--- title: Get sample log generation subscriptions description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > API Reference > Security Monitoring --- # Get sample log generation subscriptions{% #get-sample-log-generation-subscriptions %} Copy pageCopied {% tab title="v2" %} **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). | Datadog site | API endpoint | | ----------------- | ------------------------------------------------------------------------------------------------ | | ap1.datadoghq.com | GET https://api.ap1.datadoghq.com/api/v2/security_monitoring/sample_log_generation/subscriptions | | ap2.datadoghq.com | GET https://api.ap2.datadoghq.com/api/v2/security_monitoring/sample_log_generation/subscriptions | | app.datadoghq.eu | GET https://api.datadoghq.eu/api/v2/security_monitoring/sample_log_generation/subscriptions | | app.ddog-gov.com | GET https://api.ddog-gov.com/api/v2/security_monitoring/sample_log_generation/subscriptions | | us2.ddog-gov.com | GET https://api.us2.ddog-gov.com/api/v2/security_monitoring/sample_log_generation/subscriptions | | app.datadoghq.com | GET https://api.datadoghq.com/api/v2/security_monitoring/sample_log_generation/subscriptions | | us3.datadoghq.com | GET https://api.us3.datadoghq.com/api/v2/security_monitoring/sample_log_generation/subscriptions | | us5.datadoghq.com | GET https://api.us5.datadoghq.com/api/v2/security_monitoring/sample_log_generation/subscriptions | ### Overview Get the sample log generation subscriptions for the organization. Sample log generation injects representative example logs for a given Cloud SIEM content pack into the Logs platform, which can be used to test detection rules without onboarding the underlying integration first. **Availability**: this endpoint is restricted to Cloud SIEM trial organizations on an eligible pricing model. Other organizations receive a `403 Forbidden` (non-trial orgs) or a `400 Bad Request` (feature disabled), and legacy pricing tiers receive a response with `status: not_available`. This endpoint requires any of the following permissions:`security_monitoring_filters_read``logs_read_index_data` OAuth apps require the `security_monitoring_filters_read, logs_read_index_data` authorization [scope](https://docs.datadoghq.com/api/latest/scopes.md#security-monitoring) to access this endpoint. ### Arguments #### Query Strings | Name | Type | Description | | --------------- | ------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | status | enum | Filter the subscriptions by status. Use `active` to return only currently active subscriptions, or `all` to return every subscription including expired ones. Ignored when `start_timestamp` is provided. Defaults to `active`. Allowed enum values: `active, all` | | start_timestamp | string | The start of the time range, as an RFC3339 timestamp. When provided, the response includes every subscription that was active at any point in `[start_timestamp, end_timestamp]`, and the `status` filter is ignored. | | end_timestamp | string | The end of the time range, as an RFC3339 timestamp. Ignored unless `start_timestamp` is set. Defaults to the current time when `start_timestamp` is provided. | ### Response {% tab title="200" %} OK {% tab title="Model" %} Response containing a list of sample log generation subscriptions. | Parent field | Field | Type | Description | | ------------ | ------------------------------------- | --------- | ------------------------------------------------------------------------------------------------------------------------------------------ | | | data [*required*] | [object] | The list of sample log generation subscriptions. | | data | attributes [*required*] | object | The attributes describing a sample log generation subscription. | | attributes | content_pack_id [*required*] | string | The identifier of the Cloud SIEM content pack the subscription targets. | | attributes | created_at [*required*] | date-time | The time at which the subscription was created. | | attributes | expires_at [*required*] | date-time | The time at which the subscription expires and stops generating logs. | | attributes | is_active [*required*] | boolean | Whether the subscription is currently active and generating logs. | | attributes | status [*required*] | enum | The status of the subscription. Allowed enum values: `subscribed,renewed,unsubscribed,no_active_subscription,not_available,active,expired` | | data | id [*required*] | string | The unique identifier of the subscription. | | data | type [*required*] | enum | The type of the resource. The value should always be `subscriptions`. Allowed enum values: `subscriptions` | | | meta [*required*] | object | Metadata returned alongside a list of sample log generation subscriptions. | | meta | total_subscriptions [*required*] | int32 | The total number of subscriptions matching the request, irrespective of pagination. | {% /tab %} {% tab title="Example" %} ```json { "data": [ { "attributes": { "content_pack_id": "aws-cloudtrail", "created_at": "2026-05-08T20:02:13.77481Z", "expires_at": "2026-05-11T20:02:13.77481Z", "is_active": true, "status": "subscribed" }, "id": "789", "type": "subscriptions" } ], "meta": { "total_subscriptions": 1 } } ``` {% /tab %} {% /tab %} {% tab title="400" %} Bad Request {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="403" %} Not Authorized {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="429" %} Too many requests {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} ### Code Example ##### \# Curl command curl -X GET "https://api.datadoghq.com/api/v2/security_monitoring/sample_log_generation/subscriptions" \ -H "Accept: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" {% /tab %}