Language

한국어 English Français 日本語 Español

Datadog Site

Site help
US1 US3 US5 EU AP1 US1-FED

로그

로그를 검색하고 HTTP를 통해 Datadog 플랫폼으로 전송하세요. 자세한 정보는 로그 관리 페이지를 참고하세요.

Send logs

POST https://http-intake.logs.ap1.datadoghq.com/v1/inputhttps://http-intake.logs.datadoghq.eu/v1/inputhttps://http-intake.logs.ddog-gov.com/v1/inputhttps://http-intake.logs.datadoghq.com/v1/inputhttps://http-intake.logs.us3.datadoghq.com/v1/inputhttps://http-intake.logs.us5.datadoghq.com/v1/input

개요

Send your logs to your Datadog platform over HTTP. Limits per HTTP request are:

  • Maximum content size per payload (uncompressed): 5MB
  • Maximum size for a single log: 1MB
  • Maximum array size if sending multiple logs in an array: 1000 entries

Any log exceeding 1MB is accepted and truncated by Datadog:

  • For a single log request, the API truncates the log at 1MB and returns a 2xx.
  • For a multi-logs request, the API processes all logs, truncates only logs larger than 1MB, and returns a 2xx.

Datadog recommends sending your logs compressed. Add the Content-Encoding: gzip header to the request when sending compressed logs.

The status codes answered by the HTTP API are:

  • 200: OK
  • 400: Bad request (likely an issue in the payload formatting)
  • 403: Permission issue (likely using an invalid API Key)
  • 413: Payload too large (batch is above 5MB uncompressed)
  • 5xx: Internal error, request should be retried after some time

인수

쿼리 문자열

이름

유형

설명

ddtags

string

Log tags can be passed as query parameters with text/plain content type.

헤더 파라미터

이름

유형

설명

Content-Encoding

string

HTTP header used to compress the media-type.

요청

Body Data (required)

Log to send (JSON format).

Expand All

항목

유형

설명

ddsource

string

The integration name associated with your log: the technology from which the log originated. When it matches an integration name, Datadog automatically installs the corresponding parsers and facets. See reserved attributes.

ddtags

string

Tags associated with your logs.

hostname

string

The name of the originating host of the log.

message

string

The message reserved attribute of your log. By default, Datadog ingests the value of the message attribute as the body of the log entry. That value is then highlighted and displayed in the Logstream, where it is indexed for full text search.

service

string

The name of the application or service generating the log events. It is used to switch from Logs to APM, so make sure you define the same value when you use both products. See reserved attributes.

[
  {
    "message": "Example-Log",
    "ddtags": "host:ExampleLog"
  }
]
[
  {
    "message": "Example-Log",
    "ddtags": "host:ExampleLog"
  }
]
[
  {
    "message": "Example-Log",
    "ddtags": "host:ExampleLog"
  }
]

Expand All

항목

유형

설명

ddsource

string

The integration name associated with your log: the technology from which the log originated. When it matches an integration name, Datadog automatically installs the corresponding parsers and facets. See reserved attributes.

ddtags

string

Tags associated with your logs.

hostname

string

The name of the originating host of the log.

message

string

The message reserved attribute of your log. By default, Datadog ingests the value of the message attribute as the body of the log entry. That value is then highlighted and displayed in the Logstream, where it is indexed for full text search.

service

string

The name of the application or service generating the log events. It is used to switch from Logs to APM, so make sure you define the same value when you use both products. See reserved attributes.

[
  {
    "message": "Example-Log",
    "ddtags": "host:ExampleLog"
  }
]
[
  {
    "message": "Example-Log",
    "ddtags": "host:ExampleLog"
  }
]
[
  {
    "message": "Example-Log",
    "ddtags": "host:ExampleLog"
  }
]

응답

Response from server (always 200 empty JSON).

Expand All

항목

유형

설명

No response body

{}

unexpected error

Invalid query performed.

Expand All

항목

유형

설명

code [required]

int32

Error code.

message [required]

string

Error message.

{
  "code": 0,
  "message": "Your browser sent an invalid request."
}

Too many requests

Error response object.

Expand All

항목

유형

설명

errors [required]

[string]

Array of errors returned by the API.

