---
title: Subscribe to sample log generation
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: Docs > API Reference > Security Monitoring
---

> For the complete documentation index, see [llms.txt](https://docs.datadoghq.com/llms.txt).

# Subscribe to sample log generation{% #subscribe-to-sample-log-generation %}
Copy pageCopied
{% tab title="v2" %}
**Note**: This endpoint is in preview and is subject to change. If you have any feedback, contact [Datadog support](https://docs.datadoghq.com/help/).
| Datadog site      | API endpoint                                                                                      |
| ----------------- | ------------------------------------------------------------------------------------------------- |
| ap1.datadoghq.com | POST https://api.ap1.datadoghq.com/api/v2/security_monitoring/sample_log_generation/subscriptions |
| ap2.datadoghq.com | POST https://api.ap2.datadoghq.com/api/v2/security_monitoring/sample_log_generation/subscriptions |
| app.datadoghq.eu  | POST https://api.datadoghq.eu/api/v2/security_monitoring/sample_log_generation/subscriptions      |
| app.ddog-gov.com  | POST https://api.ddog-gov.com/api/v2/security_monitoring/sample_log_generation/subscriptions      |
| us2.ddog-gov.com  | POST https://api.us2.ddog-gov.com/api/v2/security_monitoring/sample_log_generation/subscriptions  |
| uk1.datadoghq.com | POST https://api.uk1.datadoghq.com/api/v2/security_monitoring/sample_log_generation/subscriptions |
| app.datadoghq.com | POST https://api.datadoghq.com/api/v2/security_monitoring/sample_log_generation/subscriptions     |
| us3.datadoghq.com | POST https://api.us3.datadoghq.com/api/v2/security_monitoring/sample_log_generation/subscriptions |
| us5.datadoghq.com | POST https://api.us5.datadoghq.com/api/v2/security_monitoring/sample_log_generation/subscriptions |

### Overview



Subscribe to sample log generation for a Cloud SIEM content pack. Sample logs for the requested content pack are injected into the Logs platform for the duration of the subscription, so detection rules can be exercised without onboarding the underlying integration first.

**Availability**: this endpoint is restricted to Cloud SIEM trial organizations on an eligible pricing model. Non-trial orgs receive `403 Forbidden`, the feature flag may also reject requests with `400 Bad Request`, and legacy pricing tiers receive a response with `status: not_available`.
This endpoint requires any of the following permissions:`security_monitoring_filters_write``logs_modify_indexes` 
OAuth apps require the `security_monitoring_filters_write, logs_modify_indexes` authorization [scope](https://docs.datadoghq.com/api/latest/scopes.md#security-monitoring) to access this endpoint.



### Request

#### Body Data (required)

The content pack to subscribe to and the desired duration of the subscription.

{% tab title="Model" %}

| Parent field | Field                             | Type   | Description                                                                                                                |
| ------------ | --------------------------------- | ------ | -------------------------------------------------------------------------------------------------------------------------- |
|              | data [*required*]            | object | The subscription request body.                                                                                             |
| data         | attributes [*required*]      | object | The attributes for creating a sample log generation subscription.                                                          |
| attributes   | content_pack_id [*required*] | string | The identifier of the Cloud SIEM content pack to subscribe to.                                                             |
| attributes   | duration                          | enum   | How long the subscription should remain active before expiring. Allowed enum values: `1h,1d,3d,7d`                         |
| data         | type [*required*]            | enum   | The type of the resource. The value should always be `subscription_requests`. Allowed enum values: `subscription_requests` |

{% /tab %}

{% tab title="Example" %}

```json
{
  "data": {
    "attributes": {
      "content_pack_id": "aws-cloudtrail",
      "duration": "3d"
    },
    "type": "subscription_requests"
  }
}
```

{% /tab %}

### Response

{% tab title="200" %}
OK
{% tab title="Model" %}
Response containing a single sample log generation subscription.

