--- title: "OpenObserve" description: "Connect OpenObserve so OpenSRE can pull structured log and trace evidence during investigations" --- When something breaks, you want to know *why* — and logs tell that story. OpenSRE connects to OpenObserve to retrieve log and trace data that helps explain what was happening when an alert fired, making it easier to correlate errors, anomalies, and service interactions during investigations. ## What you need * An OpenObserve instance (self-hosted or cloud-hosted) * An OpenObserve access token * The URL of your OpenObserve deployment * Access to the organization you want OpenSRE to query ## Getting set up ### Guided setup Start here if you want step-by-step guidance: ```bash opensre integrations setup ``` Select **OpenObserve** and enter your OpenObserve credentials when prompted. ### Manual setup with environment variables Or add these to your `.env` file: ```bash OPENOBSERVE_URL=https://openobserve.example.com OPENOBSERVE_TOKEN=your_access_token OPENOBSERVE_ORG=default OPENOBSERVE_STREAM=logs OPENOBSERVE_MAX_RESULTS=100 ``` | Variable | Default | Description | | ------------------------- | --------- | ---------------------------------------------- | | `OPENOBSERVE_URL` | — | **Required.** URL of your OpenObserve instance | | `OPENOBSERVE_TOKEN` | — | **Required.** Authentication token | | `OPENOBSERVE_ORG` | `default` | Organization name | | `OPENOBSERVE_STREAM` | *(empty)* | Optional stream to query | | `OPENOBSERVE_MAX_RESULTS` | `100` | Maximum number of results returned | ### Alternative authentication If your OpenObserve deployment uses username/password authentication instead of tokens, you can configure: ```bash OPENOBSERVE_USERNAME=your_username OPENOBSERVE_PASSWORD=your_password OPENOBSERVE_ORG=default ``` Use either token-based authentication or username/password authentication depending on your OpenObserve deployment. ### Option 3: Persistent store ```json { "version": 1, "integrations": [ { "id": "openobserve-prod", "service": "openobserve", "status": "active", "credentials": { "url": "https://openobserve.example.com", "token": "your_access_token", "org": "default" } } ] } ``` ## Finding your OpenObserve credentials 1. Log in to your OpenObserve instance 2. Navigate to your user or organization settings 3. Create or retrieve an access token 4. Copy your OpenObserve URL 5. Note the organization name you want OpenSRE to query 6. Add these values to your OpenSRE configuration ## What OpenSRE can query Once connected, OpenSRE can search across: * **Logs** — Search by timestamp, service name, log level, and message content * **Traces** — Investigate spans, follow distributed traces, and analyze latency * **Metrics** — Query observability metrics stored in OpenObserve Use a token with the minimum permissions required for investigation workflows whenever possible. ## Test your connection Make sure everything is configured correctly: ```bash opensre integrations verify openobserve ``` Expected output: ``` Service: openobserve Status: passed Detail: Configured for OpenObserve at https://openobserve.example.com ``` ## Troubleshooting | Symptom | Fix | | --- | --- | | **401 Unauthorized** | Regenerate the access token or confirm username/password credentials. | | **404 on query** | Check `OPENOBSERVE_ORG` matches your organization slug. Verify the stream name if `OPENOBSERVE_STREAM` is set. | | **Connection refused** | Confirm `OPENOBSERVE_URL` includes the correct protocol and port. Ensure network access from OpenSRE to the instance. | | **Empty log results** | Widen the time range in the investigation query. Confirm logs are ingested into the target stream. |