{
  "errors": [
    "Bad Request"
  ]
}

코드 사례

# Send deflate logs returns "Response from server (always 200 empty JSON)." response

require "datadog_api_client"
api_instance = DatadogAPIClient::V1::LogsAPI.new

body = [
  DatadogAPIClient::V1::HTTPLogItem.new({
    message: "Example-Log",
    ddtags: "host:ExampleLog",
  }),
]
opts = {
  content_encoding: ContentEncoding::DEFLATE,
}
p api_instance.submit_log(body, opts)

# Send gzip logs returns "Response from server (always 200 empty JSON)." response

require "datadog_api_client"
api_instance = DatadogAPIClient::V1::LogsAPI.new

body = [
  DatadogAPIClient::V1::HTTPLogItem.new({
    message: "Example-Log",
    ddtags: "host:ExampleLog",
  }),
]
opts = {
  content_encoding: ContentEncoding::GZIP,
}
p api_instance.submit_log(body, opts)

# Send logs returns "Response from server (always 200 empty JSON)." response

require "datadog_api_client"
api_instance = DatadogAPIClient::V1::LogsAPI.new

body = [
  DatadogAPIClient::V1::HTTPLogItem.new({
    message: "Example-Log",
    ddtags: "host:ExampleLog",
  }),
]
p api_instance.submit_log(body)

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" rb "example.rb"

POST https://http-intake.logs.ap1.datadoghq.com/api/v2/logshttps://http-intake.logs.datadoghq.eu/api/v2/logshttps://http-intake.logs.ddog-gov.com/api/v2/logshttps://http-intake.logs.datadoghq.com/api/v2/logshttps://http-intake.logs.us3.datadoghq.com/api/v2/logshttps://http-intake.logs.us5.datadoghq.com/api/v2/logs

개요

Send your logs to your Datadog platform over HTTP. Limits per HTTP request are:

  • Maximum content size per payload (uncompressed): 5MB
  • Maximum size for a single log: 1MB
  • Maximum array size if sending multiple logs in an array: 1000 entries

Any log exceeding 1MB is accepted and truncated by Datadog:

  • For a single log request, the API truncates the log at 1MB and returns a 2xx.
  • For a multi-logs request, the API processes all logs, truncates only logs larger than 1MB, and returns a 2xx.

Datadog recommends sending your logs compressed. Add the Content-Encoding: gzip header to the request when sending compressed logs. Log events can be submitted with a timestamp that is up to 18 hours in the past.

The status codes answered by the HTTP API are:

  • 202: Accepted: the request has been accepted for processing
  • 400: Bad request (likely an issue in the payload formatting)
  • 401: Unauthorized (likely a missing API Key)
  • 403: Permission issue (likely using an invalid API Key)
  • 408: Request Timeout, request should be retried after some time
  • 413: Payload too large (batch is above 5MB uncompressed)
  • 429: Too Many Requests, request should be retried after some time
  • 500: Internal Server Error, the server encountered an unexpected condition that prevented it from fulfilling the request, request should be retried after some time
  • 503: Service Unavailable, the server is not ready to handle the request probably because it is overloaded, request should be retried after some time

인수

쿼리 문자열

이름

유형

설명

ddtags

string

Log tags can be passed as query parameters with text/plain content type.

헤더 파라미터

이름

유형

설명

Content-Encoding

string

HTTP header used to compress the media-type.

요청

Body Data (required)

Log to send (JSON format).

Expand All

항목

유형

설명

ddsource

string

The integration name associated with your log: the technology from which the log originated. When it matches an integration name, Datadog automatically installs the corresponding parsers and facets. See reserved attributes.

ddtags

string

Tags associated with your logs.

hostname

string

The name of the originating host of the log.

message

string

The message reserved attribute of your log. By default, Datadog ingests the value of the message attribute as the body of the log entry. That value is then highlighted and displayed in the Logstream, where it is indexed for full text search.

service

string

The name of the application or service generating the log events. It is used to switch from Logs to APM, so make sure you define the same value when you use both products. See reserved attributes.

[
  {
    "ddsource": "nginx",
    "ddtags": "env:staging,version:5.1",
    "hostname": "i-012345678",
    "message": "2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World",
    "service": "payment"
  }
]
[
  {
    "ddsource": "nginx",
    "ddtags": "env:staging,version:5.1",
    "hostname": "i-012345678",
    "message": "2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World",
    "service": "payment"
  }
]
[
  {
    "ddsource": "nginx",
    "ddtags": "env:staging,version:5.1",
    "hostname": "i-012345678",
    "message": "2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World",
    "service": "payment",
    "status": "info"
  }
]

응답

Request accepted for processing (always 202 empty JSON).

Expand All

항목

유형

설명

No response body

{}

Bad Request

Invalid query performed.

Expand All

항목

유형

설명

errors

[object]

Structured errors.

detail

string

Error message.

status

string

Error code.

title

string

Error title.

