Logs Indexes
Security Monitoring is now available Security Monitoring is now available

Logs Indexes

Manage configuration of log indexes. You need an API and application key with Admin rights to interact with this endpoint.

Get all indexes

Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.

get https://api.datadoghq.comhttps://api.datadoghq.eu/api/v1/logs/config/indexes

Overview

The Index object describes the configuration of a log index. This endpoint returns an array of the LogIndex objects of your organization.

Response

OK

Object with all Index configurations for a given organization.

Expand All

Field

Type

Description

indexes

[object]

Array of Log index configurations.

daily_limit

int64

The number of log events you can send in this index per day before you are rate-limited.

exclusion_filters

[object]

An array of exclusion objects. The logs are tested against the query of each filter, following the order of the array. Only the first matching active exclusion matters, others (if any) are ignored.

filter

object

Exclusion filter is defined by a query, a sampling rule, and a active/inactive toggle.

query

string

Default query is *, meaning all logs flowing in the index would be excluded. Scope down exclusion filter to only a subset of logs with a log query.

sample_rate [required]

double

Sample rate to apply to logs going through this exclusion filter, a value of 1 will exclude all logs matching the query.

is_enabled

boolean

Whether or not the exclusion filter is active.

name [required]

string

Name of the index exclusion filter.

filter [required]

object

Filter for logs.

query

string

The filter query.

is_rate_limited

boolean

A boolean stating if the index is rate limited, meaning more logs than the daily limit have been sent. Rate limit is reset every-day at 2pm UTC.

name

string

The name of the index.

num_retention_days

int64

The number of days before logs are deleted from this index.

{
  "indexes": [
    {
      "daily_limit": "integer",
      "exclusion_filters": [
        {
          "filter": {
            "query": "*",
            "sample_rate": "1"
          },
          "is_enabled": false,
          "name": "payment"
        }
      ],
      "filter": {
        "query": "source:python"
      },
      "is_rate_limited": false,
      "name": "string",
      "num_retention_days": "integer"
    }
  ]
}

Forbidden

Error response object.

Expand All

Field

Type

Description

errors [required]

[string]

Array of errors returned by the API.

{
  "errors": [
    "Bad Request"
  ]
}

Code Example


                                        # Curl command
curl -X get https://api.datadoghq.comhttps://api.datadoghq.eu/api/v1/logs/config/indexes \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_CLIENT_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_CLIENT_APP_KEY}"

                                        

Get an index

Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.

get https://api.datadoghq.comhttps://api.datadoghq.eu/api/v1/logs/config/indexes/{name}

Overview

Get one log index from your organization. This endpoint takes no JSON arguments.

Arguments

Path Parameters

Name

Type

Description

name [required]

string

Name of the log index.

Response

OK

Object describing a Datadog Log index.

Expand All

Field

Type

Description

daily_limit

int64

The number of log events you can send in this index per day before you are rate-limited.

exclusion_filters

[object]

An array of exclusion objects. The logs are tested against the query of each filter, following the order of the array. Only the first matching active exclusion matters, others (if any) are ignored.

filter

object

Exclusion filter is defined by a query, a sampling rule, and a active/inactive toggle.

query

string

Default query is *, meaning all logs flowing in the index would be excluded. Scope down exclusion filter to only a subset of logs with a log query.

sample_rate [required]

double

Sample rate to apply to logs going through this exclusion filter, a value of 1 will exclude all logs matching the query.

is_enabled

boolean

Whether or not the exclusion filter is active.

name [required]

string

Name of the index exclusion filter.

filter [required]

object

Filter for logs.

query

string

The filter query.

is_rate_limited

boolean

A boolean stating if the index is rate limited, meaning more logs than the daily limit have been sent. Rate limit is reset every-day at 2pm UTC.

name

string

The name of the index.

num_retention_days

int64

The number of days before logs are deleted from this index.

{
  "daily_limit": "integer",
  "exclusion_filters": [
    {
      "filter": {
        "query": "*",
        "sample_rate": "1"
      },
      "is_enabled": false,
      "name": "payment"
    }
  ],
  "filter": {
    "query": "source:python"
  },
  "is_rate_limited": false,
  "name": "string",
  "num_retention_days": "integer"
}

Forbidden

Error response object.

