View Gemini logs

This document describes how you can enable the collection and storage of user input, contextual information, and responses when you use Gemini for Google Cloud. Gemini for Google Cloud doesn't collect or send to Cloud Logging any other user interactions the user might have had with Gemini for Google Cloud, including written feedback. The collected data is sent to Cloud Logging for storage. You can review this data by searching for log entries with the resource type cloudaicompanion.googleapis.com/Instance.

This feature does not log prompts or responses within Gemini in Vertex AI. To enable logs for Gemini in Vertex AI, see Enable Data Access audit logs.

Identity and Access Management (IAM) roles control the ability for a principal to access logs. You can grant predefined roles to principals, or you can create custom roles. For more information about required permissions, see Access control.

By default, Cloud Logging encrypts customer content stored at rest. Data stored in log buckets by Logging is encrypted using key-encryption keys, a process known as envelope encryption. Access to your logging data requires access to those key-encryption keys, which Google manages for you without any actions on your part.

Your organization might have regulatory, compliance-related, or advanced encryption requirements that our default encryption at rest doesn't provide. To meet your organization's requirements, instead of Google managing the encryption keys that protect your data, you can manage your keys.

For specific information about customer-managed encryption keys (CMEK) usage, including advantages, and limitations, see Customer-managed encryption keys.

Limitations

The log data recorded by Gemini in Google Cloud doesn't include user interactions with the following products:

Gemini in BigQuery
Gemini in Looker
Gemini in Google Security Operations
Gemini pane in the Google Cloud console for Database Center

Before you begin

To get the permissions that you need to view Gemini for Google Cloud logs, ask your administrator to grant you the Logs Viewer (roles/logging.viewer) IAM role on your project. For more information about granting roles, see Manage access to projects, folders, and organizations.

You might also be able to get the required permissions through custom roles or other predefined roles.
Review Cloud Logging pricing and Gemini for Google Cloud pricing before enabling Gemini for Google Cloud logging.

Enable Gemini for Google Cloud logging

Contact Google Cloud Support or your Google Cloud representative with the project ID for which you want to enable Gemini for Google Cloud logging.

View Gemini for Google Cloud logs

To view Gemini for Google Cloud logs, do one of the following:

Google Cloud console

In the Google Cloud console, go to the Logs Explorer page:
Go to Logs Explorer

If you use the search bar to find this page, then select the result whose subheading is Logging.
In the toolbar, select a Google Cloud console project.
In the toolbar, expand the All resources menu and select the resource Cloud AI Companion Instance.

Google Cloud CLI

Run the following command:

gcloud logging read "resource.type=cloudaicompanion.googleapis.com/Instance" --project PROJECT_ID  --limit 3

Sample log entries

A LogEntry is the basic unit of data in Cloud Logging. The following sections provide lists of fields found in the LogEntry for a Gemini for Google Cloud platform event, such as user requests and Gemini for Google Cloud responses.

User requests

The following table shows a list of fields found in a user request log entry.

Field	Values and notes
`LogEntry.resource.type`	Gemini for Google Cloud's resource type: `cloudaicompanion.googleapis.com/Instance`.
`LogEntry.resource.labels.resource_container`	Unique ID of the Resource Container where Gemini for Google Cloud was used.
`LogEntry.resource.labels.location`	Location where Gemini for Google Cloud was used.
`LogEntry.resource.labels.instance_id`	Unique ID of the resource where Gemini for Google Cloud was used.
`LogEntry.labels.method`	Can be one of the following, depending on what invoked `logEntry`: `CompleteTask`: for example, a chat request from Gemini Code Assist or other Gemini for Google Cloud service. `GenerateCode`: for example, a request to generate code, such as with a code transformation request within Gemini Code Assist. `CompleteCode`: for example, a request to complete code when working in the IDE, such as with inline suggestions within Gemini Code Assist.
`LogEntry.labels.product`	Gemini for Google Cloud service name. If the Gemini for Google Cloud product is Gemini Code Assist, then this value is `code_assist`. If the Gemini for Google Cloud product is Gemini Cloud Assist, then this value is `cloud_assist`. Otherwise, this value is `unknown`.
`LogEntry.labels.request_id`	A unique identifier to correlate a request to a response log entry.
`LogEntry.labels.user_id`	The identifier of the user that initiated this request.
`LogEntry.jsonPayload`	The payload of the log entry.
`LogEntry.logName`	Identifies the log.

The following sample shows an example log entry for a chat prompt event.

