Logs Restriction Queries
Incident Management is now generally available! Incident Management is now generally available!

Logs Restriction Queries

Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.

To grant read access on log data at all, you must grant the logs_read_data permission. From there you can limit what data a role grants read access to by associating a Restriction Query with that role.

A Restriction Query is a logs query that restricts which logs the logs_read_data permission grants read access to. For users whose roles have Restriction Queries, any log query they make only returns those log events that also match one of their Restriction Queries. This is true whether the user queries log events from any log-related feature, including the log explorer, Live Tail, re-hydration, or a dashboard widget.

Restriction Queries currently only support use of the following components of log events:

  • Reserved attributes
  • The log message
  • Tags

The recommended way to manage restricted read access on log data for customers with large or complicated organizational structures is to add a team tag to log events to indicate which team(s) own(s) them, and then to scope Restriction Queries to the appropriate values of the team tag. Tags can be applied to log events in many ways, and a log event can have multiple tags with the same key (like team) and different values—in this way the same log event can be visible to roles whose restriction queries are scoped to different team values.

You need an API and application key with Admin rights to interact with this endpoint.

Create a restriction query

Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.

POST https://api.datadoghq.eu/api/v2/logs/config/restriction_querieshttps://api.datadoghq.com/api/v2/logs/config/restriction_queries

Overview

Create a new restriction query for your organization.

Request

Body Data (required)

Expand All

Field

Type

Description

data

object

Data related to the creation of a restriction query.

attributes

object

Attributes of the created restriction query.

restriction_query

string

The restriction query.

type

enum

Restriction query resource type. Allowed enum values: logs_restriction_queries

{
  "data": {
    "attributes": {
      "restriction_query": "env:sandbox"
    },
    "type": "logs_restriction_queries"
  }
}

Response

OK

Response containing information about a single restriction query.

Expand All

Field

Type

Description

data

object

Restriction query object returned by the API.

attributes

object

Attributes of the restriction query.

created_at

date-time

Creation time of the restriction query.

modified_at

date-time

Time of last restriction query modification.

restriction_query

string

The query that defines the restriction. Only the content matching the query can be returned.

id

string

ID of the restriction query.

type

string

Restriction queries type.

{
  "data": {
    "attributes": {
      "created_at": "2020-03-17T21:06:44Z",
      "modified_at": "2020-03-17T21:15:15Z",
      "restriction_query": "env:sandbox"
    },
    "id": "79a0e60a-644a-11ea-ad29-43329f7f58b5",
    "type": "logs_restriction_queries"
  }
}

Bad Request

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Authentication error

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Code Example


                                        # Curl command
curl -X POST "https://api.datadoghq.eu"https://api.datadoghq.com/api/v2/logs/config/restriction_queries" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_CLIENT_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_CLIENT_APP_KEY}" \
-d @- << EOF
{}
EOF

Delete a restriction query

Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.

DELETE https://api.datadoghq.eu/api/v2/logs/config/restriction_queries/{restriction_query_id}https://api.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}

Overview

Deletes a restriction query.

Arguments

Path Parameters

Name

Type

Description

restriction_query_id [required]

string

The ID of the restriction query.

Response

OK

Bad Request

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Authentication error

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not found

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Code Example


                                        # Path parameters
export restriction_query_id="CHANGE_ME"
# Curl command curl -X DELETE "https://api.datadoghq.eu"https://api.datadoghq.com/api/v2/logs/config/restriction_queries/${restriction_query_id}" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_CLIENT_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_CLIENT_APP_KEY}"

Get a restriction query

Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.

GET https://api.datadoghq.eu/api/v2/logs/config/restriction_queries/{restriction_query_id}https://api.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}

Overview

Get a restriction query in the organization specified by the restriction query’s restriction_query_id.

Arguments

Path Parameters

Name

Type

Description

restriction_query_id [required]

string

The ID of the restriction query.

Response

OK

Response containing information about a single restriction query.