Expand All

Field

Type

Description

errors [required]

[string]

Array of errors returned by the API.

{
  "errors": [
    "Bad Request"
  ]
}

Not Found

Response returned by the Logs API when errors occur.

Expand All

Field

Type

Description

error

object

Error returned by the Logs API

code

string

Code identifying the error

details

[object]

Additional error details

message

string

Error message

{
  "error": {
    "code": "string",
    "details": [],
    "message": "string"
  }
}

Code Example


                                        # Path parameters
export name="CHANGE_ME"
# Curl command curl -X get https://api.datadoghq.comhttps://api.datadoghq.eu/api/v1/logs/config/indexes/${name} \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_CLIENT_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_CLIENT_APP_KEY}"

Get indexes order

Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.

get https://api.datadoghq.comhttps://api.datadoghq.eu/api/v1/logs/config/index-order

Overview

Get the current order of your log indexes. This endpoint takes no JSON arguments.

Response

OK

Object containing the ordered list of log index names.

Expand All

Field

Type

Description

index_names [required]

[string]

Array of strings identifying by their name(s) the index(es) of your organization. Logs are tested against the query filter of each index one by one, following the order of the array. Logs are eventually stored in the first matching index.

{
  "index_names": [
    "main",
    "payments",
    "web"
  ]
}

Forbidden

Error response object.

Expand All

Field

Type

Description

errors [required]

[string]

Array of errors returned by the API.

{
  "errors": [
    "Bad Request"
  ]
}

Code Example


                                        # Curl command
curl -X get https://api.datadoghq.comhttps://api.datadoghq.eu/api/v1/logs/config/index-order \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_CLIENT_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_CLIENT_APP_KEY}"

                                        

Update an index

Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.

put https://api.datadoghq.comhttps://api.datadoghq.eu/api/v1/logs/config/indexes/{name}

Overview

Update an index as identified by its name. Returns the Index object passed in the request body when the request is successful.

Using the PUT method updates your index’s configuration by replacing your current configuration with the new one sent to your Datadog organization.

Arguments

Path Parameters

Name

Type

Description

name [required]

string

Name of the log index.

Request

Body Data

Object containing the new LogsIndex.

Expand All

Field

Type

Description

daily_limit

int64

The number of log events you can send in this index per day before you are rate-limited.

exclusion_filters

[object]

An array of exclusion objects. The logs are tested against the query of each filter, following the order of the array. Only the first matching active exclusion matters, others (if any) are ignored.

filter

object

Exclusion filter is defined by a query, a sampling rule, and a active/inactive toggle.

query

string

Default query is *, meaning all logs flowing in the index would be excluded. Scope down exclusion filter to only a subset of logs with a log query.

sample_rate [required]

double

Sample rate to apply to logs going through this exclusion filter, a value of 1 will exclude all logs matching the query.

is_enabled

boolean

Whether or not the exclusion filter is active.

name [required]

string

Name of the index exclusion filter.

filter [required]

object

Filter for logs.

query

string

The filter query.

is_rate_limited

boolean

A boolean stating if the index is rate limited, meaning more logs than the daily limit have been sent. Rate limit is reset every-day at 2pm UTC.

name

string

The name of the index.

num_retention_days

int64

The number of days before logs are deleted from this index.

{
  "exclusion_filters": [
    {
      "filter": {
        "query": "*",
        "sample_rate": "1"
      },
      "is_enabled": false,
      "name": "payment"
    }
  ],
  "filter": {
    "query": "source:python"
  }
}

Response

OK

Object describing a Datadog Log index.