| Parent field | Field                             | Type      | Description                                                                                                                                |
| ------------ | --------------------------------- | --------- | ------------------------------------------------------------------------------------------------------------------------------------------ |
|              | data [*required*]            | object    | A sample log generation subscription.                                                                                                      |
| data         | attributes [*required*]      | object    | The attributes describing a sample log generation subscription.                                                                            |
| attributes   | content_pack_id [*required*] | string    | The identifier of the Cloud SIEM content pack the subscription targets.                                                                    |
| attributes   | created_at [*required*]      | date-time | The time at which the subscription was created.                                                                                            |
| attributes   | expires_at [*required*]      | date-time | The time at which the subscription expires and stops generating logs.                                                                      |
| attributes   | is_active [*required*]       | boolean   | Whether the subscription is currently active and generating logs.                                                                          |
| attributes   | status [*required*]          | enum      | The status of the subscription. Allowed enum values: `subscribed,renewed,unsubscribed,no_active_subscription,not_available,active,expired` |
| data         | id [*required*]              | string    | The unique identifier of the subscription.                                                                                                 |
| data         | type [*required*]            | enum      | The type of the resource. The value should always be `subscriptions`. Allowed enum values: `subscriptions`                                 |

{% /tab %}

{% tab title="Example" %}

```json
{
  "data": {
    "attributes": {
      "content_pack_id": "aws-cloudtrail",
      "created_at": "2026-05-08T20:02:13.77481Z",
      "expires_at": "2026-05-11T20:02:13.77481Z",
      "is_active": true,
      "status": "subscribed"
    },
    "id": "789",
    "type": "subscriptions"
  }
}
```

{% /tab %}

{% /tab %}

{% tab title="400" %}
Bad Request
{% tab title="Model" %}
API error response.

| Field                    | Type     | Description       |
| ------------------------ | -------- | ----------------- |
| errors [*required*] | [string] | A list of errors. |

{% /tab %}

{% tab title="Example" %}

```json
{
  "errors": [
    "Bad Request"
  ]
}
```

{% /tab %}

{% /tab %}

{% tab title="403" %}
Not Authorized
{% tab title="Model" %}
API error response.

| Field                    | Type     | Description       |
| ------------------------ | -------- | ----------------- |
| errors [*required*] | [string] | A list of errors. |

{% /tab %}

{% tab title="Example" %}

```json
{
  "errors": [
    "Bad Request"
  ]
}
```

{% /tab %}

{% /tab %}

{% tab title="429" %}
Too many requests
{% tab title="Model" %}
API error response.

| Field                    | Type     | Description       |
| ------------------------ | -------- | ----------------- |
| errors [*required*] | [string] | A list of errors. |

{% /tab %}

{% tab title="Example" %}

```json
{
  "errors": [
    "Bad Request"
  ]
}
```

{% /tab %}

{% /tab %}

### Code Example

##### 
                  \## default
# 
 \# Curl command curl -X POST "https://api.datadoghq.com/api/v2/security_monitoring/sample_log_generation/subscriptions" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}" \
-d @- << EOF
{
  "data": {
    "attributes": {
      "content_pack_id": "aws-cloudtrail",
      "duration": "3d"
    },
    "type": "subscription_requests"
  }
}
EOF 
                
##### 

```python
"""
Subscribe to sample log generation returns "OK" response
"""

from datadog_api_client import ApiClient, Configuration
from datadog_api_client.v2.api.security_monitoring_api import SecurityMonitoringApi
from datadog_api_client.v2.model.sample_log_generation_duration import SampleLogGenerationDuration
from datadog_api_client.v2.model.sample_log_generation_subscription_create_attributes import (
    SampleLogGenerationSubscriptionCreateAttributes,
)
from datadog_api_client.v2.model.sample_log_generation_subscription_create_data import (
    SampleLogGenerationSubscriptionCreateData,
)
from datadog_api_client.v2.model.sample_log_generation_subscription_create_request import (
    SampleLogGenerationSubscriptionCreateRequest,
)
from datadog_api_client.v2.model.sample_log_generation_subscription_request_type import (
    SampleLogGenerationSubscriptionRequestType,
)

body = SampleLogGenerationSubscriptionCreateRequest(
    data=SampleLogGenerationSubscriptionCreateData(
        attributes=SampleLogGenerationSubscriptionCreateAttributes(
            content_pack_id="aws-cloudtrail",
            duration=SampleLogGenerationDuration.THREE_DAYS,
        ),
        type=SampleLogGenerationSubscriptionRequestType.SUBSCRIPTION_REQUESTS,
    ),
)

configuration = Configuration()
configuration.unstable_operations["create_sample_log_generation_subscription"] = True
with ApiClient(configuration) as api_client:
    api_instance = SecurityMonitoringApi(api_client)
    response = api_instance.create_sample_log_generation_subscription(body=body)

    print(response)
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=python) and then save the example to `example.py` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" python3 "example.py"
##### 

