Skip to main content
Phoebe uses two integration approaches: Context Lake ingestion and vendor API access. We recommend using both - ingestion enables better evidence retrieval, while API access fetches additional context such as dashboards.
Default data retention is 30 days. Contact support to request a different retention period.

Before you begin

  • Ingestion key from Phoebe (provided during onboarding)
  • Outbound HTTPS (443) allowed to ingest.phoebe.ai
  • (Recommended) A secrets manager or environment variables - avoid hard-coding keys in configs
Supported data types: Logs • Metrics • Traces
Recommended approach for comprehensive coverage and lowest operational overhead.

If your stack supports OTel, use this for Context Lake ingestion. Still configure API access for your provider below to enable dashboards and additional context.
OpenTelemetry works with any system that already uses an OTel Collector/Agent. Add Phoebe as an additional exporter so you keep your existing destinations and send a copy to Phoebe. Add a Phoebe OTLP/HTTP exporter and reference it in your pipelines. Using environment variables for the key is strongly encouraged. 
# --- opentelemetry-collector.yaml ---

exporters:
  # Your existing exporters (keep as-is)
  otlp/primary:
    endpoint: your-existing-endpoint

  # Phoebe exporter (OTLP over HTTP)
  otlphttp/phoebe:
    endpoint: https://ingest.phoebe.ai/otel
    headers:
      X-API-Key: ${PHOEBE_INGEST_KEY}
    compression: gzip
    timeout: 10s
    sending_queue:
      enabled: true
      num_consumers: 4
      queue_size: 1024
    retry_on_failure:
      enabled: true
      initial_interval: 5s
      max_interval: 30s
      max_elapsed_time: 5m

service:
  pipelines:
    logs:
      receivers: [your-existing-receivers]
      exporters: [otlp/primary, otlphttp/phoebe]
    metrics:
      receivers: [your-existing-receivers]
      exporters: [otlp/primary, otlphttp/phoebe]
    traces:
      receivers: [your-existing-receivers]
      exporters: [otlp/primary, otlphttp/phoebe]
Set ${PHOEBE_INGEST_KEY} securely via environment variables or your secrets manager. Avoid hard-coding secrets into config files.
Important: Add the Phoebe exporter in addition to your current exporters for each pipeline so data keeps flowing to existing systems.
Verify
  1. Restart/reload your Collector
  2. Check Collector logs for export activity or errors:
# Example for a containerized Collector
docker logs <collector-container> | grep -i "otlphttp/phoebe"
  1. Generate test telemetry (e.g., a sample trace or log event) and review for errors in the Collector logs. Contact support to confirm the records are visible in your Context Lake

Amazon Web Services

Supported data types: Logs • Metrics

Context Lake ingestion

Stream CloudWatch data to Phoebe using Amazon Data Firehose with an HTTP endpoint destination.
Prerequisites
  • Permissions to create IAM roles/policies, Firehose delivery streams, subscription filters, and (optionally) S3 buckets
  • Phoebe ingestion key
  • CloudWatch Log Groups to stream
Setup
1

Create (optional) S3 bucket for failures

Use this bucket for failed deliveries to aid troubleshooting.Example name: phoebe-log-stream-failures
2

Create a minimal-scope IAM role for Firehose

Firehose can auto-create a role, but a custom role limits permissions and improves security.
Policy (replace the bucket name if different):
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:AbortMultipartUpload",
        "s3:GetBucketLocation",
        "s3:GetObject",
        "s3:ListBucket",
        "s3:ListBucketMultipartUploads",
        "s3:PutObject"
      ],
      "Resource": [
        "arn:aws:s3:::phoebe-log-stream-failures",
        "arn:aws:s3:::phoebe-log-stream-failures/*"
      ]
    }
  ]
}
Trust policy for Firehose:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": { "Service": "firehose.amazonaws.com" },
      "Action": "sts:AssumeRole"
    }
  ]
}
3

Create a Firehose delivery stream (HTTP endpoint)

  • Source: Direct PUT
  • Destination: HTTP Endpoint
  • HTTP endpoint URL: https://ingest.phoebe.ai/aws/firehose/logs
  • Access key: your Phoebe ingestion key
Prefer storing the key in AWS Secrets Manager; grant Firehose read access.
  • Content encoding: GZIP
  • Retry duration: ~300 seconds (tune as needed)
S3 backup:
  • Mode: Failed data only
  • Bucket: the one you created for failures
Buffering:
  • Size: 1–5 MB (smaller = lower latency)
  • Interval: 60–300 s
Service access:
  • Choose the IAM role you created for Firehose.
4

