Log Sources
Manage connections to your log aggregator — create, update, test, and discover available sources
A log source is a connection from your project to wherever your logs already live (CloudWatch, Datadog, Loki, Splunk, Elastic, GCP Logging). The endpoints below cover the full lifecycle: list what's configured, add new sources, update credentials or selections, test connectivity, and discover what's available in the underlying account.
For a conceptual walkthrough and per-platform setup guides, see Log Sources.
Endpoints
| Method + path | Purpose |
|---|---|
GET /v1/config/log-sources | List log sources for the project |
POST /v1/config/log-sources | Create a log source |
PUT /v1/config/log-sources/{id} | Update a log source |
DELETE /v1/config/log-sources/{id} | Delete a log source |
POST /v1/config/log-sources/{id}/test | Test connection and fetch sample lines |
GET /v1/config/log-sources/{id}/sources | Discover available sources using a saved log source's credentials |
For mid-create autocomplete (browsing what log groups, indexes, or
labels are available before committing credentials), use the
Project → Log Sources → Add source flow in the dashboard. For
discovery against an already-saved source — the typical IaC use
case — call GET .../{id}/sources.
Supported types
The type field on a log source must be one of:
| Value | Platform |
|---|---|
cloudwatch | AWS CloudWatch Logs |
datadog | Datadog |
loki | Grafana Loki |
splunk | Splunk |
elastic | Elastic / OpenSearch |
gcp_logging | GCP Cloud Logging |
Credentials shape per type
The credentials field is a string → string map whose keys depend
on type. Submit only the keys the platform requires.
| Type | Credential keys |
|---|---|
cloudwatch | accessKeyId, secretAccessKey, sessionToken (optional) |
datadog | apiKey, appKey |
loki | host, apiKey (optional), orgId (optional) |
splunk | host, token |
elastic | host, username, password (or apiKey) |
gcp_logging | serviceAccountJson |
Some types also accept a top-level region (CloudWatch) or settings
(e.g. Datadog site). See the create endpoint
for the request shape.
Credentials are encrypted at rest and never returned in any list, get, or update response.
Sources
Every log source carries a sources array — the specific log groups,
indexes, indices, or label selectors to query. The exact format
depends on the platform. See each platform's setup guide under
/guide/log-sources for the format.
To discover what's available on an existing source, call
GET /v1/config/log-sources/{id}/sources.
See also
- Log Sources guide — concepts and per-platform setup
- Authentication — required permissions per endpoint
- Errors — error code reference