```ruby
# Subscribe to sample log generation returns "OK" response

require "datadog_api_client"
DatadogAPIClient.configure do |config|
  config.unstable_operations["v2.create_sample_log_generation_subscription".to_sym] = true
end
api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new

body = DatadogAPIClient::V2::SampleLogGenerationSubscriptionCreateRequest.new({
  data: DatadogAPIClient::V2::SampleLogGenerationSubscriptionCreateData.new({
    attributes: DatadogAPIClient::V2::SampleLogGenerationSubscriptionCreateAttributes.new({
      content_pack_id: "aws-cloudtrail",
      duration: DatadogAPIClient::V2::SampleLogGenerationDuration::THREE_DAYS,
    }),
    type: DatadogAPIClient::V2::SampleLogGenerationSubscriptionRequestType::SUBSCRIPTION_REQUESTS,
  }),
})
p api_instance.create_sample_log_generation_subscription(body)
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=ruby) and then save the example to `example.rb` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" rb "example.rb"
##### 

```go
// Subscribe to sample log generation returns "OK" response

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"github.com/DataDog/datadog-api-client-go/v2/api/datadog"
	"github.com/DataDog/datadog-api-client-go/v2/api/datadogV2"
)

func main() {
	body := datadogV2.SampleLogGenerationSubscriptionCreateRequest{
		Data: datadogV2.SampleLogGenerationSubscriptionCreateData{
			Attributes: datadogV2.SampleLogGenerationSubscriptionCreateAttributes{
				ContentPackId: "aws-cloudtrail",
				Duration:      datadogV2.SAMPLELOGGENERATIONDURATION_THREE_DAYS.Ptr(),
			},
			Type: datadogV2.SAMPLELOGGENERATIONSUBSCRIPTIONREQUESTTYPE_SUBSCRIPTION_REQUESTS,
		},
	}
	ctx := datadog.NewDefaultContext(context.Background())
	configuration := datadog.NewConfiguration()
	configuration.SetUnstableOperationEnabled("v2.CreateSampleLogGenerationSubscription", true)
	apiClient := datadog.NewAPIClient(configuration)
	api := datadogV2.NewSecurityMonitoringApi(apiClient)
	resp, r, err := api.CreateSampleLogGenerationSubscription(ctx, body)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Error when calling `SecurityMonitoringApi.CreateSampleLogGenerationSubscription`: %v\n", err)
		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
	}

	responseContent, _ := json.MarshalIndent(resp, "", "  ")
	fmt.Fprintf(os.Stdout, "Response from `SecurityMonitoringApi.CreateSampleLogGenerationSubscription`:\n%s\n", responseContent)
}
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=go) and then save the example to `main.go` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" go run "main.go"
##### 

```java
// Subscribe to sample log generation returns "OK" response

import com.datadog.api.client.ApiClient;
import com.datadog.api.client.ApiException;
import com.datadog.api.client.v2.api.SecurityMonitoringApi;
import com.datadog.api.client.v2.model.SampleLogGenerationDuration;
import com.datadog.api.client.v2.model.SampleLogGenerationSubscriptionCreateAttributes;
import com.datadog.api.client.v2.model.SampleLogGenerationSubscriptionCreateData;
import com.datadog.api.client.v2.model.SampleLogGenerationSubscriptionCreateRequest;
import com.datadog.api.client.v2.model.SampleLogGenerationSubscriptionRequestType;
import com.datadog.api.client.v2.model.SampleLogGenerationSubscriptionResponse;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = ApiClient.getDefaultApiClient();
    defaultClient.setUnstableOperationEnabled("v2.createSampleLogGenerationSubscription", true);
    SecurityMonitoringApi apiInstance = new SecurityMonitoringApi(defaultClient);