{
  "insertId": "654581e30003b19e340bbd96",
  "resource": {
    "type": "cloudaicompanion.googleapis.com/Instance",
    "labels": {
        instance_id: "default"
        location: "global"
        resource_container: "my-project-id"
     }
  },
  "timestamp": "2023-11-03T23:27:31.242078Z",
  "labels": {
    "product": "code_assist",
    "request_id": "4ea1e265-ea5d-4d11-b3c8-39bad9c96326"
    "user_id": "my-user@example.com"
  },
  "jsonPayload" : {
    @type: "type.googleapis.com/google.cloud.cloudaicompanion.logging.v1.RequestLog"
    "taskCompletionRequest":
      input: {
        messages: [{
          author: "USER"
          content: "What are some best practices to save cost on my Google Cloud bill?"
        }]
        preamble: ""
      }
  }
  "logName": "projects/my-project-id/logs/cloudaicompanion.googleapis.com%2Frequest",
  "receiveTimestamp": "2023-11-03T23:27:31.255648319Z"
  "severity": "INFO"
}

The following sample shows an example RequestLog entry for automatic inline code suggestion prompts and prompt Gemini for Google Cloud in a code file.

Prompt data for inline code suggestions uses the codeCompletionRequest object (as shown in the following example), while manually-triggered generation uses codeGenerationRequest.

{
  "insertId": "654581e30003b19e340bbd96",
  "resource": {
    "type": "cloudaicompanion.googleapis.com/Instance",
    "labels": {
        instance_id: "default"
        location: "global"
        resource_container: "my-project-id"
     }
  },
  "timestamp": "2023-11-03T23:27:31.242078Z",
  "labels": {
    "product": "code_assist",
    "request_id": "4ea1e265-ea5d-4d11-b3c8-39bad9c96326"
    "user_id": "my-user@example.com"
  },
  "jsonPayload" : {
    @type: "type.googleapis.com/google.cloud.cloudaicompanion.logging.v1.RequestLog"
    "codeCompletionRequest": {
      "input_data_context": {
        "additional_context": {
          "files": [
            {
              "language": "go",
              "path": "{/path/to/../current-file.go",
              "segments": [
                {
                  "content": "...Prefix Text..."
                },
                {
                  "content": "...Suffix Text..."
                }
              ],
              "state": ["EDITED"]
            },
            {
              "language": "go",
              "path": "/path/to/../recent-file.go",
              "segments": [
                {
                  "content": "...File Text..."
                }
              ],
              "state": ["RECENTLY_OPENED"]
            }
          ]
        }
      }
    }
  }
  "logName": "projects/my-project-id/logs/cloudaicompanion.googleapis.com%2Frequest",
  "receiveTimestamp": "2023-11-03T23:27:31.255648319Z"
  "severity": "INFO"
}

Gemini for Google Cloud responses

The following table shows Gemini for Google Cloud response fields and descriptions.

Field	Values and notes
`LogEntry.resource.type`	Gemini for Google Cloud's resource type: `cloudaicompanion.googleapis.com/Instance`.
`LogEntry.resource.labels.resource_container`	Unique ID of the Resource Container where Gemini for Google Cloud was used.
`LogEntry.resource.labels.location`	Location where Gemini for Google Cloud was used.
`LogEntry.resource.labels.instance_id`	Unique ID of the resource where Gemini for Google Cloud was used.
`LogEntry.labels.method`	Can be one of the following, depending on what invoked `logEntry`: `CompleteTask`: for example, a chat request from Gemini Code Assist or other Gemini for Google Cloud service. `GenerateCode`: for example, a request to generate code, such as with a code transformation request within Gemini Code Assist. `CompleteCode`: for example, a request to complete code when working in the IDE, such as with inline suggestions within Gemini Code Assist.
`LogEntry.labels.product`	Gemini for Google Cloud service name. If the Gemini for Google Cloud product is Gemini Code Assist, then this value is `code_assist`. If the Gemini for Google Cloud product is Gemini Cloud Assist, then this value is `cloud_assist`. Otherwise, this value is `unknown`.
`LogEntry.labels.request_id`	A unique identifier to correlate a request to a response log entry.
`LogEntry.labels.user_id`	The identifier of the user that initiated this request.
`LogEntry.jsonPayload`	The payload of the log entry. Any source citations used to generate the response are included in this object as `attribution_context`.
`LogEntry.logName`	Identifies the log.

What's next

Learn how to view, analyze, and monitor your logs in Google Cloud.
Learn more about monitoring usage of Gemini for Google Cloud.