{
  "errors": [
    {
      "detail": "Malformed payload",
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Unauthorized

Invalid query performed.

Expand All

항목

유형

설명

errors

[object]

Structured errors.

detail

string

Error message.

status

string

Error code.

title

string

Error title.

{
  "errors": [
    {
      "detail": "Malformed payload",
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Forbidden

Invalid query performed.

Expand All

항목

유형

설명

errors

[object]

Structured errors.

detail

string

Error message.

status

string

Error code.

title

string

Error title.

{
  "errors": [
    {
      "detail": "Malformed payload",
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Request Timeout

Invalid query performed.

Expand All

항목

유형

설명

errors

[object]

Structured errors.

detail

string

Error message.

status

string

Error code.

title

string

Error title.

{
  "errors": [
    {
      "detail": "Malformed payload",
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Payload Too Large

Invalid query performed.

Expand All

항목

유형

설명

errors

[object]

Structured errors.

detail

string

Error message.

status

string

Error code.

title

string

Error title.

{
  "errors": [
    {
      "detail": "Malformed payload",
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Too Many Requests

Invalid query performed.

Expand All

항목

유형

설명

errors

[object]

Structured errors.

detail

string

Error message.

status

string

Error code.

title

string

Error title.

{
  "errors": [
    {
      "detail": "Malformed payload",
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Internal Server Error

Invalid query performed.

Expand All

항목

유형

설명

errors

[object]

Structured errors.

detail

string

Error message.

status

string

Error code.

title

string

Error title.

{
  "errors": [
    {
      "detail": "Malformed payload",
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Service Unavailable

Invalid query performed.

Expand All

항목

유형

설명

errors

[object]

Structured errors.

detail

string

Error message.

status

string

Error code.

title

string

Error title.

{
  "errors": [
    {
      "detail": "Malformed payload",
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

코드 사례

# Send deflate logs returns "Request accepted for processing (always 202 empty JSON)." response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::LogsAPI.new

body = [
  DatadogAPIClient::V2::HTTPLogItem.new({
    ddsource: "nginx",
    ddtags: "env:staging,version:5.1",
    hostname: "i-012345678",
    message: "2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World",
    service: "payment",
  }),
]
opts = {
  content_encoding: ContentEncoding::DEFLATE,
}
p api_instance.submit_log(body, opts)

# Send gzip logs returns "Request accepted for processing (always 202 empty JSON)." response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::LogsAPI.new

body = [
  DatadogAPIClient::V2::HTTPLogItem.new({
    ddsource: "nginx",
    ddtags: "env:staging,version:5.1",
    hostname: "i-012345678",
    message: "2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World",
    service: "payment",
  }),
]
opts = {
  content_encoding: ContentEncoding::GZIP,
}
p api_instance.submit_log(body, opts)

# Send logs returns "Request accepted for processing (always 202 empty JSON)." response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::LogsAPI.new

body = [
  DatadogAPIClient::V2::HTTPLogItem.new({
    ddsource: "nginx",
    ddtags: "env:staging,version:5.1",
    hostname: "i-012345678",
    message: "2019-11-19T14:37:58,995 INFO [process.name][20081] Hello World",
    service: "payment",
    status: "info",
  }),
]
p api_instance.submit_log(body)

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<DD_API_KEY>" rb "example.rb"

Aggregate events

POST https://api.ap1.datadoghq.com/api/v2/logs/analytics/aggregatehttps://api.datadoghq.eu/api/v2/logs/analytics/aggregatehttps://api.ddog-gov.com/api/v2/logs/analytics/aggregatehttps://api.datadoghq.com/api/v2/logs/analytics/aggregatehttps://api.us3.datadoghq.com/api/v2/logs/analytics/aggregatehttps://api.us5.datadoghq.com/api/v2/logs/analytics/aggregate

개요

The API endpoint to aggregate events into buckets and compute metrics and timeseries. This endpoint requires the logs_read_data permission.

