PricingSign inRequest a Demo

SUSE Observability

Send logs, metrics, and traces to SUSE Cloud Observability or self-hosted SUSE Observability using the OpenTelemetry Protocol (OTLP).

Supported Telemetry Types

Logs
Metrics
Traces

Prerequisites

  • SUSE Cloud Observability account or self-hosted SUSE Observability instance deployed

  • API key or bearer token for authentication

  • Network connectivity from your Bindplane agent to the SUSE Observability endpoint

  • For self-hosted deployments, appropriate OTLP endpoints configured in ingress (or in-cluster HTTP access available)

For more information, see the SUSE Observability documentation.

Configuration

Basic Configuration

Parameter
Description
Default
Required

Environment

Choose between SUSE Cloud Observability (SaaS) or self-hosted instance

cloud

Yes

Instance Name (Cloud only)

The instance name from your cloud endpoint (e.g., for otlp-myinstance.app.stackstate.io, enter myinstance)

Yes

Endpoint (Self-hosted only)

The SUSE Observability endpoint. For in-cluster, use suse-observability-otel-collector.<namespace>.svc.cluster.local

suse-observability-otel-collector.default.svc.cluster.local

Yes

Protocol

OTLP protocol (gRPC recommended for better performance)

grpc

Yes

API Key

Authentication token for SUSE Observability

Yes

Advanced Configuration

TLS Configuration

Parameter
Description
Default

Enable TLS

Use TLS for the connection. Enabled by default for cloud deployments

true

Skip TLS Certificate Verification

Skip server certificate verification (not recommended for production)

false

TLS Certificate Authority File

Path to CA certificate for server verification

Server Name Override

Virtual hostname for TLS verification

Mutual TLS

Enable client certificate authentication

false

TLS Client Certificate File

Path to client certificate for mTLS

TLS Client Private Key

Path to client private key for mTLS

Compression and Headers

Parameter
Description
Default

gRPC Compression

Compression algorithm for gRPC (none, gzip, snappy, zstd)

gzip

HTTP Compression

Compression algorithm for HTTP (none, gzip, deflate, snappy, zlib, zstd)

gzip

Additional Headers

Custom HTTP headers to attach to each request

{}

Path Prefix (HTTP only)

Optional path prefix for HTTP endpoints

Timeout

Timeout in seconds for sending batches

30

Batching, Retry, and Queuing

Parameter
Description
Default

Enable Batching

Batch telemetry data before sending

true

Send Batch Size

Number of items after which a batch is sent

8192

Batch Timeout

Duration after which a batch is sent regardless of size

200ms

Enable Retry on Failure

Retry failed transmissions

true

Enable Sending Queue

Buffer data in memory before sending

true

Enable Persistent Queuing

Buffer data to disk for durability during outages

true

Persistent Queue Directory

Directory for disk-buffered data

${OIQ_OTEL_COLLECTOR_HOME}/storage

Configuration Tips

Environment and Protocol Selection

  • Cloud vs. Self-hosted: Use "Cloud" for SUSE Cloud Observability SaaS, or "Self-hosted" for on-premises deployments

  • gRPC vs. HTTP: gRPC is preferred for higher throughput and larger payloads; use HTTP if behind restrictive firewalls or proxies

  • In-cluster deployments: For self-hosted instances in the same Kubernetes cluster, use HTTP with insecure mode (disable TLS) and the in-cluster service endpoint

Authentication and Security

  • API keys must be valid bearer tokens for your SUSE Observability instance

  • In production, always enable TLS and provide a CA certificate rather than skipping verification

  • Store API keys securely using environment variables or secret management systems

  • For mTLS, ensure client certificate and key files are readable by the Bindplane agent process

Performance Tuning

  • Enable Persistent Queuing for mission-critical telemetry to prevent data loss during outages

  • Increase Queue Size (default 5000) if queues consistently fill during traffic spikes

  • For high-throughput scenarios, use gRPC with compression (gzip or snappy) to reduce bandwidth

  • Monitor queue depth in agent logs to identify bottlenecks

Troubleshooting

Connection Failures

Symptoms: Connection timeout or "connection refused" errors

Solutions:

  • Verify the instance name or endpoint is correct and reachable from your network

  • Confirm API key is valid and not expired

  • For self-hosted, ensure OTLP ingress is configured or HTTP service is accessible

  • Test network connectivity: telnet <hostname> <port> (4317 for gRPC, 4318 for HTTP)

TLS and Certificate Errors

Symptoms: "certificate verify failed" or "x509: certificate signed by unknown authority"

Solutions:

  • Verify CA certificate path exists and is readable by the agent process

  • Check certificate validity with openssl x509 -in <cert> -noout -dates

  • For self-signed certificates, ensure the CA certificate is provided

  • Temporarily disable certificate verification only for testing (set Skip TLS Certificate Verification to true)

Authentication Failures

Symptoms: "401 Unauthorized" or "unauthenticated" errors

Solutions:

  • Confirm API key is correct and has not been revoked

  • Verify the bearer token scheme is properly configured

  • Ensure credentials are transmitted only over TLS (never HTTP)

  • Check that the API key is properly formatted and does not contain extra whitespace

Related Resources

PreviousSumo LogicNextWebhook

Last updated

Was this helpful?