Heroku Logging Guide:
CLI Cheat Sheet and Private Space Logging

Arfan Sharif - March 2, 2023

In part one and part two of this series, we discussed core concepts of Heroku logging, such as log types, Logplex, and log drains.

In this article, we’ll provide a cheat sheet of Heroku Logging CLI commands. Developers might not love working at the command line; however, executing commands with the CLI is quick and allows more control than graphical interfaces, giving developers the power to automate tasks via scripts.

This cheat sheet contains detailed explanations and examples to help developers with all the necessary commands to interact successfully with Heroku logs applications.

This article will also cover the topic of Heroku Private Spaces, specifically what they are, how to create a space, and how to set up logging and create queries.

Learn More

Explore the complete Heroku Logging Guide series:

Command Line Interface Cheat Sheet

While there are many CLI commands to be aware of when working with logs in Heroku, we’ll cover the most commonly used ones here.

Logs CLI Commands

View Logs

The basic CLI command for interacting with Heroku logs is:

heroku logs

Executing it will return a maximum of 100 most recent log entries. The output of this command looks like this:

2022-12-28T19:08:23.612947+00:00 app[web.1]: [2022-12-28 19:08:23 +0000] [4] [INFO] Starting gunicorn 20.1.0
2022-12-28T19:08:23.613444+00:00 app[web.1]: [2022-12-28 19:08:23 +0000] [4] [INFO] Listening at: (4)
2022-12-28T19:08:23.613516+00:00 app[web.1]: [2022-12-28 19:08:23 +0000] [4] [INFO] Using worker: sync
2022-12-28T19:08:23.618325+00:00 app[web.1]: [2022-12-28 19:08:23 +0000] [9] [INFO] Booting worker with pid: 9
2022-12-28T19:08:23.628735+00:00 app[web.1]: [2022-12-28 19:08:23 +0000] [10] [INFO] Booting worker with pid: 10

View Logs in a Real-Time Stream

To view your Heroku logs in a real-time stream, updating as new logs come in, you would use the --tail option.

heroku logs --tail

To stop the stream, execute CTRL+C (which is similar to performing a keyboard interrupt with most CLI apps).

Filter Logs by Source

The following command will return a list of the most recent logs but filtered by source. In this example, the source will be application logs.

heroku logs --source app

We can also filter by system logs.

heroku logs --source heroku

Specify the Number of Logs

The following command allows us to specify the exact number of recent logs we wish to display.  To see the 200 most recent logs, use this command:

heroku logs -n 200

It’s important to note that the maximum number of logs Logplex can retain is 1,500.

Filter by App Name

We can also filter logs by app name. In this example, the app is called my-app.

heroku logs --app my-app

Filter by Dyno

A Heroku dyno is a lightweight Linux container in which our app is executed. Below is the command for filtering by dyno:

heroku logs --dyno heroku-redis


For a colorized version of the output, use the force-colors flag:

heroku logs --app my-app --force-colors

Log Drains CLI Commands

View Log Drains for an App

Heroku log drain activity can also be viewed in the CLI. Below is the command for displaying the log drain for an app called my-app.

heroku drains --app my-app

This code will display the data in tabular format. For the JSON format, add the json flag.

The command, with the --json flag added, outputs the following:

    "addon": null,
    "created_at": "2023-01-01T00:59:46Z",
    "id": "906262a4-e151-45d2-b35a-a2dc0ea9e688",
    "token": "d.f14da8cd-108a-228d-b1be-bed8ec2fa1e7",
    "updated_at": "2023-01-02T00:59:47Z",
    "url": "syslog://logs.example.com"
    "addon": {null,
    "created_at": "2023-01-01T21:44:01Z",
    "id": "b8c04a36-c914-4ec4-a5bd-eaa8c965d0dd",
    "token": "d.0a75c222-f49b-4428-ac2f-a5935fcffd50",
    "updated_at": "2028-01-02T21:44:02Z",
    "url": "syslog+tls://logs.anotherexample.com"

Add a Log Drain

To add a log drain to an app, run the following CLI command:

heroku drains:add -a my-app https://logdestination.example.com

We can send logs from Heroku to many third-party logging platforms, which we will discuss in more detail in part four of this series.

Remove a Log Drain

To remove a drain, execute the following command:

heroku drains:remove -a my-app https://logdestination.example.com

Combine Flags in Logs CLI Commands

We can also combine many flags and options when executing Heroku CLI commands. Let’s look at some examples.

