logs
Creates, updates, deletes, gets or lists a logs resource.
Overview
| Name | logs |
| Type | Resource |
| Id | datadog.logs.logs |
Fields
The following fields are returned by SELECT queries:
- list_logs_get
| Name | Datatype | Description |
|---|---|---|
id | string | Unique ID of the Log. (example: AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA) |
attributes | object | JSON object containing all log attributes and their associated values. |
type | string | Type of the event. (default: log, example: log) |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list_logs_get | select | region | filter[query], filter[indexes], filter[from], filter[to], filter[storage_tier], sort, page[cursor], page[limit] | List endpoint returns logs that match a log search query. [Results are paginated][1]. Use this endpoint to search and filter your logs. If you are considering archiving logs for your organization, consider use of the Datadog archive capabilities instead of the log list API. See [Datadog Logs Archive documentation][2]. [1]: /logs/guide/collect-multiple-logs-with-pagination [2]: https://docs.datadoghq.com/logs/archives |
submit_log | insert | region | Content-Encoding, ddtags | Send your logs to your Datadog platform over HTTP. Limits per HTTP request are: - Maximum content size per payload (uncompressed): 5MB - Maximum size for a single log: 1MB - Maximum array size if sending multiple logs in an array: 1000 entries Any log exceeding 1MB is accepted and truncated by Datadog: - For a single log request, the API truncates the log at 1MB and returns a 2xx. - For a multi-logs request, the API processes all logs, truncates only logs larger than 1MB, and returns a 2xx. Datadog recommends sending your logs compressed. Add the Content-Encoding: gzip header to the request when sending compressed logs.Log events can be submitted with a timestamp that is up to 18 hours in the past. The status codes answered by the HTTP API are: - 202: Accepted: the request has been accepted for processing - 400: Bad request (likely an issue in the payload formatting) - 401: Unauthorized (likely a missing API Key) - 403: Permission issue (likely using an invalid API Key) - 408: Request Timeout, request should be retried after some time - 413: Payload too large (batch is above 5MB uncompressed) - 429: Too Many Requests, request should be retried after some time - 500: Internal Server Error, the server encountered an unexpected condition that prevented it from fulfilling the request, request should be retried after some time - 503: Service Unavailable, the server is not ready to handle the request probably because it is overloaded, request should be retried after some time |
list_logs | insert | region | List endpoint returns logs that match a log search query. [Results are paginated][1]. Use this endpoint to search and filter your logs. If you are considering archiving logs for your organization, consider use of the Datadog archive capabilities instead of the log list API. See [Datadog Logs Archive documentation][2]. [1]: /logs/guide/collect-multiple-logs-with-pagination [2]: https://docs.datadoghq.com/logs/archives | |
aggregate_logs | exec | region | The API endpoint to aggregate events into buckets and compute metrics and timeseries. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
region | string | (default: datadoghq.com) |
Content-Encoding | string | HTTP header used to compress the media-type. |
ddtags | string | Log tags can be passed as query parameters with text/plain content type. (example: env:prod,user:my-user) |
filter[from] | string (date-time) | Minimum timestamp for requested logs. (example: 2019-01-02T09:42:36.320Z) |
filter[indexes] | array | For customers with multiple indexes, the indexes to search. Defaults to '*' which means all indexes (example: [main, web]) |
filter[query] | string | Search query following logs syntax. (example: @datacenter:us @role:db) |
filter[storage_tier] | string | Specifies the storage type to be used |
filter[to] | string (date-time) | Maximum timestamp for requested logs. (example: 2019-01-03T09:42:36.320Z) |
page[cursor] | string | List following results with a cursor provided in the previous query. (example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==) |
page[limit] | integer (int32) | Maximum number of logs in the response. (example: 25) |
sort | string | Order of logs in results. |
SELECT examples
- list_logs_get
List endpoint returns logs that match a log search query.
[Results are paginated][1].
Use this endpoint to search and filter your logs.
If you are considering archiving logs for your organization,
consider use of the Datadog archive capabilities instead of the log list API.
See [Datadog Logs Archive documentation][2].
