--- title: Manage Logpush with cURL description: Create and manage Logpush jobs using cURL. image: https://developers.cloudflare.com/core-services-preview.png --- > Documentation Index > Fetch the complete documentation index at: https://developers.cloudflare.com/logs/llms.txt > Use this file to discover all available pages before exploring further. [Skip to content](#%5Ftop) # Manage Logpush with cURL You can manage your Cloudflare Logpush service from the command line using cURL. Before getting started, review the following documentation: * [API configuration](https://developers.cloudflare.com/logs/logpush/logpush-job/api-configuration/) Note The examples below are for zone-scoped datasets. Account-scoped datasets should use `/accounts/{account_id}` instead of `/zone/{zone_id}`. ## Step 1 - Get ownership challenge Required API token permissions At least one of the following [token permissions](https://developers.cloudflare.com/fundamentals/api/reference/permissions/)is required: * `Logs Write` Get ownership challenge ``` curl "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/logpush/ownership" \ --request POST \ --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \ --json '{ "destination_conf": "s3://?region=us-west-2" }' ``` ### Parameters * **destination\_conf** \- Refer to [Destination](https://developers.cloudflare.com/logs/logpush/logpush-job/api-configuration/#destination) for details. ### Response A challenge file will be written to the destination, and the filename will be in the response (the filename may be expressed as a path if appropriate for your destination). For example: ``` { "success": true, "errors": [], "messages": [], "result": { "filename": "burritobot/logs/ownership-challenge.txt", "valid": true, "message": "" } } ``` You will need to provide the token contained in this file when creating a job in the next step. Note When using Sumo Logic, you may find it helpful to have [Live Tail ↗](https://help.sumologic.com/05Search/Live-Tail/About-Live-Tail) open to see the challenge file as soon as it is uploaded. ## Step 2 - Create a job Required API token permissions At least one of the following [token permissions](https://developers.cloudflare.com/fundamentals/api/reference/permissions/)is required: * `Logs Write` Create Logpush job ``` curl "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/logpush/jobs" \ --request POST \ --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \ --json '{ "name": "", "destination_conf": "s3://?region=us-west-2", "dataset": "http_requests", "output_options": { "field_names": [ "ClientIP", "ClientRequestHost", "ClientRequestMethod", "ClientRequestURI", "EdgeEndTimestamp", "EdgeResponseBytes", "EdgeResponseStatus", "EdgeStartTimestamp", "RayID" ], "timestamp_format": "rfc3339" }, "ownership_challenge": "" }' ``` ### Parameters * **name** (optional) - We suggest using your domain name as the job name; the name cannot be changed after the job is created. * **destination\_conf** \- Refer to [Destination](https://developers.cloudflare.com/logs/logpush/logpush-job/api-configuration/#destination) for details. * **dataset** \- The category of logs you want to receive. Refer to [Datasets](https://developers.cloudflare.com/logs/logpush/logpush-job/datasets/) for the full list of supported datasets; this parameter cannot be changed after the job is created. * **output\_options** (optional) - Refer to [Log Output Options](https://developers.cloudflare.com/logs/logpush/logpush-job/log-output-options/). * Typically includes the desired fields and timestamp format. * Set the timestamp format to `RFC 3339` (`"timestamp_format": "rfc3339"`) for: * Google BigQuery usage. * Automated timestamp parsing within Sumo Logic; refer to [timestamps from Sumo Logic ↗](https://help.sumologic.com/03Send-Data/Sources/04Reference-Information-for-Sources/Timestamps%2C-Time-Zones%2C-Time-Ranges%2C-and-Date-Formats) for details. * **ownership\_challenge** \- Challenge token required to prove destination ownership. * **kind** (optional) - Used to differentiate between Logpush and Edge Log Delivery jobs. Refer to [Kind](https://developers.cloudflare.com/logs/logpush/logpush-job/api-configuration/#kind) for details. * **filter** (optional) - Refer to [Filters](https://developers.cloudflare.com/logs/logpush/logpush-job/filters/) for details. ### Response In the response, you get a newly-created job ID. For example: ``` { "errors": [], "messages": [], "result": { "id": , "dataset": "http_requests", "kind": "", "enabled": false, "name": "", "output_options": { "field_names": ["ClientIP", "ClientRequestHost", "ClientRequestMethod", "ClientRequestURI", "EdgeEndTimestamp","EdgeResponseBytes", "EdgeResponseStatus", "EdgeStartTimestamp", "RayID"], "timestamp_format": "rfc3339" }, "destination_conf": "s3://?region=us-west-2", "last_complete": null, "last_error": null, "error_message": null }, "success": true } ``` ## Step 3 - Enable (update) a job Start by retrieving information about a specific job, using a job ID: Required API token permissions At least one of the following [token permissions](https://developers.cloudflare.com/fundamentals/api/reference/permissions/)is required: * `Logs Write` Get Logpush job details ``` curl "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/logpush/jobs/$JOB_ID" \ --request GET \ --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` ### Response ``` { "errors": [], "messages": [], "result": { "id": , "dataset": "http_requests", "kind": "", "enabled": false, "name": "", "output_options": { "field_names": ["ClientIP", "ClientRequestHost", "ClientRequestMethod", "ClientRequestURI", "EdgeEndTimestamp","EdgeResponseBytes", "EdgeResponseStatus", "EdgeStartTimestamp", "RayID"], "timestamp_format": "rfc3339" }, "destination_conf": "s3://?region=us-west-2", "last_complete": null, "last_error": null, "error_message": null }, "success": true } ``` Note that by default a job is not enabled (`"enabled": false`). If you do not remember your job ID, you can retrieve it using your zone ID: Required API token permissions At least one of the following [token permissions](https://developers.cloudflare.com/fundamentals/api/reference/permissions/)is required: * `Logs Write` List Logpush jobs ``` curl "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/logpush/jobs" \ --request GET \ --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` Next, to enable the job, send an update request: Required API token permissions At least one of the following [token permissions](https://developers.cloudflare.com/fundamentals/api/reference/permissions/)is required: * `Logs Write` Update Logpush job ``` curl "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/logpush/jobs/$JOB_ID" \ --request PUT \ --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \ --json '{ "enabled": true }' ``` ### Response ``` { "errors": [], "messages": [], "result": { "id": , "dataset": "http_requests", "kind": "", "enabled": true, "name": "", "output_options": { "field_names": ["ClientIP", "ClientRequestHost", "ClientRequestMethod", "ClientRequestURI", "EdgeEndTimestamp","EdgeResponseBytes", "EdgeResponseStatus", "EdgeStartTimestamp", "RayID"], "timestamp_format": "rfc3339" }, "destination_conf": "s3://?region=us-west-2", "last_complete": null, "last_error": null, "error_message": null }, "success": true } ``` Once the job is enabled, you will start receiving logs within a few minutes and then in batches as soon as possible until you disable the job. For zones with very high request volume, it may take several hours before you start receiving logs for the first time. In addition to modifying `enabled`, you can also update the value for **output\_options**. To modify **destination\_conf**, you will need to request an ownership challenge and provide the associated token with your update request. You can also delete your current job and create a new one. Once a job has been enabled and has started executing, the **last\_complete** field will show the time when the last batch of logs was successfully sent to the destination: ### Request to get job by ID and see **last\_complete** info Required API token permissions At least one of the following [token permissions](https://developers.cloudflare.com/fundamentals/api/reference/permissions/)is required: * `Logs Write` Get Logpush job details ``` curl "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/logpush/jobs/$JOB_ID" \ --request GET \ --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` ### Response ``` { "errors": [], "messages": [], "result": { "id": , "dataset": "http_requests", "kind": "", "enabled": true, "name": "", "output_options": { "field_names": ["ClientIP", "ClientRequestHost", "ClientRequestMethod", "ClientRequestURI", "EdgeEndTimestamp","EdgeResponseBytes", "EdgeResponseStatus", "EdgeStartTimestamp", "RayID"], "timestamp_format": "rfc3339" }, "destination_conf": "s3://?region=us-west-2", "last_complete": "2018-08-09T21:26:00Z", "last_error": null, "error_message": null }, "success": true } ``` ## Optional - Delete a job Required API token permissions At least one of the following [token permissions](https://developers.cloudflare.com/fundamentals/api/reference/permissions/)is required: * `Logs Write` Delete Logpush job ``` curl "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/logpush/jobs/$JOB_ID" \ --request DELETE \ --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` Be careful when deleting a job because this action cannot be reversed. ### Response ``` { "errors": [], "messages": [], "result": {}, "success": true } ``` ## Optional - Retrieve your job Retrieve a specific job, using the job ID: Required API token permissions At least one of the following [token permissions](https://developers.cloudflare.com/fundamentals/api/reference/permissions/)is required: * `Logs Write` Get Logpush