---
title: Log Aggregations
summary: The Observability Aggregations API for Logs allows users to query the sampled logs that are collected for the Log Explorer &amp; Insights product with user-defined aggregations and filters.
url: https://www.fastly.com/documentation/reference/api/observability/log-aggregations
---

The Observability Aggregations API for Logs allows users to query the sampled logs that are collected for the Log Explorer &amp; Insights product with user-defined aggregations and filters.

## Data model

| Field | Type | Description |
|-------|------|-------------|
| `field` | string | The log field to which this filter should be applied. |
| `operator` | string | The comparison operator used for this filter. |
| `dimensions` | object |  |
| `meta` | object |  |
| `values` | object |  |

## API endpoints

### Retrieve aggregated log results

**GET** `/observability/aggregations`

Retrieves aggregated log results.

**Parameters:**

| Name | Type | In | Required | Description |
|------|------|----|---------|--------------|
| `dimensions` | string | query | No | Comma-separated list of fields for grouping dimensions. |
| `end` | string | query | Yes | Specifies the exclusive end time of the logs to be queried. Must be in valid RFC3339 format. |
| `filter` | string | query | No | Filter parameters take the form <code>filter[&lt;field&gt;][&lt;op&gt;]=&lt;value&gt;</code>. For example, <code>filter[response_time][gte]=0.5</code> would filter for logs where the response time was greater than or equal to 0.5 seconds. Multiple filter expressions can be combined. The filters will be combined with a logical AND operator so that the logs returned match all supplied filters. Supported filter fields include <code>domain</code>, <code>request_path</code>, <code>fastly_pop</code>, <code>response_time</code>, <code>response_status</code>, <code>is_shield</code>, <code>is_edge</code>, <code>client_os_name</code>, <code>client_device_type</code>, <code>client_browser_name</code>, and <code>is_cache_hit</code>. Supported filter operators include <code>=</code> (applicable to string, numeric, and boolean values), <code>ends-with</code> (applicable to string values), <code>in</code> (applicable to lists of string and numeric values), <code>not_in</code> (applicable to lists of string and numeric values), and <code>gt</code>, <code>gte</code>, <code>lt</code>, <code>lte</code> (applicable to numeric values). |
| `limit` | number | query | No | Maximum number of rows to return. Defaults to 10, limited to 100. |
| `series` | string | query | Yes | A data series to be computed for each grouping dimension. Series definitions take the form <code>&lt;function&gt;[&lt;field&gt;]</code>. For example, <code>series=avg[response_time]</code> will compute the average response time for each dimension value. At least one series is required. |
| `service_id` | string | query | Yes | Specifies the ID of the service for which data should be returned. |
| `sort` | string | query | No | Comma-separated list of the series names whose values should be used to sort the results. Prepend <code>-</code> to a series name to sort according to the descending order of its values. |
| `source` | string | query | Yes | Specifies the source of the data for the aggregations.  Must be <code>logs</code> to retrieve log data. |
| `start` | string | query | Yes | Specifies the inclusive start time of the logs to be queried. Must be in valid RFC3339 format. |