> ## Documentation Index
> Fetch the complete documentation index at: https://opensre.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# OpenObserve

> Connect OpenObserve so OpenSRE can pull structured log and trace evidence during investigations

When something breaks, you want to know *why* — and logs tell that story. OpenSRE connects to OpenObserve to retrieve log and trace data that helps explain what was happening when an alert fired, making it easier to correlate errors, anomalies, and service interactions during investigations.

## What you need

* An OpenObserve instance (self-hosted or cloud-hosted)
* An OpenObserve access token
* The URL of your OpenObserve deployment
* Access to the organization you want OpenSRE to query

## Getting set up

### Guided setup

Start here if you want step-by-step guidance:

```bash theme={null}
opensre integrations setup
```

Select **OpenObserve** and enter your OpenObserve credentials when prompted.

### Manual setup with environment variables

Or add these to your `.env` file:

```bash theme={null}
OPENOBSERVE_URL=https://openobserve.example.com
OPENOBSERVE_TOKEN=your_access_token
OPENOBSERVE_ORG=default
OPENOBSERVE_STREAM=logs
OPENOBSERVE_MAX_RESULTS=100
```

| Variable                  | Default   | Description                                    |
| ------------------------- | --------- | ---------------------------------------------- |
| `OPENOBSERVE_URL`         | —         | **Required.** URL of your OpenObserve instance |
| `OPENOBSERVE_TOKEN`       | —         | **Required.** Authentication token             |
| `OPENOBSERVE_ORG`         | `default` | Organization name                              |
| `OPENOBSERVE_STREAM`      | *(empty)* | Optional stream to query                       |
| `OPENOBSERVE_MAX_RESULTS` | `100`     | Maximum number of results returned             |

### Alternative authentication

If your OpenObserve deployment uses username/password authentication instead of tokens, you can configure:

```bash theme={null}
OPENOBSERVE_USERNAME=your_username
OPENOBSERVE_PASSWORD=your_password
OPENOBSERVE_ORG=default
```

Use either token-based authentication or username/password authentication depending on your OpenObserve deployment.

### Option 3: Persistent store

```json theme={null}
{
  "version": 1,
  "integrations": [
    {
      "id": "openobserve-prod",
      "service": "openobserve",
      "status": "active",
      "credentials": {
        "url": "https://openobserve.example.com",
        "token": "your_access_token",
        "org": "default"
      }
    }
  ]
}
```

## Finding your OpenObserve credentials

1. Log in to your OpenObserve instance
2. Navigate to your user or organization settings
3. Create or retrieve an access token
4. Copy your OpenObserve URL
5. Note the organization name you want OpenSRE to query
6. Add these values to your OpenSRE configuration

## What OpenSRE can query

Once connected, OpenSRE can search across:

* **Logs** — Search by timestamp, service name, log level, and message content
* **Traces** — Investigate spans, follow distributed traces, and analyze latency
* **Metrics** — Query observability metrics stored in OpenObserve

<Info>
  Use a token with the minimum permissions required for investigation workflows whenever possible.
</Info>

## Test your connection

Make sure everything is configured correctly:

```bash theme={null}
opensre integrations verify openobserve
```

Expected output:

```
Service: openobserve
Status: passed
Detail: Configured for OpenObserve at https://openobserve.example.com
```

## Troubleshooting

| Symptom                | Fix                                                                                                                   |
| ---------------------- | --------------------------------------------------------------------------------------------------------------------- |
| **401 Unauthorized**   | Regenerate the access token or confirm username/password credentials.                                                 |
| **404 on query**       | Check `OPENOBSERVE_ORG` matches your organization slug. Verify the stream name if `OPENOBSERVE_STREAM` is set.        |
| **Connection refused** | Confirm `OPENOBSERVE_URL` includes the correct protocol and port. Ensure network access from OpenSRE to the instance. |
| **Empty log results**  | Widen the time range in the investigation query. Confirm logs are ingested into the target stream.                    |