요청

Body Data (required)

Expand All

항목

유형

설명

compute

[object]

The list of metrics or timeseries to compute for the retrieved buckets.

aggregation [required]

enum

An aggregation function Allowed enum values: count,cardinality,pc75,pc90,pc95,pc98,pc99,sum,min,max,avg,median

interval

string

The time buckets' size (only used for type=timeseries) Defaults to a resolution of 150 points

metric

string

The metric to use

type

enum

The type of compute Allowed enum values: timeseries,total

default: total

filter

object

The search and filter query settings

from

string

The minimum time for the requested logs, supports date math and regular timestamps (milliseconds).

default: now-15m

indexes

[string]

For customers with multiple indexes, the indexes to search. Defaults to ['*'] which means all indexes.

default: *

query

string

The search query - following the log search syntax.

default: *

storage_tier

enum

Specifies storage type as indexes, online-archives or flex Allowed enum values: indexes,online-archives,flex

default: indexes

to

string

The maximum time for the requested logs, supports date math and regular timestamps (milliseconds).

default: now

group_by

[object]

The rules for the group by

facet [required]

string

The name of the facet to use (required)

histogram

object

Used to perform a histogram computation (only for measure facets). Note: at most 100 buckets are allowed, the number of buckets is (max - min)/interval.

interval [required]

double

The bin size of the histogram buckets

max [required]

double

The maximum value for the measure used in the histogram (values greater than this one are filtered out)

min [required]

double

The minimum value for the measure used in the histogram (values smaller than this one are filtered out)

limit

int64

The maximum buckets to return for this group by. Note: at most 10000 buckets are allowed. If grouping by multiple facets, the product of limits must not exceed 10000.

default: 10

missing

 <oneOf>

The value to use for logs that don't have the facet used to group by

Option 1

string

The missing value to use if there is string valued facet.

Option 2

double

The missing value to use if there is a number valued facet.

sort

object

A sort rule

aggregation

enum

An aggregation function Allowed enum values: count,cardinality,pc75,pc90,pc95,pc98,pc99,sum,min,max,avg,median

metric

string

The metric to sort by (only used for type=measure)

order

enum

The order to use, ascending or descending Allowed enum values: asc,desc

type

enum

The type of sorting algorithm Allowed enum values: alphabetical,measure

default: alphabetical

total

 <oneOf>

A resulting object to put the given computes in over all the matching records.

Option 1

boolean

If set to true, creates an additional bucket labeled "$facet_total"

Option 2

string

A string to use as the key value for the total bucket

Option 3

double

A number to use as the key value for the total bucket

options

object

DEPRECATED: Global query options that are used during the query. Note: These fields are currently deprecated and do not affect the query results.

timeOffset

int64

The time offset (in seconds) to apply to the query.

timezone

string

The timezone can be specified as GMT, UTC, an offset from UTC (like UTC+1), or as a Timezone Database identifier (like America/New_York).

default: UTC

page

object

Paging settings

cursor

string

The returned paging point to use to get the next results. Note: at most 1000 results can be paged.

{
  "compute": [
    {
      "aggregation": "count",
      "interval": "5m",
      "type": "timeseries"
    }
  ],
  "filter": {
    "from": "now-15m",
    "indexes": [
      "main"
    ],
    "query": "*",
    "to": "now"
  }
}
{
  "compute": [
    {
      "aggregation": "count",
      "interval": "5m",
      "type": "timeseries"
    }
  ],
  "filter": {
    "from": "now-15m",
    "indexes": [
      "main"
    ],
    "query": "*",
    "to": "now"
  },
  "group_by": [
    {
      "facet": "host",
      "missing": "miss",
      "sort": {
        "type": "measure",
        "order": "asc",
        "aggregation": "pc90",
        "metric": "@duration"
      }
    }
  ]
}
{
  "filter": {
    "from": "now-15m",
    "indexes": [
      "main"
    ],
    "query": "*",
    "to": "now"
  }
}

응답

OK

The response object for the logs aggregate API endpoint

Expand All

항목

유형

설명

data

object

The query results

buckets

[object]

The list of matching buckets, one item per bucket

by

object

The key, value pairs for each group by

<any-key>

The values for each group by

computes

object

A map of the metric name -> value for regular compute or list of values for a timeseries

<any-key>

 <oneOf>

A bucket value, can be either a timeseries or a single value

Option 1

string

A single string value

Option 2

double

A single number value

Option 3

[object]

A timeseries array

time

string

The time value for this point

value

double

The value for this point

meta

object

The metadata associated with a request

elapsed

int64

The time elapsed in milliseconds

page

object

Paging attributes.

after

string

The cursor to use to get the next results, if any. To make the next request, use the same parameters with the addition of the page[cursor].

request_id

string

The identifier of the request

status

enum

The status of the response Allowed enum values: done,timeout

warnings

[object]

A list of warnings (non fatal errors) encountered, partial results might be returned if warnings are present in the response.