[1]: /logs/guide/collect-multiple-logs-with-pagination
[2]: https://docs.datadoghq.com/logs/archives
SELECT
id,
attributes,
type
FROM datadog.logs.logs
WHERE region = '{{ region }}' -- required
AND filter[query] = '{{ filter[query] }}'
AND filter[indexes] = '{{ filter[indexes] }}'
AND filter[from] = '{{ filter[from] }}'
AND filter[to] = '{{ filter[to] }}'
AND filter[storage_tier] = '{{ filter[storage_tier] }}'
AND sort = '{{ sort }}'
AND page[cursor] = '{{ page[cursor] }}'
AND page[limit] = '{{ page[limit] }}'
;
INSERT examples
- submit_log
- list_logs
- Manifest
Send your logs to your Datadog platform over HTTP. Limits per HTTP request are:
- Maximum content size per payload (uncompressed): 5MB
- Maximum size for a single log: 1MB
- Maximum array size if sending multiple logs in an array: 1000 entries
Any log exceeding 1MB is accepted and truncated by Datadog:
- For a single log request, the API truncates the log at 1MB and returns a 2xx.
- For a multi-logs request, the API processes all logs, truncates only logs larger than 1MB, and returns a 2xx.
Datadog recommends sending your logs compressed.
Add the Content-Encoding: gzip header to the request when sending compressed logs.
Log events can be submitted with a timestamp that is up to 18 hours in the past.
The status codes answered by the HTTP API are:
- 202: Accepted: the request has been accepted for processing
- 400: Bad request (likely an issue in the payload formatting)
- 401: Unauthorized (likely a missing API Key)
- 403: Permission issue (likely using an invalid API Key)
- 408: Request Timeout, request should be retried after some time
- 413: Payload too large (batch is above 5MB uncompressed)
- 429: Too Many Requests, request should be retried after some time
- 500: Internal Server Error, the server encountered an unexpected condition that prevented it from fulfilling the request, request should be retried after some time
- 503: Service Unavailable, the server is not ready to handle the request probably because it is overloaded, request should be retried after some time
INSERT INTO datadog.logs.logs (
region,
Content-Encoding,
ddtags
)
SELECT
'{{ region }}',
'{{ Content-Encoding }}',
'{{ ddtags }}'
;
List endpoint returns logs that match a log search query.
[Results are paginated][1].
Use this endpoint to search and filter your logs.
If you are considering archiving logs for your organization,
consider use of the Datadog archive capabilities instead of the log list API.
See [Datadog Logs Archive documentation][2].
[1]: /logs/guide/collect-multiple-logs-with-pagination
[2]: https://docs.datadoghq.com/logs/archives
INSERT INTO datadog.logs.logs (
data__filter,
data__options,
data__page,
data__sort,
region
)
SELECT
'{{ filter }}',
'{{ options }}',
'{{ page }}',
'{{ sort }}',
'{{ region }}'
RETURNING
data,
links,
meta
;
# Description fields are for documentation purposes
- name: logs
props:
- name: region
value: string
description: Required parameter for the logs resource.
- name: filter
value: object
description: |
The search and filter query settings
- name: options
value: object
description: |
Global query options that are used during the query.
Note: These fields are currently deprecated and do not affect the query results.
- name: page
value: object
description: |
Paging attributes for listing logs.
- name: sort
value: string
description: |
Sort parameters when querying logs.
valid_values: ['timestamp', '-timestamp']
- name: Content-Encoding
value: string
description: HTTP header used to compress the media-type.
- name: ddtags
value: string
description: Log tags can be passed as query parameters with `text/plain` content type. (example: env:prod,user:my-user)
Lifecycle Methods
- aggregate_logs
The API endpoint to aggregate events into buckets and compute metrics and timeseries.
EXEC datadog.logs.logs.aggregate_logs
@region='{{ region }}' --required
@@json=
'{
"compute": "{{ compute }}",
"filter": "{{ filter }}",
"group_by": "{{ group_by }}",
"options": "{{ options }}",
"page": "{{ page }}"
}'
;