---
title: "Delete unwanted information in log lines | Grafana Cloud documentation"
description: "Delete unwanted information in log lines In the event that sensitive, private, or unwanted information is added to your logs, you can use LogQL to create a query that identifies specific content to delete, and use the Loki API to delete those log lines. For example, you can create a query that matches all log lines that contain ten-digit numbers of the format XXX-XXX-XXXX over the last two days, to remove phone numbers that were accidentally published to your logs. When you’ve verified your query matches the lines you want to remove, you’ll send that query to the Loki API delete endpoint. As soon as you submit the log deletion request, the log data is filtered so that it is no longer available to be searched. The actual deletion is performed in batches as a background task every 24 hours. For more information on working with LogQL, refer to LogQL: Log query language in the Loki documentation."
---

> For a curated documentation index, see [llms.txt](/llms.txt). For the complete documentation index, see [llms-full.txt](/llms-full.txt).

# Delete unwanted information in log lines

In the event that sensitive, private, or unwanted information is added to your logs, you can use LogQL to create a query that identifies specific content to delete, and use the Loki API to delete those log lines. For example, you can create a query that matches all log lines that contain ten-digit numbers of the format `XXX-XXX-XXXX` over the last two days, to remove phone numbers that were accidentally published to your logs. When you’ve verified your query matches the lines you want to remove, you’ll send that query to the Loki API delete endpoint. As soon as you submit the log deletion request, the log data is filtered so that it is no longer available to be searched. The actual deletion is performed in batches as a background task every 24 hours. For more information on working with LogQL, refer to [LogQL: Log query language](/docs/grafana-cloud/connect-externally-hosted/data-sources/loki//) in the Loki documentation.

In order to use the delete endpoint, you must supply a token for an access policy that grants logs deletion access. To create the needed access policy and token, you must use the [Grafana Cloud Access Policies](/docs/grafana-cloud/account-management/authentication-and-permissions/access-policies/) API or contact Support to install the Grafana Cloud Access Policy plugin in your Grafana stack.

> Note
> 
> Log deletion is meant to scrub logs of unwanted content, not to reduce log usage and billing. Deleting logs after they’ve already been ingested does not affect usage volume. To learn how to control log usage, refer to [Analyze log costs with Grafana Explore](/docs/grafana-cloud/cost-management-and-billing/analyze-costs/logs-costs/analyze-logs-costs-grafana-explore/).

## Configure an access policy and create a token

You must configure an access policy with log delete privileges and a token for that access policy to access log deletion endpoints. For more information on access policies, refer [Grafana Cloud Access Policies](/docs/grafana-cloud/account-management/authentication-and-permissions/access-policies/).

**Before you begin**

You will need the following information to use the Grafana Cloud API:

- Stack URL
- Stack user ID

This information is available in your Grafana Loki Data Source settings. To find these settings:

1. Go to the Cloud Portal, and click **Details** on the tile for the stack you want to work in.
2. Click **Details** on the Loki tile.
3. Make a note of your URL and your user ID number. These replace the *`<STACK-URL>`* and *`<STACK-USER-ID>`* placeholders in the API calls.

**Configure an access policy and token**

The following steps are for use with the Grafana Cloud Access Policy plugin. To create an access policy and token using the Grafana Cloud API, refer to [Create an access policy](/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#create-an-access-policy) and [Create a token](/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#create-a-token) in the Grafana Cloud API reference. Only users with the Admin role can configure access policies and tokens.

1. In your Grafana Cloud stack, click **Configuration (gear icon)**.
2. Click the **Cloud access policies** tab.
3. Click **Create access policy**.
4. Enter a name for the access policy.
5. In the **Resources** column, for **logs**, select **Delete**.
6. Select **Create access policy** to add the access policy.
7. Select **Add token** to create a token for that access policy. This replaces the *`<API-TOKEN>`* placeholder in the following API calls.

## Use the Loki DELETE API call

Use the following endpoints to manage log line deletion. For more information on Loki DELETE API reference, see the [Compactor section](/docs/loki/latest/reference/api/#compactor) in the Loki HTTP API reference.

> Caution
> 
> When a delete request is executed, the change is permanent. You can’t restore deleted log lines.

### Log line deletion requests

Use the following endpoint to delete log lines:

Bash ![Copy code to clipboard](/media/images/icons/icon-copy-small-2.svg) Copy

```bash
POST /loki/api/v1/delete
```

For example, the following call uses a Loki query with a regexp to delete all log lines with timestamps between `start-time-unixtimestamp` and `end-time-unixtimestamp` that contain strings formatted like credit card numbers.

curl ![Copy code to clipboard](/media/images/icons/icon-copy-small-2.svg) Copy

```curl
curl -v -G -X POST 'https://<STACK-URL>/loki/api/v1/delete' \
	--data-urlencode 'query={system="creditcardpayments"} | regexp "msg=txn complete; purchase on card (?P<card-number>[0-9]{4}-[0-9]{4}-[0-9]{4}-[0-9]{4}) accepted"' \
	--data-urlencode 'start=<start-time-unixtimestamp>' \
	--data-urlencode 'end=<end-time-unixtimestamp>' \
	-u "<STACK-USER-ID>:<API-TOKEN>"
```

### Log deletion request list

To get a list of requested deletions:

Bash ![Copy code to clipboard](/media/images/icons/icon-copy-small-2.svg) Copy

```bash
GET /loki/api/v1/delete
```

For example:

curl ![Copy code to clipboard](/media/images/icons/icon-copy-small-2.svg) Copy

```curl
curl 'https://<STACK-URL>/loki/api/v1/delete' -u "<STACK-USER-ID>:<API-TOKEN>"
```

### Request cancellation

To request cancellation of a deletion request before it is processed:

Bash ![Copy code to clipboard](/media/images/icons/icon-copy-small-2.svg) Copy

```bash
DELETE /loki/api/v1/delete
```

For example:

curl ![Copy code to clipboard](/media/images/icons/icon-copy-small-2.svg) Copy

```curl
curl -X DELETE 'https://<STACK-URL>/loki/api/v1/delete?request_id=<request_id>' -u `<STACK-USER-ID>:<API-TOKEN>`
```