Open Telemetry - OTLP

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Open Telemetry - OTLP

L0 Member

Has any XSIAM tenant had a plan to utilize OpenTelemetry Collectors to populate data into a VM Broker or any other method to utilize logs sourced via OTLP?   Technically could convert the OTLP to syslog out to VMBroker but not sure yet what is lost in that. 

 

1 REPLY 1

L1 Bithead

Nothing native for OTLP today, the Broker VM applet list is things like Syslog Collector, Kafka Collector, Database Collector, etc. No OTLP/gRPC applet.

Converting to syslog is really your only option right now, and yeah, you will lose stuff — the structured OTEL resource/attribute metadata (semantic conventions, trace/span IDs) gets flattened into a text line, so you're back to parsing it with a normalization rule like any other log source. If you need trace/span correlation preserved, syslog won't get you there.

  • 34 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!