SUSE Observability Open Telemetry Protocol support

SUSE Observability supports 2 versions of the OTLP protocol, the grpc version (also referred to as OTLP) and http/protobuf (also referred to as OTLP over HTTP). In the collector configuration you can choose which exporter to use, but make sure to configure the correcct URL for SUSE Observability. The grpc version of the protocol is preferred, it allows for larger payloads and higher throughput. But in case of poor support for grpc in your infrastructure you can switch to the HTTP version. See also troubleshooting

SUSE Cloud Observability

The endpoints for SUSE Cloud Observability are:

  • OTLP: otlp-<your-suse-observability>.app.stackstate.io:443 (without the URL scheme)

  • OTLP over HTTP: https://otlp-http-<your-suse-observability>.app.stackstate.io (with the URL scheme: https)

Self-hosted SUSE Observability

For a self-hosted installation you need to enable one of the endpoints, or both, by configuring the ingress for SUSE Observability as described here.

When SUSE Observability is running in the same cluster as the collector you can also use it without ingress by using the service endpoints, however this is only possible using the HTTP protocol:

  • OTLP over HTTP: http://suse-observability-otel-collector.<namespace>.svc.cluster.local:4318

Make sure to set insecure: true in the collector configuration (see next section) to allow the usage of plain http endpoints instead of https.

The GRPC protocol does not support sending credentials over an insecure connection, therefore you can only use it in combination with a secure ingress setup.

Collector configuration

OTLP protocol

The examples in the collector configuration use the OTLP protocol like this:

extensions:
  bearertokenauth:
    scheme: SUSEObservability
    token: "${env:API_KEY}"
exporters:
  otlp/suse-observability:
    auth:
      authenticator: bearertokenauth
    # Put in your own otlp endpoint, for example otlp-suse-observability.my.company.com:443
    endpoint: <otlp-suse-observability-endpoint>
    # Optional TLS configurations:
    #tls:
    # To disable certificate verification (but still use TLS):
    #  insecure_skip_verify: true

OTLP HTTP protocol

To use the OTLP over HTTP protocol instead use the otlphttp exporter instead. Also update all exporter references in your pipelines from otlp/suse-observability to otlphttp/suse-observability! Use a find/replace to make sure you change all occurrences.

extensions:
  bearertokenauth:
    scheme: SUSEObservability
    token: "${env:API_KEY}"
exporters:
  otlphttp/stackstate:
    auth:
      authenticator: bearertokenauth
    # Put in your own otlp-http endpoint, for example https://otlp-http-suse-observability.my.company.com:443
    endpoint: <otlp-http-suse-observability-endpoint>
    # Optional TLS configurations:
    #tls:
    # To disable TLS entirely:
    #  insecure: true
    # To disalbe certificate verification (but still use TLS):
    #  insecure_skip_verify: true

There is more configuration available to control the exact requirements and behavior of the exporter. For example it is also possible to use a custom CA root certificate or to enable client certificates. See the OTLP exporter documentation for the details.