code

string

A unique code for this type of warning

detail

string

A detailed explanation of this specific warning

title

string

A short human-readable summary of the warning

{
  "data": {
    "buckets": [
      {
        "by": {
          "<any-key>": "undefined"
        },
        "computes": {
          "<any-key>": {
            "description": "undefined",
            "type": "undefined"
          }
        }
      }
    ]
  },
  "meta": {
    "elapsed": 132,
    "page": {
      "after": "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ=="
    },
    "request_id": "MWlFUjVaWGZTTTZPYzM0VXp1OXU2d3xLSVpEMjZKQ0VKUTI0dEYtM3RSOFVR",
    "status": "done",
    "warnings": [
      {
        "code": "unknown_index",
        "detail": "indexes: foo, bar",
        "title": "One or several indexes are missing or invalid, results hold data from the other indexes"
      }
    ]
  }
}

Bad Request

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Authorized

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

코드 사례

# Aggregate compute events returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::LogsAPI.new

body = DatadogAPIClient::V2::LogsAggregateRequest.new({
  compute: [
    DatadogAPIClient::V2::LogsCompute.new({
      aggregation: DatadogAPIClient::V2::LogsAggregationFunction::COUNT,
      interval: "5m",
      type: DatadogAPIClient::V2::LogsComputeType::TIMESERIES,
    }),
  ],
  filter: DatadogAPIClient::V2::LogsQueryFilter.new({
    from: "now-15m",
    indexes: [
      "main",
    ],
    query: "*",
    to: "now",
  }),
})
p api_instance.aggregate_logs(body)

# Aggregate compute events with group by returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::LogsAPI.new

body = DatadogAPIClient::V2::LogsAggregateRequest.new({
  compute: [
    DatadogAPIClient::V2::LogsCompute.new({
      aggregation: DatadogAPIClient::V2::LogsAggregationFunction::COUNT,
      interval: "5m",
      type: DatadogAPIClient::V2::LogsComputeType::TIMESERIES,
    }),
  ],
  filter: DatadogAPIClient::V2::LogsQueryFilter.new({
    from: "now-15m",
    indexes: [
      "main",
    ],
    query: "*",
    to: "now",
  }),
  group_by: [
    DatadogAPIClient::V2::LogsGroupBy.new({
      facet: "host",
      missing: "miss",
      sort: DatadogAPIClient::V2::LogsAggregateSort.new({
        type: DatadogAPIClient::V2::LogsAggregateSortType::MEASURE,
        order: DatadogAPIClient::V2::LogsSortOrder::ASCENDING,
        aggregation: DatadogAPIClient::V2::LogsAggregationFunction::PERCENTILE_90,
        metric: "@duration",
      }),
    }),
  ],
})
p api_instance.aggregate_logs(body)

# Aggregate events returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::LogsAPI.new

body = DatadogAPIClient::V2::LogsAggregateRequest.new({
  filter: DatadogAPIClient::V2::LogsQueryFilter.new({
    from: "now-15m",
    indexes: [
      "main",
    ],
    query: "*",
    to: "now",
  }),
})
p api_instance.aggregate_logs(body)

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" rb "example.rb"

Search logs

POST https://api.ap1.datadoghq.com/api/v1/logs-queries/listhttps://api.datadoghq.eu/api/v1/logs-queries/listhttps://api.ddog-gov.com/api/v1/logs-queries/listhttps://api.datadoghq.com/api/v1/logs-queries/listhttps://api.us3.datadoghq.com/api/v1/logs-queries/listhttps://api.us5.datadoghq.com/api/v1/logs-queries/list

개요

List endpoint returns logs that match a log search query. Results are paginated.

If you are considering archiving logs for your organization, consider use of the Datadog archive capabilities instead of the log list API. See Datadog Logs Archive documentation.

This endpoint requires the logs_read_data permission.

요청

Body Data (required)

Logs filter

Expand All

항목

유형

설명

index

string

The log index on which the request is performed. For multi-index organizations, the default is all live indexes. Historical indexes of rehydrated logs must be specified.

limit

int32

Number of logs return in the response.

query

string

The search query - following the log search syntax.

sort

enum

Time-ascending asc or time-descending desc results. Allowed enum values: asc,desc

startAt

string

Hash identifier of the first log to return in the list, available in a log id attribute. This parameter is used for the pagination feature.

Note: This parameter is ignored if the corresponding log is out of the scope of the specified time window.

time [required]

object

Timeframe to retrieve the log from.

from [required]

date-time

Minimum timestamp for requested logs.

timezone

string

Timezone can be specified both as an offset (for example "UTC+03:00") or a regional zone (for example "Europe/Paris").

to [required]

date-time

Maximum timestamp for requested logs.

{
  "index": "main",
  "query": "host:Test*",
  "sort": "asc",
  "time": {
    "from": "2021-11-11T10:11:11+00:00",
    "timezone": "Europe/Paris",
    "to": "2021-11-11T11:11:11+00:00"
  }
}

응답

OK

Response object with all logs matching the request and pagination information.

