View Gemini logs

This document describes how you can enable the collection and storage of user input, contextual information, and responses when you use Gemini for Google Cloud. Gemini for Google Cloud doesn't collect or send to Cloud Logging any other user interactions the user might have had with Gemini for Google Cloud, including written feedback. The collected data is sent to Cloud Logging for storage. You can review this data by searching for log entries with the resource type cloudaicompanion.googleapis.com/Instance.

This feature does not log prompts or responses within Gemini in Vertex AI. To enable logs for Gemini in Vertex AI, see Enable Data Access audit logs.

Identity and Access Management (IAM) roles control the ability for a principal to access logs. You can grant predefined roles to principals, or you can create custom roles. For more information about required permissions, see Access control.

By default, Cloud Logging encrypts customer content stored at rest. Data stored in log buckets by Logging is encrypted using key-encryption keys, a process known as envelope encryption. Access to your logging data requires access to those key-encryption keys, which Google manages for you without any actions on your part.

Your organization might have regulatory, compliance-related, or advanced encryption requirements that our default encryption at rest doesn't provide. To meet your organization's requirements, instead of Google managing the encryption keys that protect your data, you can manage your keys.

For specific information about customer-managed encryption keys (CMEK) usage, including advantages, and limitations, see Customer-managed encryption keys.

Limitations

The log data recorded by Gemini in Google Cloud doesn't include user interactions with the following products:
  • Gemini in BigQuery
  • Gemini in Looker
  • Gemini in Google Security Operations
  • Gemini pane in the Google Cloud console for Database Center

Before you begin

Enable Gemini for Google Cloud logging

Contact Google Cloud Support or your Google Cloud representative with the project ID for which you want to enable Gemini for Google Cloud logging.

View Gemini for Google Cloud logs

To view Gemini for Google Cloud logs, do one of the following:

Google Cloud console

  1. In the Google Cloud console, go to the Logs Explorer page:

    Go to Logs Explorer

    If you use the search bar to find this page, then select the result whose subheading is Logging.

  2. In the toolbar, select a Google Cloud console project.
  3. In the toolbar, expand the All resources menu and select the resource Cloud AI Companion Instance.

Google Cloud CLI

Run the following command:

gcloud logging read "resource.type=cloudaicompanion.googleapis.com/Instance" --project PROJECT_ID  --limit 3

Sample log entries

A LogEntry is the basic unit of data in Cloud Logging. The following sections provide lists of fields found in the LogEntry for a Gemini for Google Cloud platform event, such as user requests and Gemini for Google Cloud responses.

User requests

The following table shows a list of fields found in a user request log entry.

Field Values and notes
LogEntry.resource.type Gemini for Google Cloud's resource type: cloudaicompanion.googleapis.com/Instance.
LogEntry.resource.labels.resource_container Unique ID of the Resource Container where Gemini for Google Cloud was used.
LogEntry.resource.labels.location Location where Gemini for Google Cloud was used.
LogEntry.resource.labels.instance_id Unique ID of the resource where Gemini for Google Cloud was used.
LogEntry.labels.method Can be one of the following, depending on what invoked logEntry:

CompleteTask: for example, a chat request from Gemini Code Assist or other Gemini for Google Cloud service.

GenerateCode: for example, a request to generate code, such as with a code transformation request within Gemini Code Assist.

CompleteCode: for example, a request to complete code when working in the IDE, such as with inline suggestions within Gemini Code Assist.
LogEntry.labels.product Gemini for Google Cloud service name. If the Gemini for Google Cloud product is Gemini Code Assist, then this value is code_assist. Otherwise, this value is unknown.
LogEntry.labels.request_id A unique identifier to correlate a request to a response log entry.
LogEntry.labels.user_id The identifier of the user that initiated this request.
LogEntry.jsonPayload The payload of the log entry.
LogEntry.logName Identifies the log.

The following sample shows an example log entry for a chat prompt event.

{
  "insertId": "654581e30003b19e340bbd96",
  "resource": {
    "type": "cloudaicompanion.googleapis.com/Instance",
    "labels": {
        instance_id: "default"
        location: "global"
        resource_container: "my-project-id"
     }
  },
  "timestamp": "2023-11-03T23:27:31.242078Z",
  "labels": {
    "product": "code_assist",
    "request_id": "4ea1e265-ea5d-4d11-b3c8-39bad9c96326"
    "user_id": "my-user@example.com"
  },
  "jsonPayload" : {
    @type: "type.googleapis.com/google.cloud.cloudaicompanion.logging.v1.RequestLog"
    "taskCompletionRequest":
      input: {
        messages: [{
          author: "USER"
          content: "What are some best practices to save cost on my Google Cloud bill?"
        }]
        preamble: ""
      }
  }
  "logName": "projects/my-project-id/logs/cloudaicompanion.googleapis.com%2Frequest",
  "receiveTimestamp": "2023-11-03T23:27:31.255648319Z"
  "severity": "INFO"
}

The following sample shows an example RequestLog entry for any code generation prompts, including prompt Gemini for Google Cloud in a code file, prompt Gemini for Google Cloud with selected code using chat, and inline code suggestion:

{
  "insertId": "654581e30003b19e340bbd96",
  "resource": {
    "type": "cloudaicompanion.googleapis.com/Instance",
    "labels": {
        instance_id: "default"
        location: "global"
        resource_container: "my-project-id"
     }
  },
  "timestamp": "2023-11-03T23:27:31.242078Z",
  "labels": {
    "product": "code_assist",
    "request_id": "4ea1e265-ea5d-4d11-b3c8-39bad9c96326"
    "user_id": "my-user@example.com"
  },
  "jsonPayload" : {
    @type: "type.googleapis.com/google.cloud.cloudaicompanion.logging.v1.RequestLog"
    "codeGenerationRequest":
      input: {
        prompt: "Generate some great Python for me."
      }
  }
  "logName": "projects/my-project-id/logs/cloudaicompanion.googleapis.com%2Frequest",
  "receiveTimestamp": "2023-11-03T23:27:31.255648319Z"
  "severity": "INFO"
}

Gemini for Google Cloud responses

The following table shows Gemini for Google Cloud response fields and descriptions.

Field Values and notes
LogEntry.resource.type Gemini for Google Cloud's resource type: cloudaicompanion.googleapis.com/Instance.
LogEntry.resource.labels.resource_container Unique ID of the Resource Container where Gemini for Google Cloud was used.
LogEntry.resource.labels.location Location where Gemini for Google Cloud was used.
LogEntry.resource.labels.instance_id Unique ID of the resource where Gemini for Google Cloud was used.
LogEntry.labels.method Can be one of the following, depending on what invoked logEntry:

CompleteTask: for example, a chat request from Gemini Code Assist or other Gemini for Google Cloud service.

GenerateCode: for example, a request to generate code, such as with a code transformation request within Gemini Code Assist.

CompleteCode: for example, a request to complete code when working in the IDE, such as with inline suggestions within Gemini Code Assist.
LogEntry.labels.product Gemini for Google Cloud service name. If the Gemini for Google Cloud product is Gemini Code Assist, then this value is code_assist. Otherwise, this value is unknown.
LogEntry.labels.request_id A unique identifier to correlate a request to a response log entry.
LogEntry.labels.user_id The identifier of the user that initiated this request.
LogEntry.jsonPayload The payload of the log entry.
LogEntry.logName Identifies the log.

What's next