Default data retention is 30 days. Contact support to request a different retention period.
Before you begin: Collector-level ingestion
- Ingestion key from Phoebe (provided during onboarding)
- Outbound HTTPS (443) allowed to
ingest.phoebe.ai - (Recommended) A secrets manager or environment variables - avoid hard-coding keys in configs
Choosing an integration
| Provider | Collector-level Ingestion | API Access | Data Types |
|---|---|---|---|
| OpenTelemetry | ✓ | — | Logs, Metrics, Traces |
| AWS CloudWatch | ✓ | ✓ | Logs, Metrics |
| Grafana | ✓ | ✓ | Logs, Metrics, Traces |
| Datadog | ✓ | ✓ | Logs, Metrics, Traces |
| Google Cloud Platform | — | ✓ | Logs |
| New Relic | — | ✓ | Logs, Metrics, Traces |
Troubleshooting
Verifying ingestion
- Generate test data in the relevant system (log line, synthetic metric, or trace)
- Check sender logs (Collector/Firehose) for HTTP errors or backoffs
- Confirm with Phoebe - share the approximate timestamp and source so we can validate arrival
Common issues & fixes
Authentication (401/403)- Double-check the exact header name/value:
- OpenTelemetry:
X-API-Key: <key> - Firehose HTTP destination: configure the Access key to your Phoebe key
- Promtail:
X-API-Key: <key>in theheaderssection
- OpenTelemetry:
- Ensure no extra whitespace or quotes; prefer environment variables or secrets manager.
- Allow outbound HTTPS (443) to
ingest.phoebe.aifrom the sending network (EKS/ECS nodes, VMs, etc.) - Enable compression to reduce payload size (gzip)
- Tune buffering to keep chunks ≤ 5 MB
- For Firehose, reduce buffer size/interval to lower latency
- Verify the Phoebe exporter is listed in every relevant pipeline (logs, metrics, traces)
- Ensure you added an additional exporter rather than replacing existing ones
- Confirm endpoint is exactly
https://ingest.phoebe.ai/otel(no/v1prefix) - Check Collector logs for
otlphttp/phoebeexport errors and backoff messages
- Check the S3 failure bucket for recent objects; inspect payloads and error messages
- Verify:
- Firehose stream is Active
- IAM roles & policies (both Firehose and CloudWatch Logs) are correct
- CloudWatch subscription filters show Active
- Keep buffer size under 5 MB to avoid large payload failures
- Verify the Phoebe client is listed in the
clientssection with the correct URL (https://ingest.phoebe.ai/loki/api/v1/push). - Ensure
X-API-Keyheader is set correctly with your Phoebe ingestion key. - If using multiple destinations, confirm Phoebe is listed last to avoid blocking your primary destination.
- Check Promtail logs for connection errors or 4xx/5xx responses.
- Verify outbound HTTPS (443) to
ingest.phoebe.aiis allowed from the Promtail host.
- 2xx — accepted by Phoebe
- 4xx — fix configuration (keys/headers/endpoint/payload format)
- 5xx — transient; sender should retry (ensure retries/backoff are enabled)
Getting help
When contacting support, include:- Integration method (OpenTelemetry, Firehose, Promtail, or Prometheus)
- Sender logs with error snippets
- Approximate timestamp(s) and source (service name, Log Group, etc.)
- Confirmation that your ingestion key is configured and how it’s stored (env/secrets)
Security & operations best practices
- Don’t hard-code secrets. Use environment variables or a secrets manager and restrict read access
- TLS in transit. All endpoints use HTTPS. Ensure outbound proxies (if any) don’t downgrade TLS
- Right-sized batching. Smaller batches reduce latency and make retries cheaper; larger batches are more efficient for high-throughput logs. Start with 1–5 MB buffers
- Resource attributes matter. Ensure
service.name,deployment.environment, and (optionally)service.versionare present so investigations group data correctly - Backpressure & retries. Keep retries enabled with exponential backoff to ride out transient network hiccups