Expand All

Field

Type

Description

data

object

Restriction query object returned by the API.

attributes

object

Attributes of the restriction query.

created_at

date-time

Creation time of the restriction query.

modified_at

date-time

Time of last restriction query modification.

restriction_query

string

The query that defines the restriction. Only the content matching the query can be returned.

id

string

ID of the restriction query.

relationships

object

Relationships of the restriction query object.

roles

object

Relationship to roles.

data

[object]

An array containing type and ID of a role.

id

string

ID of the role.

type

enum

Roles type. Allowed enum values: roles

type

enum

Restriction query resource type. Allowed enum values: logs_restriction_queries

included

[object]

Array of objects related to the restriction query.

{
  "data": {
    "attributes": {
      "created_at": "2020-03-17T21:06:44Z",
      "modified_at": "2020-03-17T21:15:15Z",
      "restriction_query": "env:sandbox"
    },
    "id": "79a0e60a-644a-11ea-ad29-43329f7f58b5",
    "relationships": {
      "roles": {
        "data": [
          {
            "id": "3653d3c6-0c75-11ea-ad28-fb5701eabc7d",
            "type": "roles"
          }
        ]
      }
    },
    "type": "logs_restriction_queries"
  },
  "included": []
}

Bad Request

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Authentication error

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not found

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Code Example


                                        # Path parameters
export restriction_query_id="CHANGE_ME"
# Curl command curl -X GET "https://api.datadoghq.eu"https://api.datadoghq.com/api/v2/logs/config/restriction_queries/${restriction_query_id}" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_CLIENT_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_CLIENT_APP_KEY}"

Get all restriction queries for a given user

Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.

GET https://api.datadoghq.eu/api/v2/logs/config/restriction_queries/user/{user_id}https://api.datadoghq.com/api/v2/logs/config/restriction_queries/user/{user_id}

Overview

Get all restriction queries for a given user.

Arguments

Path Parameters

Name

Type

Description

user_id [required]

string

The ID of the user.

Response

OK

Response containing information about multiple restriction queries.

Expand All

Field

Type

Description

data

[object]

Array of returned restriction queries.

attributes

object

Attributes of the restriction query.

created_at

date-time

Creation time of the restriction query.

modified_at

date-time

Time of last restriction query modification.

restriction_query

string

The query that defines the restriction. Only the content matching the query can be returned.

id

string

ID of the restriction query.

type

string

Restriction queries type.

{
  "data": [
    {
      "attributes": {
        "created_at": "2020-03-17T21:06:44Z",
        "modified_at": "2020-03-17T21:15:15Z",
        "restriction_query": "env:sandbox"
      },
      "id": "79a0e60a-644a-11ea-ad29-43329f7f58b5",
      "type": "logs_restriction_queries"
    }
  ]
}

Bad Request

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Authentication error

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Code Example


                                        # Path parameters
export user_id="CHANGE_ME"
# Curl command curl -X GET "https://api.datadoghq.eu"https://api.datadoghq.com/api/v2/logs/config/restriction_queries/user/${user_id}" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_CLIENT_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_CLIENT_APP_KEY}"

Get restriction query for a given role

Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.

GET https://api.datadoghq.eu/api/v2/logs/config/restriction_queries/role/{role_id}https://api.datadoghq.com/api/v2/logs/config/restriction_queries/role/{role_id}

Overview

Get restriction query for a given role.

Arguments

Path Parameters

Name

Type

Description

role_id [required]

string

The ID of the role.

Response

OK

Response containing information about multiple restriction queries.

Expand All

Field

Type

Description

data

[object]

Array of returned restriction queries.

attributes

object

Attributes of the restriction query.

created_at

date-time

Creation time of the restriction query.

modified_at

date-time

Time of last restriction query modification.

restriction_query

string

The query that defines the restriction. Only the content matching the query can be returned.

id

string

ID of the restriction query.

type

string

Restriction queries type.

