API ReferenceLogs
Discover dataset fields
Return the field list available for SOQL queries against this dataset:
- Canonical fields are the built-in event fields (
ts,severity,event, etc.). Static; the same set for every dataset. - Payload fields are auto-discovered from the last 24 hours of events on this dataset. Up to 50 keys, ordered by cardinality descending, with up to 5 sample values per key and an approximate distinct-count.
Powers the search-bar autocomplete in the dashboard.
Responses are cached for 5 minutes per (project, dataset) so a
new payload key takes up to 5 minutes to appear in suggestions.
X-Cache: HIT|MISS header indicates whether the response came
from cache.
Requires logs:read scope.
Authorization
bearerAuth logs:readAuthorizationBearer <token>
API token from your dashboard.
Format: so_live_... (production) or so_test_... (test mode).
Tokens carry one or more scopes. Request only the scopes your integration needs:
| Scope | Grants |
|---|---|
media:read | List and retrieve files |
media:write | Upload and delete files |
logs:read | Read log entries |
logs:write | Ingest log entries |
cases:read | Read cases |
cases:write | Create and update cases |
apps:read | Read apps |
apps:write | Submit apps |
usage:read | Read quota usage |
members:read | List organisation members |
members:write | Invite and remove members |
billing:read | Read billing and subscription info |
tokens:write | Create and revoke API tokens |
In: header
Scope: logs:read
Path Parameters
name*string
Dataset name. Must match ^[a-z0-9][a-z0-9_-]{0,62}[a-z0-9]$.
Match
^[a-z0-9][a-z0-9_-]{0,62}[a-z0-9]$|^[a-z0-9]$Response Body
application/json
application/json
application/json
application/json
application/json
application/json
application/json
curl -X GET "https://example.com/datasets/string/schema"{
"dataset": "security",
"canonical_fields": [
{
"name": "actor",
"type": "string"
},
{
"name": "bytes_raw",
"type": "number"
},
{
"name": "dataset",
"type": "string"
},
{
"name": "event",
"type": "string"
},
{
"name": "event_id",
"type": "UUID"
},
{
"name": "ingested_at",
"type": "datetime"
},
{
"name": "message",
"type": "string"
},
{
"name": "severity",
"type": "severity (ordinal)"
},
{
"name": "source",
"type": "string"
},
{
"name": "ts",
"type": "datetime"
}
],
"payload_fields": [
{
"key": "player_id",
"cardinality": 1247,
"samples": [
"1337",
"42",
"99",
"7755",
"12"
]
},
{
"key": "ip",
"cardinality": 18900,
"samples": [
"1.2.3.4",
"10.0.0.1",
"203.0.113.5"
]
},
{
"key": "steam_id",
"cardinality": 1247,
"samples": [
"76561198012345678"
]
}
],
"generated_at": "2026-05-17T14:30:00Z"
}{
"error": {
"code": "not_found",
"message": "file not found"
}
}{
"error": {
"code": "unauthorized",
"message": "missing or invalid authorization token"
}
}{
"error": {
"code": "forbidden",
"message": "token does not have the required scope"
}
}{
"error": {
"code": "not_found",
"message": "file not found"
}
}{
"error": {
"code": "internal",
"message": "an unexpected error occurred"
}
}{
"error": {
"code": "not_found",
"message": "file not found"
}
}