IBM Cloud Global

Cloud Global

Our mission is to provide clients with an online user community of industry peers and IBM experts, to exchange tips and tricks, best practices, and product knowledge. We hope the information you find here helps you maximize the value of your IBM Cloud solutions.

 View Only

How to Connect IBM Cloud Logs to Cloud Object Storage Data and Metrics Buckets

By Gunasekaran Venkatesan posted Mon April 07, 2025 02:47 PM

  

IBM Cloud Logs lets you store, search, and analyze your logs. For long-term storage and metrics, integrating IBM Cloud Logs with IBM Cloud Object Storage (COS) is essential—especially for production environments.

This tutorial will walk you through:

  • Creating and configuring data and metrics buckets in COS

  • Setting up service-to-service (S2S) authorization

  • Connecting the buckets to IBM Cloud Logs using CLI

📍 Best Practice: Use separate buckets for logs and metrics if you need different lifecycle policies.


Step 1: Create Buckets in IBM Cloud Object Storage

  • Go to the IBM Cloud Console.

  • Navigate to Storage > Object Storage.

  • Create two buckets:

    • One for data (log storage)

    • One for metrics

  • Choose Cross Region resiliency for high availability.

  • Supported storage classes:

    • ✅ Smart Tier

    • ✅ Standard

    • ❌ Vault, Cold Vault (not supported for logs)

🔐 Important: Do not enable object lock, retention policies, or public access on these buckets.

Step 2: Set Up Service-to-Service (S2S) Authorization

  • In IBM Cloud Console, go to Manage > Access (IAM) > Authorizations.

  • Click Create.

  • Source service: Cloud Logs

  • Target service: Cloud Object Storage

  • Select the scope:

    • Grant access to all resources or

    • Restrict to specific bucket(s)

  • Under Service access, choose: Writer

  • Click Authorize

Step 3: Connect Buckets to IBM Cloud Logs Using CLI

Prerequisites

  • Install IBM Cloud CLI

  • Log in and target the correct region

Option A: Basic Update Command

ibmcloud resource service-instance-update "cloud-logs-guid" -p '{"logs_bucket_crn": "<YOUR_BUCKET_CRN>", "logs_bucket_endpoint": "<YOUR_BUCKET_ENDPOINT>", "metrics_bucket_crn": "<YOUR_METRICS_BUCKET_CRN>", "metrics_bucket_endpoint": "<YOUR_METRICS_BUCKET_ENDPOINT>"}'

If this fails, use Option B below.

Option B: Update With Retention Period (WORKAROUND)

If the basic update fails, add a temporary retention period:

ibmcloud resource service-instance-update $INSTANCE_GUID -p '{"retention_period": "14", "logs_bucket_crn": "<YOUR_BUCKET_CRN>", "logs_bucket_endpoint": "<YOUR_BUCKET_ENDPOINT>", "metrics_bucket_crn": "<YOUR_METRICS_BUCKET_CRN>", "metrics_bucket_endpoint": "<YOUR_METRICS_BUCKET_ENDPOINT>"}'

Tip: If your current retention is 7, set this to 14 (or vice versa).


After the update is successful, reset the retention period:

ibmcloud resource service-instance-update $INSTANCE_GUID -p '{"retention_period": "ORIGINAL_RETENTION_VALUE"}'

Final Notes

  • Buckets must be in the same region as your IBM Cloud Logs instance for optimal performance.

  • You are responsible for bucket lifecycle policies.

  • Consider enabling metrics only if you want Prometheus-style time-series analysis of log events.

Conclusion

By connecting IBM Cloud Logs to IBM Cloud Object Storage, you unlock powerful capabilities for long-term log retention, compliance, and metric analysis. Whether you're troubleshooting in real-time or auditing historical events, this integration ensures your log data is securely stored and easily accessible.

Remember:

  • Use separate buckets if you require different lifecycle policies.

  • Ensure buckets are in the same region for optimal performance.

  • Always validate your IAM permissions and retention settings during configuration.

With this setup in place, your logging infrastructure is now more resilient, scalable, and production-read

0 comments
9 views

Permalink

https://community.ibm.com/community/user/blogs/gunasekaran-venkatesan/2025/04/07/how-to-connect-ibm-cloud-logs-to-cloud-object-stor