Allow CloudWatch Logs to put records into Firehose

Create an IAM role for logs.amazonaws.com to call firehose:PutRecord* on your stream.Policy (replace REGION, ACCOUNT_ID, and stream name):
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["firehose:PutRecord","firehose:PutRecordBatch"],
      "Resource": "arn:aws:firehose:REGION:ACCOUNT_ID:deliverystream/phoebe-firehose-stream"
    }
  ]
}
Trust policy (CloudWatch Logs):
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": { "Service": "logs.amazonaws.com" },
      "Action": "sts:AssumeRole"
    }
  ]
}
5

Create CloudWatch Logs subscription filter(s)

For each Log Group you want to stream:
  • Destination: Amazon Data Firehose
  • Delivery stream: your Firehose stream
  • Role: the CloudWatch-to-Firehose role
  • Filter pattern: empty for all logs (or set a pattern to restrict)
6

Verify delivery

Generate a test event:
aws logs put-log-events \
  --log-group-name /your/log/group \
  --log-stream-name test-stream \
  --log-events timestamp=$(date +%s)000,message='{"test":"phoebe-firehose"}'
  • In Firehose → your stream → Monitoring, verify successful deliveries increase and failures remain zero.
  • Check the failure S3 bucket is empty (or inspect objects for errors).

API access

  1. Create IAM Role/User with CloudWatchReadOnlyAccess policy
  2. Generate access key and secret
  3. Enter credentials in the Integrations UI

Grafana

Supported data types: Logs • Metrics • Traces

Context Lake ingestion

ConfigurationAdd the Phoebe endpoint to the clients section of your Promtail configuration file (typically config.yaml or promtail.yaml).Single destinationIf you’re only sending logs to Phoebe:
clients:
  - url: https://ingest.phoebe.ai/loki/api/v1/push
    headers:
      X-API-Key: ${PHOEBE_INGEST_KEY}
Multiple destinations (recommended)If you need to send logs to both your own Loki instance and Phoebe, list Phoebe as the last client. Promtail sends logs to clients sequentially in the order they’re defined, so this ensures your primary destination receives logs first:
clients:
  # Your primary Loki instance - processed first
  - url: http://your-loki-instance:3100/loki/api/v1/push

  # Phoebe - processed last to avoid blocking your primary destination
  - url: https://ingest.phoebe.ai/loki/api/v1/push
    headers:
      X-API-Key: ${PHOEBE_INGEST_KEY}
Client ordering matters: Promtail sends logs to clients sequentially on a single thread. List your primary logging destination first to ensure it always receives logs with the lowest latency.
Headers set by Promtail itself (such as X-Scope-OrgID) cannot be overwritten using the headers configuration.
Verify
  1. Restart Promtail to apply the changes.
  2. Check Promtail logs for any connection errors.
  3. Contact Phoebe to confirm logs are being received in your Context Lake.

API access

  1. Create service account - In Grafana, go to Administration > Service accounts, click Add service account, name it (e.g., phoebe-integration), and assign Viewer role
  2. Generate token - Click on the service account, go to Tokens tab, click Add service account token, and copy immediately (it won’t be shown again)
    • Ensure the token has the required permissions for read access to Loki (logs), Prometheus/Mimir (metrics) and Tempo (traces)
  3. Find service identifiers - In Grafana Explore, select Loki, expand “Label filters” and look for labels that identify your services Service identifier examples:
    EnvironmentIdentifiers
    Standard["service_name"]
    Kubernetes["app_kubernetes_io_name", "app"]
    Docker Compose["container_name", "compose_service"]
    Custom["application_name", "service_id"]
    Without correct service identifiers, Phoebe cannot group logs by service. Test in Grafana Explore first with a query like {your_service_identifier="your-service-name"}.
  4. Enter credentials in the Integrations UI
Troubleshooting
IssueFix
No services discoveredCheck identifiers match exactly (case-sensitive) with Loki labels
Missing dataVerify token permissions by testing queries in Grafana
Connection errorsEnsure BASE_URL is accessible and includes protocol (https://)
For more details, see Grafana permissions documentation.