Expand All

Field

Type

Description

daily_limit

int64

The number of log events you can send in this index per day before you are rate-limited.

exclusion_filters

[object]

An array of exclusion objects. The logs are tested against the query of each filter, following the order of the array. Only the first matching active exclusion matters, others (if any) are ignored.

filter

object

Exclusion filter is defined by a query, a sampling rule, and a active/inactive toggle.

query

string

Default query is *, meaning all logs flowing in the index would be excluded. Scope down exclusion filter to only a subset of logs with a log query.

sample_rate [required]

double

Sample rate to apply to logs going through this exclusion filter, a value of 1 will exclude all logs matching the query.

is_enabled

boolean

Whether or not the exclusion filter is active.

name [required]

string

Name of the index exclusion filter.

filter [required]

object

Filter for logs.

query

string

The filter query.

is_rate_limited

boolean

A boolean stating if the index is rate limited, meaning more logs than the daily limit have been sent. Rate limit is reset every-day at 2pm UTC.

name

string

The name of the index.

num_retention_days

int64

The number of days before logs are deleted from this index.

{
  "daily_limit": "integer",
  "exclusion_filters": [
    {
      "filter": {
        "query": "*",
        "sample_rate": "1"
      },
      "is_enabled": false,
      "name": "payment"
    }
  ],
  "filter": {
    "query": "source:python"
  },
  "is_rate_limited": false,
  "name": "string",
  "num_retention_days": "integer"
}

Invalid Parameter Error

Response returned by the Logs API when errors occur.

Expand All

Field

Type

Description

error

object

Error returned by the Logs API

code

string

Code identifying the error

details

[object]

Additional error details

message

string

Error message

{
  "error": {
    "code": "string",
    "details": [],
    "message": "string"
  }
}

Forbidden

Error response object.

Expand All

Field

Type

Description

errors [required]

[string]

Array of errors returned by the API.

{
  "errors": [
    "Bad Request"
  ]
}

Too Many Requests

Response returned by the Logs API when errors occur.

Expand All

Field

Type

Description

error

object

Error returned by the Logs API

code

string

Code identifying the error

details

[object]

Additional error details

message

string

Error message

{
  "error": {
    "code": "string",
    "details": [],
    "message": "string"
  }
}

Code Example


                                        # Path parameters
export name="CHANGE_ME"
# Curl command curl -X put https://api.datadoghq.comhttps://api.datadoghq.eu/api/v1/logs/config/indexes/${name} \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_CLIENT_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_CLIENT_APP_KEY}" \ -d @- << EOF { "exclusion_filters": [ { "filter": { "sample_rate": "1" }, "name": "payment" } ], "filter": {} } EOF

Update indexes order

Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.

put https://api.datadoghq.comhttps://api.datadoghq.eu/api/v1/logs/config/index-order

Overview

This endpoint updates the index order of your organization. It returns the index order object passed in the request body when the request is successful.

Request

Body Data

Object containing the new ordered list of index names

Expand All

Field

Type

Description

index_names [required]

[string]

Array of strings identifying by their name(s) the index(es) of your organization. Logs are tested against the query filter of each index one by one, following the order of the array. Logs are eventually stored in the first matching index.

{
  "index_names": [
    "main",
    "payments",
    "web"
  ]
}

Response

OK

Object containing the ordered list of log index names.

Expand All

Field

Type

Description

index_names [required]

[string]

Array of strings identifying by their name(s) the index(es) of your organization. Logs are tested against the query filter of each index one by one, following the order of the array. Logs are eventually stored in the first matching index.

{
  "index_names": [
    "main",
    "payments",
    "web"
  ]
}

Bad Request

Response returned by the Logs API when errors occur.

Expand All

Field

Type

Description

error

object

Error returned by the Logs API

code

string

Code identifying the error

details

[object]

Additional error details

message

string

Error message

{
  "error": {
    "code": "string",
    "details": [],
    "message": "string"
  }
}

Forbidden

Error response object.

Expand All

Field

Type

Description

errors [required]

[string]

Array of errors returned by the API.

{
  "errors": [
    "Bad Request"
  ]
}

Code Example


                                        # Curl command
curl -X put https://api.datadoghq.comhttps://api.datadoghq.eu/api/v1/logs/config/index-order \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_CLIENT_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_CLIENT_APP_KEY}" \
-d @- << EOF
{
  "index_names": [
    "main",
    "payments",
    "web"
  ]
}
EOF