This document describes how you can enable the collection and storage of user
input, contextual information, and responses when you use Gemini for
Google Cloud. Gemini for Google Cloud doesn't collect or send to Cloud Logging
any other user interactions the user might have had with Gemini for Google Cloud,
including written feedback. The collected data is sent to Cloud Logging for
storage. You can review this data by searching for log entries with the resource
type cloudaicompanion.googleapis.com/Instance
.
This feature does not log prompts or responses within Gemini in Vertex AI. To enable logs for Gemini in Vertex AI, see Enable Data Access audit logs.
Identity and Access Management (IAM) roles control the ability for a principal to access logs. You can grant predefined roles to principals, or you can create custom roles. For more information about required permissions, see Access control.
By default, Cloud Logging encrypts customer content stored at rest. Data stored in log buckets by Logging is encrypted using key-encryption keys, a process known as envelope encryption. Access to your logging data requires access to those key-encryption keys, which Google manages for you without any actions on your part.
Your organization might have regulatory, compliance-related, or advanced encryption requirements that our default encryption at rest doesn't provide. To meet your organization's requirements, instead of Google managing the encryption keys that protect your data, you can manage your keys.
For specific information about customer-managed encryption keys (CMEK) usage, including advantages, and limitations, see Customer-managed encryption keys.
Limitations
The log data recorded by Gemini in Google Cloud doesn't include user interactions with the following products:- Gemini in BigQuery
- Gemini in Looker
- Gemini in Google Security Operations
- Gemini pane in the Google Cloud console for Database Center
Before you begin
-
To get the permissions that you need to view Gemini for Google Cloud logs, ask your administrator to grant you the Logs Viewer (
roles/logging.viewer
) IAM role on your project. For more information about granting roles, see Manage access to projects, folders, and organizations.You might also be able to get the required permissions through custom roles or other predefined roles.
Review Cloud Logging pricing and Gemini for Google Cloud pricing before enabling Gemini for Google Cloud logging.
Enable Gemini for Google Cloud logging
Contact Google Cloud Support or your Google Cloud representative with the project ID for which you want to enable Gemini for Google Cloud logging.
View Gemini for Google Cloud logs
To view Gemini for Google Cloud logs, do one of the following:
Google Cloud console
-
In the Google Cloud console, go to the Logs Explorer page:
If you use the search bar to find this page, then select the result whose subheading is Logging.
- In the toolbar, select a Google Cloud console project.
- In the toolbar, expand the All resources menu and select the resource Cloud AI Companion Instance.
Google Cloud CLI
Run the following command:
gcloud logging read "resource.type=cloudaicompanion.googleapis.com/Instance" --project PROJECT_ID --limit 3
Sample log entries
A LogEntry
is the basic unit of
data in Cloud Logging. The following sections provide lists of fields found
in the LogEntry
for a Gemini for Google Cloud platform event, such as
user requests and Gemini for Google Cloud responses.
User requests
The following table shows a list of fields found in a user request log entry.
Field | Values and notes |
---|---|
LogEntry.resource.type |
Gemini for Google Cloud's resource type: cloudaicompanion.googleapis.com/Instance . |
LogEntry.resource.labels.resource_container |
Unique ID of the Resource Container where Gemini for Google Cloud was used. |
LogEntry.resource.labels.location |
Location where Gemini for Google Cloud was used. |
LogEntry.resource.labels.instance_id |
Unique ID of the resource where Gemini for Google Cloud was used. |
LogEntry.labels.method |
Can be one of the following, depending on what invoked logEntry :CompleteTask : for example, a chat request from Gemini Code Assist or other Gemini for Google Cloud service.GenerateCode : for example, a request to generate code, such as with a code transformation request within Gemini Code Assist.CompleteCode : for example, a request to complete code when working in the IDE, such as with inline suggestions within Gemini Code Assist. |
LogEntry.labels.product |
Gemini for Google Cloud service name. If the Gemini for Google Cloud product is Gemini Code Assist, then this value is code_assist . Otherwise, this value is unknown . |
LogEntry.labels.request_id |
A unique identifier to correlate a request to a response log entry. |
LogEntry.labels.user_id |
The identifier of the user that initiated this request. |
LogEntry.jsonPayload |
The payload of the log entry. |
LogEntry.logName |
Identifies the log. |
The following sample shows an example log entry for a chat prompt event.
