Method: sinks.create

Creates a sink that exports specified log entries to a destination. The export begins upon ingress, unless the sink's writerIdentity is not permitted to write to the destination. A sink can export log entries only from the resource owning the sink.

HTTP request

POST https://logging.googleapis.com/v2/{parent=*/*}/sinks

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
parent

string

Required. The resource in which to create the sink:

"projects/[PROJECT_ID]"
"organizations/[ORGANIZATION_ID]"
"billingAccounts/[BILLING_ACCOUNT_ID]"
"folders/[FOLDER_ID]"

For examples:

"projects/my-project" "organizations/123456789"

Authorization requires the following IAM permission on the specified resource parent:

  • logging.sinks.create

Query parameters

Parameters
uniqueWriterIdentity

boolean

Optional. Determines the kind of IAM identity returned as writerIdentity in the new sink. If this value is omitted or set to false, and if the sink's parent is a project, then the value returned as writerIdentity is the same group or service account used by Cloud Logging before the addition of writer identities to this API. The sink's destination must be in the same project as the sink itself.

If this field is set to true, or if the sink is owned by a non-project resource such as an organization, then the value of writerIdentity will be a service agent used by the sinks with the same parent. For more information, see writerIdentity in LogSink.

customWriterIdentity

string

Optional. The service account provided by the caller that will be used to write the log entries. The format must be serviceAccount:some@email. This field can only be specified when you are routing logs to a log bucket that is in a different project than the sink. When not specified, a Logging service account will automatically be generated.

Request body

The request body contains an instance of LogSink.

Response body

If successful, the response body contains a newly created instance of LogSink.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/logging.admin
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.