SigSentrySigSentry
Log Sources

DELETE /v1/config/log-sources/{id}

Delete a single log source

Permanently deletes a single log source from the current project. After deletion, analyses on this project will no longer query the source's log groups, indexes, or selectors.

Authentication

API key with config:write permission.

Endpoint

DELETE /v1/config/log-sources/{id}

Path parameters

ParamTypeNotes
idUUIDThe log source id

Response

200 OK

{
  "success": true,
  "data": {
    "deleted": true
  }
}

Error responses

Statuserror.codeWhen
400VALIDATION_ERRORid is not a UUID
401UNAUTHORIZEDMissing or invalid API key
403FORBIDDENKey lacks config:write
404NOT_FOUNDNo log source with that id in your tenant

Example

curl -X DELETE https://api.sigsentry.com/v1/config/log-sources/ls_a1b2c3 \
  -H "Authorization: Bearer ss_secret_..."

Soft pause vs. delete

Deleting is permanent. If you only want to stop querying a source temporarily, update it with { "isActive": false } instead — credentials and selections are preserved and you can re-enable it later with { "isActive": true }.

PUT /v1/config/log-sources/{id}

Update name, credentials, sources, or active state on an existing log source

POST /v1/config/log-sources/{id}/test

Verify connectivity to a saved log source and fetch a few sample lines

On this page

Authentication
Endpoint
Path parameters
Response
200 OK
Error responses
Example
Soft pause vs. delete