List datasets
List every active (non-archived) dataset in the authenticated project, with each dataset's 24-hour event count (from the per-minute rollup) and configured retention.
The dashboard uses this to populate the dataset selector and the index page.
The reserved default dataset, when present, appears in this
list like any other but is system-managed: it cannot be renamed
or archived (see PATCH /datasets/{name} and DELETE /datasets/{name}).
It is created lazily the first time a customer hits their plan's
dataset cap and an event overflows into it.
Requires logs:read scope.
Authorization
bearerAuth logs:readAPI token from your dashboard.
Format: so_live_... (production) or so_test_... (test mode).
Tokens carry one or more scopes. Request only the scopes your integration needs:
| Scope | Grants |
|---|---|
media:read | List and retrieve files |
media:write | Upload and delete files |
logs:read | Read log entries |
logs:write | Ingest log entries |
cases:read | Read cases |
cases:write | Create and update cases |
apps:read | Read apps |
apps:write | Submit apps |
usage:read | Read quota usage |
members:read | List organisation members |
members:write | Invite and remove members |
billing:read | Read billing and subscription info |
tokens:write | Create and revoke API tokens |
In: header
Scope: logs:read
Response Body
application/json
application/json
application/json
application/json
curl -X GET "https://example.com/datasets"{
"datasets": [
{
"name": "security",
"retention_days": 90,
"events_last_24h": 12453,
"default_severity": "warn",
"created_at": "2026-04-15T10:30:00Z"
},
{
"name": "chat",
"retention_days": 30,
"events_last_24h": 845230,
"created_at": "2026-04-15T10:30:00Z"
}
]
}{
"error": {
"code": "unauthorized",
"message": "missing or invalid authorization token"
}
}{
"error": {
"code": "forbidden",
"message": "token does not have the required scope"
}
}{
"error": {
"code": "internal",
"message": "an unexpected error occurred"
}
}