Filter by app and specify the number of lines.

heroku logs -a my-app -n 50

Filter by app and dyno.

heroku logs -a my-app -d my-dyno

View logs in real time, filtered by app.

heroku logs -a my-app –tail

Private Space Logging

Private Spaces are used for deploying enterprise-level applications on Heroku. They bring a higher degree of security but less log configuration.

A Heroku Private Space represents an isolated environment within the Heroku platform, similar to the Virtual Private Cloud in platforms such as AWS or GCP. Private Spaces allow you to encapsulate your apps and services for accessibility only from other services within your private subnets. This helps to ensure protection from unauthorized access.

Apps running in Private Spaces run in private dynos, meaning they do not share infrastructure with other dynos. This ensures a major performance boost.

Private Spaces are ideal for applications requiring high levels of security and regulatory compliance. However, keep in mind that not all Heroku regions of the world support Private Spaces. The regions that currently support Private Spaces are the following:

  • Virginia
  • Oregon
  • Dublin
  • Frankfurt
  • Sydney
  • Tokyo

Create a Private Space

We can create a Private Space through the Heroku web UI or the Heroku CLI. The command for creating a Private Space via the CLI is:

heroku spaces:create name-of-space --team my-team --region sydney

Heroku spaces are created in private networks; therefore, we can also specify the CIDR range of the space.

heroku spaces:create–cidr --space name-of-space

We need to ensure that we enter a valid CIDR range. Keep in mind that only team administrators can manage CIDR ranges in spaces.

To confirm the space was created successfully, run the following command:

heroku spaces:info --space name-of-space

The above command displays the space information as follows:

=== name-of-space
ID:           12345678-abcd-1234-abcd-12345678abcd
Team:         my-team
Region:       Sydney, Australia
State:        allocated
Shield:       on
Outbound IPs:,,,
Created at:   2022-12-12T08:38:15Z

Enable Logging in Private Spaces

Private Spaces do not support Logplex. Therefore, integrating logging with Private Spaces requires you to set a third-party logging platform as your log destination.

After setting up a log destination, create a space and specify the log drain:

heroku spaces:create name-of-space --team my-team --region sydney --log-drain-url https://logdestination.example.com

Keep in mind that you cannot turn on logging for a Private Space after it has been created. You must specify the log destination when creating the Private Space.

To retrieve the log destination URL for a Private Space, run the following command:

heroku drains:get --space name-of-space

However, we can update the log drain URL, as shown below:

heroku drains:set https://logcabin.example.com --space name-of-space

Query Logs in Private Spaces

To query your logs for a Private Space, you’ll need to look to your third-party logging backend.

In part four of this series, we’ll cover how to send your Heroku logs (either from your Heroku app or Private Space) to CrowdStrike Falcon LogScale. Then, we’ll discuss querying in further detail.

Benefits of Private Space Logging

By utilizing logging in your Private Space, you can inspect logs from all apps, databases, and other components in the Private Space. Private Space logging provides isolation from other Heroku resources that are not part of the Private Space. This reduces the log noise, making it easier and faster to filter through logs.

Also, developers don’t need to do any log configuration. Private Space logging improves efficiency and reduces tedious tasks for developers. In turn, this allows them to focus on business logic and application code.

Limitations of Private Space Logging

Although Private Space logging offers several benefits to developers, it also has some limitations. First, the log drain URLs must be publicly accessible. You cannot use a log drain that is accessible only via a private connection.

Also, Logplex is disabled when using Private Spaces, so Heroku will not store any logs locally. However, this can be an advantage, as there will be no proxy between the log source and the destination when using drains.

Log your data with CrowdStrike Falcon Next-Gen SIEM

Elevate your cybersecurity with the CrowdStrike Falcon® platform, the premier AI-native platform for SIEM and log management. Experience security logging at a petabyte scale, choosing between cloud-native or self-hosted deployment options. Log your data with a powerful, index-free architecture, without bottlenecks, allowing threat hunting with over 1 PB of data ingestion per day. Ensure real-time search capabilities to outpace adversaries, achieving sub-second latency for complex queries. Benefit from 360-degree visibility, consolidating data to break down silos and enabling security, IT, and DevOps teams to hunt threats, monitor performance, and ensure compliance seamlessly across 3 billion events in less than 1 second.

Schedule Falcon Next-Gen SIEM Demo


Arfan Sharif is a product marketing lead for the Observability portfolio at CrowdStrike. He has over 15 years experience driving Log Management, ITOps, Observability, Security and CX solutions for companies such as Splunk, Genesys and Quest Software. Arfan graduated in Computer Science at Bucks and Chilterns University and has a career spanning across Product Marketing and Sales Engineering.