Expand All

항목

유형

설명

logs

[object]

Array of logs matching the request and the nextLogId if sent.

content

object

JSON object containing all log attributes and their associated values.

attributes

object

JSON object of attributes from your log.

host

string

Name of the machine from where the logs are being sent.

message

string

The message reserved attribute of your log. By default, Datadog ingests the value of the message attribute as the body of the log entry. That value is then highlighted and displayed in the Logstream, where it is indexed for full text search.

service

string

The name of the application or service generating the log events. It is used to switch from Logs to APM, so make sure you define the same value when you use both products.

tags

[string]

Array of tags associated with your log.

timestamp

date-time

Timestamp of your log.

id

string

ID of the Log.

nextLogId

string

Hash identifier of the next log to return in the list. This parameter is used for the pagination feature.

status

string

Status of the response.

{
  "logs": [
    {
      "content": {
        "attributes": {
          "customAttribute": 123,
          "duration": 2345
        },
        "host": "i-0123",
        "message": "Host connected to remote",
        "service": "agent",
        "tags": [
          "team:A"
        ],
        "timestamp": "2020-05-26T13:36:14Z"
      },
      "id": "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA"
    }
  ],
  "nextLogId": "string",
  "status": "string"
}

Bad Request

Response returned by the Logs API when errors occur.

Expand All

항목

유형

설명

error

object

Error returned by the Logs API

code

string

Code identifying the error

details

[object]

Additional error details

message

string

Error message

{
  "error": {
    "code": "string",
    "details": [],
    "message": "string"
  }
}

Authentication error

Error response object.

Expand All

항목

유형

설명

errors [required]

[string]

Array of errors returned by the API.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

Error response object.

Expand All

항목

유형

설명

errors [required]

[string]

Array of errors returned by the API.

{
  "errors": [
    "Bad Request"
  ]
}

코드 사례

# Search test logs returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V1::LogsAPI.new

body = DatadogAPIClient::V1::LogsListRequest.new({
  index: "main",
  query: "host:Test*",
  sort: DatadogAPIClient::V1::LogsSort::TIME_ASCENDING,
  time: DatadogAPIClient::V1::LogsListRequestTime.new({
    from: (Time.now + -1 * 3600),
    timezone: "Europe/Paris",
    to: Time.now,
  }),
})
p api_instance.list_logs(body)

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" rb "example.rb"

Search logs (POST)

POST https://api.ap1.datadoghq.com/api/v2/logs/events/searchhttps://api.datadoghq.eu/api/v2/logs/events/searchhttps://api.ddog-gov.com/api/v2/logs/events/searchhttps://api.datadoghq.com/api/v2/logs/events/searchhttps://api.us3.datadoghq.com/api/v2/logs/events/searchhttps://api.us5.datadoghq.com/api/v2/logs/events/search

개요

List endpoint returns logs that match a log search query. Results are paginated.

Use this endpoint to search and filter your logs.

If you are considering archiving logs for your organization, consider use of the Datadog archive capabilities instead of the log list API. See Datadog Logs Archive documentation.

This endpoint requires the logs_read_data permission.

요청

Body Data

Expand All

항목

유형

설명

filter

object

The search and filter query settings

from

string

The minimum time for the requested logs, supports date math and regular timestamps (milliseconds).

default: now-15m

indexes

[string]

For customers with multiple indexes, the indexes to search. Defaults to ['*'] which means all indexes.

default: *

query

string

The search query - following the log search syntax.

default: *

storage_tier

enum

Specifies storage type as indexes, online-archives or flex Allowed enum values: indexes,online-archives,flex

default: indexes

to

string

The maximum time for the requested logs, supports date math and regular timestamps (milliseconds).

default: now

options

object

DEPRECATED: Global query options that are used during the query. Note: These fields are currently deprecated and do not affect the query results.

timeOffset

int64

The time offset (in seconds) to apply to the query.

timezone

string

The timezone can be specified as GMT, UTC, an offset from UTC (like UTC+1), or as a Timezone Database identifier (like America/New_York).

default: UTC

page

object

Paging attributes for listing logs.

cursor

string

List following results with a cursor provided in the previous query.

limit

int32

Maximum number of logs in the response.

default: 10

sort

enum

Sort parameters when querying logs. Allowed enum values: timestamp,-timestamp

{
  "filter": {
    "query": "datadog-agent",
    "indexes": [
      "main"
    ],
    "from": "2020-09-17T11:48:36+01:00",
    "to": "2020-09-17T12:48:36+01:00"
  },
  "sort": "timestamp",
  "page": {
    "limit": 5
  }
}
{
  "filter": {
    "from": "now-15m",
    "indexes": [
      "main"
    ],
    "to": "now"
  },
  "options": {
    "timezone": "GMT"
  },
  "page": {
    "limit": 2
  },
  "sort": "timestamp"
}

응답

OK

Response object with all logs matching the request and pagination information.