{
  "data": [
    {
      "attributes": {
        "created_at": "2020-03-17T21:06:44Z",
        "modified_at": "2020-03-17T21:15:15Z",
        "restriction_query": "env:sandbox"
      },
      "id": "79a0e60a-644a-11ea-ad29-43329f7f58b5",
      "type": "logs_restriction_queries"
    }
  ]
}

Bad Request

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Authentication error

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Code Example


                                        # Path parameters
export role_id="CHANGE_ME"
# Curl command curl -X GET "https://api.datadoghq.eu"https://api.datadoghq.com/api/v2/logs/config/restriction_queries/role/${role_id}" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_CLIENT_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_CLIENT_APP_KEY}"

Grant role to a restriction query

Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.

POST https://api.datadoghq.eu/api/v2/logs/config/restriction_queries/{restriction_query_id}/roleshttps://api.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}/roles

Overview

Adds a role to a restriction query.

Arguments

Path Parameters

Name

Type

Description

restriction_query_id [required]

string

The ID of the restriction query.

Request

Body Data (required)

Expand All

Field

Type

Description

data

object

Relationship to role object.

id

string

ID of the role.

type

enum

Roles type. Allowed enum values: roles

{
  "data": {
    "id": "3653d3c6-0c75-11ea-ad28-fb5701eabc7d",
    "type": "roles"
  }
}

Response

OK

Bad Request

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Authentication error

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not found

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Code Example


                                        # Path parameters
export restriction_query_id="CHANGE_ME"
# Curl command curl -X POST "https://api.datadoghq.eu"https://api.datadoghq.com/api/v2/logs/config/restriction_queries/${restriction_query_id}/roles" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_CLIENT_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_CLIENT_APP_KEY}" \ -d @- << EOF {} EOF

List restriction queries

Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.

GET https://api.datadoghq.eu/api/v2/logs/config/restriction_querieshttps://api.datadoghq.com/api/v2/logs/config/restriction_queries

Overview

Returns all restriction queries, including their names and IDs.

Arguments

Query Strings

Name

Type

Description

page[size]

integer

Size for a given page.

page[number]

integer

Specific page number to return.

Response

OK

Response containing information about multiple restriction queries.

Expand All

Field

Type

Description

data

[object]

Array of returned restriction queries.

attributes

object

Attributes of the restriction query.

created_at

date-time

Creation time of the restriction query.

modified_at

date-time

Time of last restriction query modification.

restriction_query

string

The query that defines the restriction. Only the content matching the query can be returned.

id

string

ID of the restriction query.

type

string

Restriction queries type.

{
  "data": [
    {
      "attributes": {
        "created_at": "2020-03-17T21:06:44Z",
        "modified_at": "2020-03-17T21:15:15Z",
        "restriction_query": "env:sandbox"
      },
      "id": "79a0e60a-644a-11ea-ad29-43329f7f58b5",
      "type": "logs_restriction_queries"
    }
  ]
}

Authentication error

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Code Example


                                        # Curl command
curl -X GET "https://api.datadoghq.eu"https://api.datadoghq.com/api/v2/logs/config/restriction_queries" \
-H "Content-Type: application/json" \
-H "DD-API-KEY: ${DD_CLIENT_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_CLIENT_APP_KEY}"

List roles for a restriction query

Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.

GET https://api.datadoghq.eu/api/v2/logs/config/restriction_queries/{restriction_query_id}/roleshttps://api.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}/roles

Overview

Returns all roles that have a given restriction query.

Arguments

Path Parameters

Name

Type

Description

restriction_query_id [required]

string

The ID of the restriction query.

Query Strings

Name

Type

Description

page[size]

integer

Size for a given page.

page[number]

integer

Specific page number to return.

Response

OK

Response containing information about roles attached to a restriction query.

Expand All

Field

Type

Description

data

[object]

Array of roles.

attributes

object

Attributes of the role for a restriction query.

name

string

The role name.

id

string

ID of the role.

type

string

Role resource type.

