API
Learn how Team and Enterprise workspaces can create organization API tokens, submit raw logs or structured events, and retrieve analysis status or saved summaries with workspace-scoped validation.
Create the token from Organization Admin on Team or Enterprise, then use `ingest:write` for raw or structured submission and `analysis:read` when downstream tooling also needs status or saved summary retrieval. Tokens are organization-scoped, audited, and still checked against the target workspace.
Use the raw route when you already have plain text logs or a stitched incident window. Use structured-event ingestion when your source already emits parsed payloads. Both public ingestion routes accept an optional `focusQuery` so Logger can investigate a suspected issue without skipping the full analysis.
Public ingestion does not bypass normal workspace rules. Plan access, upload and retained-analysis limits, queueing, and summary availability all stay server-authoritative, so API-created analyses behave like analyses started from the product UI.
Evidence-first incident analysis for teams that need failure groups fast.