View Gemini for Google Cloud logs

This document describes how you can enable the collection and storage of user input, contextual information, and responses when you use Gemini for Google Cloud. Gemini doesn't collect or send to Cloud Logging any other user interactions the user might have had with Gemini, including written feedback. The collected data is sent to Cloud Logging for storage. You can review this data by searching for log entries with the resource type cloudaicompanion.googleapis.com/Instance.

Identity and Access Management (IAM) roles control the ability for a principal to access logs. You can grant predefined roles to principals, or you can create custom roles. For more information about required permissions, see Access control.

By default, Cloud Logging encrypts customer content stored at rest. Data stored in log buckets by Logging is encrypted using key-encryption keys, a process known as envelope encryption. Access to your logging data requires access to those key-encryption keys, which Google manages for you without any actions on your part.

Your organization might have regulatory, compliance-related, or advanced encryption requirements that our default encryption at rest doesn't provide. To meet your organization's requirements, instead of Google managing the encryption keys that protect your data, you can manage your keys.

For specific information about customer-managed encryption keys (CMEK) usage, including advantages, and limitations, see Customer-managed encryption keys.

Before you begin

To get the permissions that you need to view Gemini logs, ask your administrator to grant you the Logs Viewer (roles/logging.viewer) IAM role on your project. For more information about granting roles, see Manage access.

You might also be able to get the required permissions through custom roles or other predefined roles.
Review Cloud Logging pricing and Gemini pricing before enabling Gemini logging.

Enable Gemini logging

Contact Google Cloud Support or your Google Cloud representative with the project ID for which you want to enable Gemini logging.

View Gemini logs

To view Gemini logs, do one of the following:

Google Cloud console

In the Google Cloud console, go to the Logs Explorer page:
Go to Logs Explorer

If you use the search bar to find this page, then select the result whose subheading is Logging.
In the toolbar, select a Google Cloud console project.
Use the menus to select the resource Cloud AI Companion Instance.

Google Cloud CLI

Run the following command:

gcloud logging read "resource.type=cloudaicompanion.googleapis.com/Instance" --project PROJECT_ID  --limit 3

Sample log entries

A LogEntry is the basic unit of data in Cloud Logging. The following sections provide lists of fields found in the LogEntry for a Gemini platform event, such as user requests and Gemini responses.

User requests

The following table shows a list of fields found in a user request log entry.

Field	Values and notes
`LogEntry.resource.type`	Gemini's resource type: `cloudaicompanion.googleapis.com/Instance`.
`LogEntry.resource.labels.resource_container`	Unique ID of the Resource Container where Gemini was used.
`LogEntry.resource.labels.location`	Location where Gemini was used.
`LogEntry.resource.labels.instance_id`	Unique ID of the resource where Gemini was used.
`LogEntry.labels.product`	Gemini for Google Cloud service name. If the Gemini product is Gemini Code Assist, then this value is `code_assist`. Otherwise, this value is `unknown`.
`LogEntry.labels.request_id`	A unique identifier to correlate a request to a response log entry.
`LogEntry.labels.user_id`	The identifier of the user that initiated this request.
`LogEntry.jsonPayload`	The payload of the log entry.
`LogEntry.logName`	Identifies the log.

The following sample shows an example log entry for a chat prompt event.

{
  "insertId": "654581e30003b19e340bbd96",
  "resource": {
    "type": "cloudaicompanion.googleapis.com/Instance",
    "labels": {
        instance_id: "default"
        location: "global"
        resource_container: "my-project-id"
     }
  },
  "timestamp": "2023-11-03T23:27:31.242078Z",
  "labels": {
    "product": "code_assist",
    "request_id": "4ea1e265-ea5d-4d11-b3c8-39bad9c96326"
    "user_id": "my-user@example.com"
  },
  "jsonPayload" : {
    @type: "type.googleapis.com/google.cloud.cloudaicompanion.logging.v1.RequestLog"
    "taskCompletionRequest":
      input: {
        messages: [{
          author: "USER"
          content: "What are some best practices to save cost on my Google Cloud bill?"
        }]
        preamble: ""
      }
  }
  "logName": "projects/my-project-id/logs/cloudaicompanion.googleapis.com%2Frequest",
  "receiveTimestamp": "2023-11-03T23:27:31.255648319Z"
  "severity": "INFO"
}

The following sample shows an example RequestLog entry for any code generation prompts, including prompt Gemini in a code file, prompt Gemini with selected code using chat, and inline code suggestion:

{
  "insertId": "654581e30003b19e340bbd96",
  "resource": {
    "type": "cloudaicompanion.googleapis.com/Instance",
    "labels": {
        instance_id: "default"
        location: "global"
        resource_container: "my-project-id"
     }
  },
  "timestamp": "2023-11-03T23:27:31.242078Z",
  "labels": {
    "product": "code_assist",
    "request_id": "4ea1e265-ea5d-4d11-b3c8-39bad9c96326"
    "user_id": "my-user@example.com"
  },
  "jsonPayload" : {
    @type: "type.googleapis.com/google.cloud.cloudaicompanion.logging.v1.RequestLog"
    "codeGenerationRequest":
      input: {
        prompt: "Generate some great Python for me."
      }
  }
  "logName": "projects/my-project-id/logs/cloudaicompanion.googleapis.com%2Frequest",
  "receiveTimestamp": "2023-11-03T23:27:31.255648319Z"
  "severity": "INFO"
}

Gemini responses

The following table shows Gemini response fields and descriptions.

Field	Values and notes
`LogEntry.resource.type`	Gemini's resource type: `cloudaicompanion.googleapis.com/Instance`.
`LogEntry.resource.labels.resource_container`	Unique ID of the Resource Container where Gemini was used.
`LogEntry.resource.labels.location`	Location where Gemini was used.
`LogEntry.resource.labels.instance_id`	Unique ID of the resource where Gemini was used.
`LogEntry.labels.product`	Gemini for Google Cloud service name. If the Gemini product is Gemini Code Assist, then this value is `code_assist`. Otherwise, this value is `unknown`.
`LogEntry.labels.request_id`	A unique identifier to correlate a request to a response log entry.
`LogEntry.labels.user_id`	The identifier of the user that initiated this request.
`LogEntry.jsonPayload`	The payload of the log entry.
`LogEntry.logName`	Identifies the log.

What's next

Learn how to view, analyze, and monitor your logs on Google Cloud.