This document describes how you can enable the collection and storage of user
input, contextual information, and responses when you use Gemini for Google Cloud.
Gemini doesn't collect or send to Cloud Logging
any other user interactions the user might have had with Gemini,
including written feedback. The collected data is sent to Cloud Logging for
storage. You can review this data by searching for log entries with the resource
type cloudaicompanion.googleapis.com/Instance
.
This feature does not log prompts or responses within Gemini in Vertex AI. To enable logs for Gemini in Vertex AI, see Enable Data Access audit logs.
Identity and Access Management (IAM) roles control the ability for a principal to access logs. You can grant predefined roles to principals, or you can create custom roles. For more information about required permissions, see Access control.
By default, Cloud Logging encrypts customer content stored at rest. Data stored in log buckets by Logging is encrypted using key-encryption keys, a process known as envelope encryption. Access to your logging data requires access to those key-encryption keys, which Google manages for you without any actions on your part.
Your organization might have regulatory, compliance-related, or advanced encryption requirements that our default encryption at rest doesn't provide. To meet your organization's requirements, instead of Google managing the encryption keys that protect your data, you can manage your keys.
For specific information about customer-managed encryption keys (CMEK) usage, including advantages, and limitations, see Customer-managed encryption keys.
Limitations
Gemini in Google Cloud doesn't log the following products and product interactions:
- Gemini in BigQuery
- Gemini in Looker
- Gemini in Google Security Operations
- Gemini pane in the Google Cloud console for Database Center
Before you begin
-
To get the permissions that you need to view Gemini logs, ask your administrator to grant you the Logs Viewer (
roles/logging.viewer
) IAM role on your project. For more information about granting roles, see Manage access to projects, folders, and organizations.You might also be able to get the required permissions through custom roles or other predefined roles.
Review Cloud Logging pricing and Gemini pricing before enabling Gemini logging.
Enable Gemini logging
Contact Google Cloud Support or your Google Cloud representative with the project ID for which you want to enable Gemini logging.
View Gemini logs
To view Gemini logs, do one of the following:
Google Cloud console
-
In the Google Cloud console, go to the Logs Explorer page:
If you use the search bar to find this page, then select the result whose subheading is Logging.
- In the toolbar, select a Google Cloud console project.
- Use the menus to select the resource Cloud AI Companion Instance.
Google Cloud CLI
Run the following command:
gcloud logging read "resource.type=cloudaicompanion.googleapis.com/Instance" --project PROJECT_ID --limit 3
Sample log entries
A LogEntry
is the basic unit of
data in Cloud Logging. The following sections provide lists of fields found
in the LogEntry
for a Gemini platform event, such as
user requests and Gemini responses.
User requests
The following table shows a list of fields found in a user request log entry.
Field | Values and notes |
---|---|
LogEntry.resource.type |
Gemini's resource type: cloudaicompanion.googleapis.com/Instance . |
LogEntry.resource.labels.resource_container |
Unique ID of the Resource Container where Gemini was used. |
LogEntry.resource.labels.location |
Location where Gemini was used. |
LogEntry.resource.labels.instance_id |
Unique ID of the resource where Gemini was used. |
LogEntry.labels.product |
Gemini for Google Cloud service name. If the Gemini product is Gemini Code Assist, then this value is code_assist . Otherwise, this value is unknown . |
LogEntry.labels.request_id |
A unique identifier to correlate a request to a response log entry. |
LogEntry.labels.user_id |
The identifier of the user that initiated this request. |
LogEntry.jsonPayload |
The payload of the log entry. |
LogEntry.logName |
Identifies the log. |
The following sample shows an example log entry for a chat prompt event.
{
"insertId": "654581e30003b19e340bbd96",
"resource": {
"type": "cloudaicompanion.googleapis.com/Instance",
"labels": {
instance_id: "default"
location: "global"
resource_container: "my-project-id"
}
},
"timestamp": "2023-11-03T23:27:31.242078Z",
"labels": {
"product": "code_assist",
"request_id": "4ea1e265-ea5d-4d11-b3c8-39bad9c96326"
"user_id": "my-user@example.com"
},
"jsonPayload" : {
@type: "type.googleapis.com/google.cloud.cloudaicompanion.logging.v1.RequestLog"
"taskCompletionRequest":
input: {
messages: [{
author: "USER"
content: "What are some best practices to save cost on my Google Cloud bill?"
}]
preamble: ""
}
}
"logName": "projects/my-project-id/logs/cloudaicompanion.googleapis.com%2Frequest",
"receiveTimestamp": "2023-11-03T23:27:31.255648319Z"
"severity": "INFO"
}
The following sample shows an example RequestLog
entry for any code
generation prompts, including
prompt Gemini in a code file,
prompt Gemini with selected code using chat,
and
inline code suggestion:
{
"insertId": "654581e30003b19e340bbd96",
"resource": {
"type": "cloudaicompanion.googleapis.com/Instance",
"labels": {
instance_id: "default"
location: "global"
resource_container: "my-project-id"
}
},
"timestamp": "2023-11-03T23:27:31.242078Z",
"labels": {
"product": "code_assist",
"request_id": "4ea1e265-ea5d-4d11-b3c8-39bad9c96326"
"user_id": "my-user@example.com"
},
"jsonPayload" : {
@type: "type.googleapis.com/google.cloud.cloudaicompanion.logging.v1.RequestLog"
"codeGenerationRequest":
input: {
prompt: "Generate some great Python for me."
}
}
"logName": "projects/my-project-id/logs/cloudaicompanion.googleapis.com%2Frequest",
"receiveTimestamp": "2023-11-03T23:27:31.255648319Z"
"severity": "INFO"
}
Gemini responses
The following table shows Gemini response fields and descriptions.
Field | Values and notes |
---|---|
LogEntry.resource.type |
Gemini's resource type: cloudaicompanion.googleapis.com/Instance . |
LogEntry.resource.labels.resource_container |
Unique ID of the Resource Container where Gemini was used. |
LogEntry.resource.labels.location |
Location where Gemini was used. |
LogEntry.resource.labels.instance_id |
Unique ID of the resource where Gemini was used. |
LogEntry.labels.product |
Gemini for Google Cloud service name. If the Gemini product is Gemini Code Assist, then this value is code_assist . Otherwise, this value is unknown . |
LogEntry.labels.request_id |
A unique identifier to correlate a request to a response log entry. |
LogEntry.labels.user_id |
The identifier of the user that initiated this request. |
LogEntry.jsonPayload |
The payload of the log entry. |
LogEntry.logName |
Identifies the log. |
What's next
- Learn how to view, analyze, and monitor your logs on Google Cloud.