Expand All

항목

유형

설명

data

[object]

Array of logs matching the request.

attributes

object

JSON object containing all log attributes and their associated values.

attributes

object

JSON object of attributes from your log.

host

string

Name of the machine from where the logs are being sent.

message

string

The message reserved attribute of your log. By default, Datadog ingests the value of the message attribute as the body of the log entry. That value is then highlighted and displayed in the Logstream, where it is indexed for full text search.

service

string

The name of the application or service generating the log events. It is used to switch from Logs to APM, so make sure you define the same value when you use both products.

status

string

Status of the message associated with your log.

tags

[string]

Array of tags associated with your log.

timestamp

date-time

Timestamp of your log.

id

string

Unique ID of the Log.

type

enum

Type of the event. Allowed enum values: log

default: log

links

object

Links attributes.

next

string

Link for the next set of results. Note that the request can also be made using the POST endpoint.

meta

object

The metadata associated with a request

elapsed

int64

The time elapsed in milliseconds

page

object

Paging attributes.

after

string

The cursor to use to get the next results, if any. To make the next request, use the same parameters with the addition of the page[cursor].

request_id

string

The identifier of the request

status

enum

The status of the response Allowed enum values: done,timeout

warnings

[object]

A list of warnings (non fatal errors) encountered, partial results might be returned if warnings are present in the response.

code

string

A unique code for this type of warning

detail

string

A detailed explanation of this specific warning

title

string

A short human-readable summary of the warning

{
  "data": [
    {
      "attributes": {
        "attributes": {
          "customAttribute": 123,
          "duration": 2345
        },
        "host": "i-0123",
        "message": "Host connected to remote",
        "service": "agent",
        "status": "INFO",
        "tags": [
          "team:A"
        ],
        "timestamp": "2019-01-02T09:42:36.320Z"
      },
      "id": "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA",
      "type": "log"
    }
  ],
  "links": {
    "next": "https://app.datadoghq.com/api/v2/logs/event?filter[query]=foo\u0026page[cursor]=eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ=="
  },
  "meta": {
    "elapsed": 132,
    "page": {
      "after": "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ=="
    },
    "request_id": "MWlFUjVaWGZTTTZPYzM0VXp1OXU2d3xLSVpEMjZKQ0VKUTI0dEYtM3RSOFVR",
    "status": "done",
    "warnings": [
      {
        "code": "unknown_index",
        "detail": "indexes: foo, bar",
        "title": "One or several indexes are missing or invalid, results hold data from the other indexes"
      }
    ]
  }
}

Bad Request

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Authorized

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

코드 사례

# Search logs returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::LogsAPI.new

body = DatadogAPIClient::V2::LogsListRequest.new({
  filter: DatadogAPIClient::V2::LogsQueryFilter.new({
    query: "datadog-agent",
    indexes: [
      "main",
    ],
    from: "2020-09-17T11:48:36+01:00",
    to: "2020-09-17T12:48:36+01:00",
  }),
  sort: DatadogAPIClient::V2::LogsSort::TIMESTAMP_ASCENDING,
  page: DatadogAPIClient::V2::LogsListRequestPage.new({
    limit: 5,
  }),
})
opts = {
  body: body,
}
p api_instance.list_logs(opts)

# Search logs returns "OK" response with pagination

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::LogsAPI.new

body = DatadogAPIClient::V2::LogsListRequest.new({
  filter: DatadogAPIClient::V2::LogsQueryFilter.new({
    from: "now-15m",
    indexes: [
      "main",
    ],
    to: "now",
  }),
  options: DatadogAPIClient::V2::LogsQueryOptions.new({
    timezone: "GMT",
  }),
  page: DatadogAPIClient::V2::LogsListRequestPage.new({
    limit: 2,
  }),
  sort: DatadogAPIClient::V2::LogsSort::TIMESTAMP_ASCENDING,
})
opts = {
  body: body,
}
api_instance.list_logs_with_pagination(opts) { |item| puts item }

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" rb "example.rb"

Search logs (GET)

GET https://api.ap1.datadoghq.com/api/v2/logs/eventshttps://api.datadoghq.eu/api/v2/logs/eventshttps://api.ddog-gov.com/api/v2/logs/eventshttps://api.datadoghq.com/api/v2/logs/eventshttps://api.us3.datadoghq.com/api/v2/logs/eventshttps://api.us5.datadoghq.com/api/v2/logs/events

개요

List endpoint returns logs that match a log search query. Results are paginated.

