--- title: Subscribe to sample log generation description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > API Reference > Security Monitoring --- # Subscribe to sample log generation{% #subscribe-to-sample-log-generation %} Copy pageCopied {% tab title="v2" %} **Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/). | Datadog site | API endpoint | | ----------------- | ------------------------------------------------------------------------------------------------- | | ap1.datadoghq.com | POST https://api.ap1.datadoghq.com/api/v2/security_monitoring/sample_log_generation/subscriptions | | ap2.datadoghq.com | POST https://api.ap2.datadoghq.com/api/v2/security_monitoring/sample_log_generation/subscriptions | | app.datadoghq.eu | POST https://api.datadoghq.eu/api/v2/security_monitoring/sample_log_generation/subscriptions | | app.ddog-gov.com | POST https://api.ddog-gov.com/api/v2/security_monitoring/sample_log_generation/subscriptions | | us2.ddog-gov.com | POST https://api.us2.ddog-gov.com/api/v2/security_monitoring/sample_log_generation/subscriptions | | app.datadoghq.com | POST https://api.datadoghq.com/api/v2/security_monitoring/sample_log_generation/subscriptions | | us3.datadoghq.com | POST https://api.us3.datadoghq.com/api/v2/security_monitoring/sample_log_generation/subscriptions | | us5.datadoghq.com | POST https://api.us5.datadoghq.com/api/v2/security_monitoring/sample_log_generation/subscriptions | ### Overview Subscribe to sample log generation for a Cloud SIEM content pack. Sample logs for the requested content pack are injected into the Logs platform for the duration of the subscription, so detection rules can be exercised without onboarding the underlying integration first. **Availability**: this endpoint is restricted to Cloud SIEM trial organizations on an eligible pricing model. Non-trial orgs receive `403 Forbidden`, the feature flag may also reject requests with `400 Bad Request`, and legacy pricing tiers receive a response with `status: not_available`. This endpoint requires any of the following permissions:`security_monitoring_filters_write``logs_modify_indexes` OAuth apps require the `security_monitoring_filters_write, logs_modify_indexes` authorization [scope](https://docs.datadoghq.com/api/latest/scopes.md#security-monitoring) to access this endpoint. ### Request #### Body Data (required) The content pack to subscribe to and the desired duration of the subscription. {% tab title="Model" %} | Parent field | Field | Type | Description | | ------------ | --------------------------------- | ------ | -------------------------------------------------------------------------------------------------------------------------- | | | data [*required*] | object | The subscription request body. | | data | attributes [*required*] | object | The attributes for creating a sample log generation subscription. | | attributes | content_pack_id [*required*] | string | The identifier of the Cloud SIEM content pack to subscribe to. | | attributes | duration | enum | How long the subscription should remain active before expiring. Allowed enum values: `1h,1d,3d,7d` | | data | type [*required*] | enum | The type of the resource. The value should always be `subscription_requests`. Allowed enum values: `subscription_requests` | {% /tab %} {% tab title="Example" %} ```json { "data": { "attributes": { "content_pack_id": "aws-cloudtrail", "duration": "3d" }, "type": "subscription_requests" } } ``` {% /tab %} ### Response {% tab title="200" %} OK {% tab title="Model" %} Response containing a single sample log generation subscription. | Parent field | Field | Type | Description | | ------------ | --------------------------------- | --------- | ------------------------------------------------------------------------------------------------------------------------------------------ | | | data [*required*] | object | A sample log generation subscription. | | data | attributes [*required*] | object | The attributes describing a sample log generation subscription. | | attributes | content_pack_id [*required*] | string | The identifier of the Cloud SIEM content pack the subscription targets. | | attributes | created_at [*required*] | date-time | The time at which the subscription was created. | | attributes | expires_at [*required*] | date-time | The time at which the subscription expires and stops generating logs. | | attributes | is_active [*required*] | boolean | Whether the subscription is currently active and generating logs. | | attributes | status [*required*] | enum | The status of the subscription. Allowed enum values: `subscribed,renewed,unsubscribed,no_active_subscription,not_available,active,expired` | | data | id [*required*] | string | The unique identifier of the subscription. | | data | type [*required*] | enum | The type of the resource. The value should always be `subscriptions`. Allowed enum values: `subscriptions` | {% /tab %} {% tab title="Example" %} ```json { "data": { "attributes": { "content_pack_id": "aws-cloudtrail", "created_at": "2026-05-08T20:02:13.77481Z", "expires_at": "2026-05-11T20:02:13.77481Z", "is_active": true, "status": "subscribed" }, "id": "789", "type": "subscriptions" } } ``` {% /tab %} {% /tab %} {% tab title="400" %} Bad Request {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="403" %} Not Authorized {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} {% tab title="429" %} Too many requests {% tab title="Model" %} API error response. | Field | Type | Description | | ------------------------ | -------- | ----------------- | | errors [*required*] | [string] | A list of errors. | {% /tab %} {% tab title="Example" %} ```json { "errors": [ "Bad Request" ] } ``` {% /tab %} {% /tab %} ### Code Example ##### \## default # \# Curl command curl -X POST "https://api.datadoghq.com/api/v2/security_monitoring/sample_log_generation/subscriptions" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \ -d @- << EOF { "data": { "attributes": { "content_pack_id": "aws-cloudtrail", "duration": "3d" }, "type": "subscription_requests" } } EOF {% /tab %}