{
  "data": [
    {
      "attributes": {
        "name": "Datadog Admin Role"
      },
      "id": "<ROLE_ID>",
      "type": "roles"
    }
  ]
}

Bad Request

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Authentication error

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not found

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Code Example


                                        # Path parameters
export restriction_query_id="CHANGE_ME"
# Curl command curl -X GET "https://api.datadoghq.eu"https://api.datadoghq.com/api/v2/logs/config/restriction_queries/${restriction_query_id}/roles" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_CLIENT_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_CLIENT_APP_KEY}"

Revoke role from a restriction query

Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.

DELETE https://api.datadoghq.eu/api/v2/logs/config/restriction_queries/{restriction_query_id}/roleshttps://api.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}/roles

Overview

Removes a role from a restriction query.

Arguments

Path Parameters

Name

Type

Description

restriction_query_id [required]

string

The ID of the restriction query.

Request

Body Data (required)

Expand All

Field

Type

Description

data

object

Relationship to role object.

id

string

ID of the role.

type

enum

Roles type. Allowed enum values: roles

{
  "data": {
    "id": "3653d3c6-0c75-11ea-ad28-fb5701eabc7d",
    "type": "roles"
  }
}

Response

OK

Bad Request

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Authentication error

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not found

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Code Example


                                        # Path parameters
export restriction_query_id="CHANGE_ME"
# Curl command curl -X DELETE "https://api.datadoghq.eu"https://api.datadoghq.com/api/v2/logs/config/restriction_queries/${restriction_query_id}/roles" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_CLIENT_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_CLIENT_APP_KEY}" \ -d @- << EOF {} EOF

Update a restriction query

Note: This endpoint is in public beta. If you have any feedback, contact Datadog support.

PATCH https://api.datadoghq.eu/api/v2/logs/config/restriction_queries/{restriction_query_id}https://api.datadoghq.com/api/v2/logs/config/restriction_queries/{restriction_query_id}

Overview

Edit a restriction query.

Arguments

Path Parameters

Name

Type

Description

restriction_query_id [required]

string

The ID of the restriction query.

Request

Body Data (required)

Expand All

Field

Type

Description

data

object

Data related to the update of a restriction query.

attributes

object

Attributes of the edited restriction query.

restriction_query

string

The restriction query.

type

enum

Restriction query resource type. Allowed enum values: logs_restriction_queries

{
  "data": {
    "attributes": {
      "restriction_query": "env:sandbox"
    },
    "type": "logs_restriction_queries"
  }
}

Response

OK

Response containing information about a single restriction query.

Expand All

Field

Type

Description

data

object

Restriction query object returned by the API.

attributes

object

Attributes of the restriction query.

created_at

date-time

Creation time of the restriction query.

modified_at

date-time

Time of last restriction query modification.

restriction_query

string

The query that defines the restriction. Only the content matching the query can be returned.

id

string

ID of the restriction query.

type

string

Restriction queries type.

{
  "data": {
    "attributes": {
      "created_at": "2020-03-17T21:06:44Z",
      "modified_at": "2020-03-17T21:15:15Z",
      "restriction_query": "env:sandbox"
    },
    "id": "79a0e60a-644a-11ea-ad29-43329f7f58b5",
    "type": "logs_restriction_queries"
  }
}

Bad Request

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Authentication error

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not found

API error response.

Expand All

Field

Type

Description

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Code Example


                                        # Path parameters
export restriction_query_id="CHANGE_ME"
# Curl command curl -X PATCH "https://api.datadoghq.eu"https://api.datadoghq.com/api/v2/logs/config/restriction_queries/${restriction_query_id}" \ -H "Content-Type: application/json" \ -H "DD-API-KEY: ${DD_CLIENT_API_KEY}" \ -H "DD-APPLICATION-KEY: ${DD_CLIENT_APP_KEY}" \ -d @- << EOF {} EOF