Use this endpoint to search and filter your logs.

If you are considering archiving logs for your organization, consider use of the Datadog archive capabilities instead of the log list API. See Datadog Logs Archive documentation.

This endpoint requires the logs_read_data permission.

인수

쿼리 문자열

이름

유형

설명

filter[query]

string

Search query following logs syntax.

filter[indexes]

array

For customers with multiple indexes, the indexes to search. Defaults to ‘*’ which means all indexes

filter[from]

string

Minimum timestamp for requested logs.

filter[to]

string

Maximum timestamp for requested logs.

filter[storage_tier]

enum

Specifies the storage type to be used
Allowed enum values: indexes, online-archives, flex

sort

enum

Order of logs in results.
Allowed enum values: timestamp, -timestamp

page[cursor]

string

List following results with a cursor provided in the previous query.

page[limit]

integer

Maximum number of logs in the response.

응답

OK

Response object with all logs matching the request and pagination information.

Expand All

항목

유형

설명

data

[object]

Array of logs matching the request.

attributes

object

JSON object containing all log attributes and their associated values.

attributes

object

JSON object of attributes from your log.

host

string

Name of the machine from where the logs are being sent.

message

string

The message reserved attribute of your log. By default, Datadog ingests the value of the message attribute as the body of the log entry. That value is then highlighted and displayed in the Logstream, where it is indexed for full text search.

service

string

The name of the application or service generating the log events. It is used to switch from Logs to APM, so make sure you define the same value when you use both products.

status

string

Status of the message associated with your log.

tags

[string]

Array of tags associated with your log.

timestamp

date-time

Timestamp of your log.

id

string

Unique ID of the Log.

type

enum

Type of the event. Allowed enum values: log

default: log

links

object

Links attributes.

next

string

Link for the next set of results. Note that the request can also be made using the POST endpoint.

meta

object

The metadata associated with a request

elapsed

int64

The time elapsed in milliseconds

page

object

Paging attributes.

after

string

The cursor to use to get the next results, if any. To make the next request, use the same parameters with the addition of the page[cursor].

request_id

string

The identifier of the request

status

enum

The status of the response Allowed enum values: done,timeout

warnings

[object]

A list of warnings (non fatal errors) encountered, partial results might be returned if warnings are present in the response.

code

string

A unique code for this type of warning

detail

string

A detailed explanation of this specific warning

title

string

A short human-readable summary of the warning

{
  "data": [
    {
      "attributes": {
        "attributes": {
          "customAttribute": 123,
          "duration": 2345
        },
        "host": "i-0123",
        "message": "Host connected to remote",
        "service": "agent",
        "status": "INFO",
        "tags": [
          "team:A"
        ],
        "timestamp": "2019-01-02T09:42:36.320Z"
      },
      "id": "AAAAAWgN8Xwgr1vKDQAAAABBV2dOOFh3ZzZobm1mWXJFYTR0OA",
      "type": "log"
    }
  ],
  "links": {
    "next": "https://app.datadoghq.com/api/v2/logs/event?filter[query]=foo\u0026page[cursor]=eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ=="
  },
  "meta": {
    "elapsed": 132,
    "page": {
      "after": "eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ=="
    },
    "request_id": "MWlFUjVaWGZTTTZPYzM0VXp1OXU2d3xLSVpEMjZKQ0VKUTI0dEYtM3RSOFVR",
    "status": "done",
    "warnings": [
      {
        "code": "unknown_index",
        "detail": "indexes: foo, bar",
        "title": "One or several indexes are missing or invalid, results hold data from the other indexes"
      }
    ]
  }
}

Bad Request

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Not Authorized

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

Too many requests

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

코드 사례

# Search logs (GET) returns "OK" response

require "datadog_api_client"
api_instance = DatadogAPIClient::V2::LogsAPI.new
p api_instance.list_logs_get()

Instructions

First install the library and its dependencies and then save the example to example.rb and run following commands:

    
DD_SITE="datadoghq.comus3.datadoghq.comus5.datadoghq.comdatadoghq.euap1.datadoghq.comddog-gov.com" DD_API_KEY="<API-KEY>" DD_APP_KEY="<APP-KEY>" rb "example.rb"