Datadog

Supported data types: Logs • Metrics • Traces

API access

  1. Create an API key in Datadog API settings
  2. Create an Application key in Datadog Application Keys
  3. Ensure the associated user/service account has these required permissions and scopes:
    • Read logs (Scopes required: logs_read_data, logs_read_index_data)
    • Access metrics (Scopes required: metrics_read, timeseries_query)
    • View traces (Scopes required: apm_read)
    • Read dashboard data (Scopes required: dashboards_read)
    • Read monitor data (Scopes required: monitors_read)
  4. Enter credentials in the Integrations UI

Google Cloud Platform

Supported data types: Logs

API access

  1. In GCP Console, create a new service account in IAM & Admin > Service Accounts and assign it with Logs Viewer role
  2. Create a new JSON key
  3. Enter credentials in the Integrations UI

New Relic

Supported data types: Logs • Metrics • Traces

API access

  1. Generate a User API key
  2. Find the Account ID from the API keys table
  3. Enter credentials in the Integrations UI

Troubleshooting

Verifying ingestion

  1. Generate test data in the relevant system (log line, synthetic metric, or trace)
  2. Check sender logs (Collector/Firehose) for HTTP errors or backoffs
  3. Confirm with Phoebe—share the approximate timestamp and source so we can validate arrival in your Context Lake

Common issues & fixes

Authentication (401/403)
  • Double-check the exact header name/value:
    • OpenTelemetry: X-API-Key: <key>
    • Firehose HTTP destination: configure the Access key to your Phoebe key
    • Promtail: X-API-Key: <key> in the headers section
  • Ensure no extra whitespace or quotes; prefer environment variables or secrets manager.
Connectivity / timeouts
  • Allow outbound HTTPS (443) to ingest.phoebe.ai from the sending network (EKS/ECS nodes, VMs, etc.)
  • Enable compression to reduce payload size (gzip)
  • Tune buffering to keep chunks ≤ 5 MB
  • For Firehose, reduce buffer size/interval to lower latency
OpenTelemetry data not appearing
  • Verify the Phoebe exporter is listed in every relevant pipeline (logs, metrics, traces)
  • Ensure you added an additional exporter rather than replacing existing ones
  • Confirm endpoint is exactly https://ingest.phoebe.ai/otel (no /v1 prefix)
  • Check Collector logs for otlphttp/phoebe export errors and backoff messages
Amazon Data Firehose delivery failures
  • Check the S3 failure bucket for recent objects; inspect payloads and error messages
  • Verify:
    • Firehose stream is Active
    • IAM roles & policies (both Firehose and CloudWatch Logs) are correct
    • CloudWatch subscription filters show Active
  • Keep buffer size under 5 MB to avoid large payload failures
Promtail logs not appearing
  • Verify the Phoebe client is listed in the clients section with the correct URL (https://ingest.phoebe.ai/loki/api/v1/push).
  • Ensure X-API-Key header is set correctly with your Phoebe ingestion key.
  • If using multiple destinations, confirm Phoebe is listed last to avoid blocking your primary destination.
  • Check Promtail logs for connection errors or 4xx/5xx responses.
  • Verify outbound HTTPS (443) to ingest.phoebe.ai is allowed from the Promtail host.
Helpful HTTP responses (at sender)
  • 2xx — accepted by Phoebe
  • 4xx — fix configuration (keys/headers/endpoint/payload format)
  • 5xx — transient; sender should retry (ensure retries/backoff are enabled)

Getting help

When contacting support, include:
  • Integration method (OpenTelemetry, Firehose, Promtail, or Prometheus)
  • Sender logs with error snippets
  • Approximate timestamp(s) and source (service name, Log Group, etc.)
  • Confirmation that your ingestion key is configured and how it’s stored (env/secrets)

Appendix: Security & operations best practices

  • Don’t hard-code secrets. Use environment variables or a secrets manager and restrict read access
  • TLS in transit. All endpoints use HTTPS. Ensure outbound proxies (if any) don’t downgrade TLS
  • Right-sized batching. Smaller batches reduce latency and make retries cheaper; larger batches are more efficient for high-throughput logs. Start with 1–5 MB buffers
  • Resource attributes matter. Ensure service.name, deployment.environment, and (optionally) service.version are present so investigations group data correctly
  • Backpressure & retries. Keep retries enabled with exponential backoff to ride out transient network hiccups