    SampleLogGenerationSubscriptionCreateRequest body =
        new SampleLogGenerationSubscriptionCreateRequest()
            .data(
                new SampleLogGenerationSubscriptionCreateData()
                    .attributes(
                        new SampleLogGenerationSubscriptionCreateAttributes()
                            .contentPackId("aws-cloudtrail")
                            .duration(SampleLogGenerationDuration.THREE_DAYS))
                    .type(SampleLogGenerationSubscriptionRequestType.SUBSCRIPTION_REQUESTS));

    try {
      SampleLogGenerationSubscriptionResponse result =
          apiInstance.createSampleLogGenerationSubscription(body);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println(
          "Exception when calling SecurityMonitoringApi#createSampleLogGenerationSubscription");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=java) and then save the example to `Example.java` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" java "Example.java"
##### 

```rust
// Subscribe to sample log generation returns "OK" response
use datadog_api_client::datadog;
use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
use datadog_api_client::datadogV2::model::SampleLogGenerationDuration;
use datadog_api_client::datadogV2::model::SampleLogGenerationSubscriptionCreateAttributes;
use datadog_api_client::datadogV2::model::SampleLogGenerationSubscriptionCreateData;
use datadog_api_client::datadogV2::model::SampleLogGenerationSubscriptionCreateRequest;
use datadog_api_client::datadogV2::model::SampleLogGenerationSubscriptionRequestType;

#[tokio::main]
async fn main() {
    let body = SampleLogGenerationSubscriptionCreateRequest::new(
        SampleLogGenerationSubscriptionCreateData::new(
            SampleLogGenerationSubscriptionCreateAttributes::new("aws-cloudtrail".to_string())
                .duration(SampleLogGenerationDuration::THREE_DAYS),
            SampleLogGenerationSubscriptionRequestType::SUBSCRIPTION_REQUESTS,
        ),
    );
    let mut configuration = datadog::Configuration::new();
    configuration.set_unstable_operation_enabled("v2.CreateSampleLogGenerationSubscription", true);
    let api = SecurityMonitoringAPI::with_config(configuration);
    let resp = api.create_sample_log_generation_subscription(body).await;
    if let Ok(value) = resp {
        println!("{:#?}", value);
    } else {
        println!("{:#?}", resp.unwrap_err());
    }
}
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=rust) and then save the example to `src/main.rs` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" cargo run
##### 

```typescript
/**
 * Subscribe to sample log generation returns "OK" response
 */

import { client, v2 } from "@datadog/datadog-api-client";

const configuration = client.createConfiguration();
configuration.unstableOperations["v2.createSampleLogGenerationSubscription"] =
  true;
const apiInstance = new v2.SecurityMonitoringApi(configuration);

const params: v2.SecurityMonitoringApiCreateSampleLogGenerationSubscriptionRequest =
  {
    body: {
      data: {
        attributes: {
          contentPackId: "aws-cloudtrail",
          duration: "3d",
        },
        type: "subscription_requests",
      },
    },
  };

apiInstance
  .createSampleLogGenerationSubscription(params)
  .then((data: v2.SampleLogGenerationSubscriptionResponse) => {
    console.log(
      "API called successfully. Returned data: " + JSON.stringify(data)
    );
  })
  .catch((error: any) => console.error(error));
```

#### Instructions

First [install the library and its dependencies](https://docs.datadoghq.com/api/latest.md?code-lang=typescript) and then save the example to `example.ts` and run following commands:
    DD_SITE="datadoghq.com" DD_API_KEY="<DD_API_KEY>" DD_APP_KEY="<DD_APP_KEY>" tsc "example.ts"
{% /tab %}