{
"insertId": "654581e30003b19e340bbd96",
"resource": {
"type": "cloudaicompanion.googleapis.com/Instance",
"labels": {
instance_id: "default"
location: "global"
resource_container: "my-project-id"
}
},
"timestamp": "2023-11-03T23:27:31.242078Z",
"labels": {
"product": "code_assist",
"request_id": "4ea1e265-ea5d-4d11-b3c8-39bad9c96326"
"user_id": "my-user@example.com"
},
"jsonPayload" : {
@type: "type.googleapis.com/google.cloud.cloudaicompanion.logging.v1.RequestLog"
"taskCompletionRequest":
input: {
messages: [{
author: "USER"
content: "What are some best practices to save cost on my Google Cloud bill?"
}]
preamble: ""
}
}
"logName": "projects/my-project-id/logs/cloudaicompanion.googleapis.com%2Frequest",
"receiveTimestamp": "2023-11-03T23:27:31.255648319Z"
"severity": "INFO"
}
The following sample shows an example RequestLog
entry for automatic
inline code suggestion
prompts and
prompt Gemini for Google Cloud in a code file.
Prompt data for inline code suggestions uses the codeCompletionRequest
object
(as shown in the following example), while manually-triggered generation uses
codeGenerationRequest
.
{
"insertId": "654581e30003b19e340bbd96",
"resource": {
"type": "cloudaicompanion.googleapis.com/Instance",
"labels": {
instance_id: "default"
location: "global"
resource_container: "my-project-id"
}
},
"timestamp": "2023-11-03T23:27:31.242078Z",
"labels": {
"product": "code_assist",
"request_id": "4ea1e265-ea5d-4d11-b3c8-39bad9c96326"
"user_id": "my-user@example.com"
},
"jsonPayload" : {
@type: "type.googleapis.com/google.cloud.cloudaicompanion.logging.v1.RequestLog"
"codeCompletionRequest": {
"input_data_context": {
"additional_context": {
"files": [
{
"path": "{/path/to/../current-file.go",
"segments": [
{
"content": "...Prefix Text..."
},
{
"content": "...Suffix Text..."
}
],
"state": ["EDITED"]
},
{
"path": "/path/to/../recent-file.go",
"segments": [
{
"content": "...File Text..."
}
],
"state": ["RECENTLY_OPENED"]
}
]
}
}
}
}
"logName": "projects/my-project-id/logs/cloudaicompanion.googleapis.com%2Frequest",
"receiveTimestamp": "2023-11-03T23:27:31.255648319Z"
"severity": "INFO"
}
Gemini for Google Cloud responses
The following table shows Gemini for Google Cloud response fields and descriptions.
Field | Values and notes |
---|---|
LogEntry.resource.type |
Gemini for Google Cloud's resource type: cloudaicompanion.googleapis.com/Instance . |
LogEntry.resource.labels.resource_container |
Unique ID of the Resource Container where Gemini for Google Cloud was used. |
LogEntry.resource.labels.location |
Location where Gemini for Google Cloud was used. |
LogEntry.resource.labels.instance_id |
Unique ID of the resource where Gemini for Google Cloud was used. |
LogEntry.labels.method |
Can be one of the following, depending on what invoked logEntry :CompleteTask : for example, a chat request from Gemini Code Assist or other Gemini for Google Cloud service.GenerateCode : for example, a request to generate code, such as with a code transformation request within Gemini Code Assist.CompleteCode : for example, a request to complete code when working in the IDE, such as with inline suggestions within Gemini Code Assist. |
LogEntry.labels.product |
Gemini for Google Cloud service name. If the Gemini for Google Cloud product is Gemini Code Assist, then this value is code_assist . Otherwise, this value is unknown . |
LogEntry.labels.request_id |
A unique identifier to correlate a request to a response log entry. |
LogEntry.labels.user_id |
The identifier of the user that initiated this request. |
LogEntry.jsonPayload |
The payload of the log entry. Any source citations used to generate the response are included in this object as attribution_context . |
LogEntry.logName |
Identifies the log. |
What's next
- Learn how to view, analyze, and monitor your logs in Google Cloud.
- Learn more about monitoring usage of Gemini for Google Cloud.