requests to the {{site.data.keyword.logs_routing_full}} service. For more information, see Retrieving an access token.
For example, you can retrieve your IAM bearer token and export it as an environment variable by running the following CLI command:
export IAM_TOKEN=`ibmcloud iam oauth-tokens --output json | jq -r '.iam_token'`
{: pre}
{: #getting-started-create-s2s} {: step}
You must use {{site.data.keyword.iamlong}} (IAM) to create an authorization that grants {{site.data.keyword.logs_routing_full_notm}} access to {{site.data.keyword.logs_full_notm}} so the {{site.data.keyword.logs_routing_full_notm}} service can send logs to your {{site.data.keyword.logs_full_notm}} instance destination (target).
Complete the following steps:
-
In the {{site.data.keyword.cloud_notm}} console, click Manage > Access (IAM), and select Authorizations.
-
Click Create.
-
Configure the source account. Select This account.
-
Select Logs Routing as the source service. Then, set the scope of the access to All resources.
-
Select Cloud Logs as the target service. Then, set the scope of the access to All resources, which grants access to all {{site.data.keyword.logs_full_notm}} instances, or a single instance by configuring Resources based on selected attributes > Service Instance.
Other attributes are not supported for this type of authorization.
-
In the Service Access section, select Sender to assign access to the source service that accesses the target service.
-
Click Authorize.
For more information, see Creating a S2S authorization to grant access to send logs to {{site.data.keyword.logs_full_notm}}.
{: #getting-started-create-tenant} {: step}
When the {{site.data.keyword.logs_routing_full_notm}} console is first displayed, any existing target information is displayed.
If no target is configured for a region, the region displays the Set target option.
From the {{site.data.keyword.logs_routing_full_notm}} console, you can create a tenant and a target destination by configuring the option Set target for the region that you want to configure.
Complete the following steps:
-
Log in to your {{site.data.keyword.cloud_notm}} account{: external}.
-
Click Logging > Routing.
-
Click Set target.
-
Click the tab Cloud Logs and select an {{site.data.keyword.logs_full_notm}} instance from the list. This is the instance where you want to receive logs that are routed by {{site.data.keyword.logs_routing_full_notm}}.
You can select a {{site.data.keyword.logs_full_notm}} instance from the list.
The {{site.data.keyword.logs_full_notm}} instance must be located in the same account that you are configuring.{: note}
-
Click Save.
{: #getting-started-verify-logs} {: step}
Verify that the logs for your cluster are routed to your {{site.data.keyword.logs_full_notm}} instance.
All platform logs are generated in JSON. You can filter platform logs in your instance be selecting the value of ibm-platform-logs as the applicationName
.
Complete the following steps:
- Launch the {{site.data.keyword.logs_full_notm}} web UI for the {{site.data.keyword.logs_full_notm}} instance that is configured as the target to collect platform logs in a region. This is the instance that you selected in the step where you setup a target.
- View logs through custom views. For more information, see Viewing logs.