job details ``` curl "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/logpush/jobs/$JOB_ID" \ --request GET \ --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` ### Response ``` { "errors": [], "messages": [], "result": [ { "id": , "dataset": "http_requests", "kind": "", "enabled": true, "name": "", "output_options": { "field_names": ["ClientIP", "ClientRequestHost", "ClientRequestMethod", "ClientRequestURI", "EdgeEndTimestamp","EdgeResponseBytes", "EdgeResponseStatus", "EdgeStartTimestamp", "RayID"], "timestamp_format": "rfc3339" }, "destination_conf": "s3://?region=us-west-2", "last_complete": null, "last_error": null, "error_message": null } ], "success": true } ``` Retrieve all jobs for all datasets: Required API token permissions At least one of the following [token permissions](https://developers.cloudflare.com/fundamentals/api/reference/permissions/)is required: * `Logs Write` List Logpush jobs ``` curl "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/logpush/jobs" \ --request GET \ --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` ### Response ``` { "errors": [], "messages": [], "result": [ { "id": , "dataset": "spectrum_events", "kind": "", "enabled": true, "name": "", "output_options": { "field_names": ["Application", "ClientAsn", "ClientIP", "ColoCode", "Event", "OriginIP", "Status"], }, "destination_conf": "s3://?region=us-west-2", "last_complete": "2019-10-01T00:25:00Z", "last_error": null, "error_message": null }, { "id": , "dataset": "http_requests", "kind": "", "enabled": false, "name": "", "output_options": { "field_names": ["ClientIP", "ClientRequestHost", "ClientRequestMethod", "ClientRequestURI", "EdgeEndTimestamp","EdgeResponseBytes", "EdgeResponseStatus", "EdgeStartTimestamp", "RayID"], "timestamp_format": "rfc3339" }, "destination_conf": "s3://?region=us-west-2", "last_complete": "2019-09-24T21:15:00Z", "last_error": null, "error_message": null } ] } ``` ## Optional - Update **output\_options** If you want to add (or remove) fields, change the timestamp format, or enable protection against the `Log4j - CVE-2021-44228` vulnerability, first retrieve the current **output\_options** for your zone. Required API token permissions At least one of the following [token permissions](https://developers.cloudflare.com/fundamentals/api/reference/permissions/)is required: * `Logs Write` Get Logpush job details ``` curl "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/logpush/jobs/$JOB_ID" \ --request GET \ --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" ``` ### Response ``` { "errors": [], "messages": [], "result": { "id": , "dataset": "http_requests", "kind": "", "enabled": true, "name": "", "output_options": { "field_names": ["ClientIP", "ClientRequestHost", "ClientRequestMethod", "ClientRequestURI", "EdgeEndTimestamp","EdgeResponseBytes", "EdgeResponseStatus", "EdgeStartTimestamp", "RayID"], "timestamp_format": "rfc3339" }, "destination_conf": "s3://?region=us-west-2", "last_complete": "2021-12-14T19:56:49Z", "last_error": null, "error_message": null }, "success": true } ``` Next, edit the **output\_options** as desired and create a `PUT` request. The following example enables the **CVE-2021-44228** redaction option. Required API token permissions At least one of the following [token permissions](https://developers.cloudflare.com/fundamentals/api/reference/permissions/)is required: * `Logs Write` Update Logpush job ``` curl "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/logpush/jobs/$JOB_ID" \ --request PUT \ --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \ --json '{ "output_options": { "field_names": [ "ClientIP", "ClientRequestHost", "ClientRequestMethod", "ClientRequestURI", "EdgeEndTimestamp", "EdgeResponseBytes", "EdgeResponseStatus", "EdgeStartTimestamp", "RayID" ], "timestamp_format": "rfc3339" } }' ``` Note that at this time, the **CVE-2021-44228** option is not available through the UI, and updating your Logpush job through the UI will remove this option. ### Response ``` { "errors": [], "messages": [], "result": { "id": , "dataset": "http_requests", "kind": "", "enabled": true, "name": null, "output_options": { "field_names": ["ClientIP", "ClientRequestHost", "ClientRequestMethod", "ClientRequestURI", "EdgeEndTimestamp","EdgeResponseBytes", "EdgeResponseStatus", "EdgeStartTimestamp", "RayID"], "timestamp_format": "rfc3339" }, "destination_conf": "s3://?region=us-west-2", "last_complete": "2021-12-14T20:02:19Z", "last_error": null, "error_message": null }, "success": true } ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/logs/","name":"Logs"}},{"@type":"ListItem","position":3,"item":{"@id":"/logs/logpush/","name":"Logpush"}},{"@type":"ListItem","position":4,"item":{"@id":"/logs/logpush/examples/","name":"Logpush examples"}},{"@type":"ListItem","position":5,"item":{"@id":"/logs/logpush/examples/example-logpush-curl/","name":"Manage Logpush with cURL"}}]} ```