Learn concepts and best practices for sending logs to Cloud Observability.

Access to Cloud Observability Logging is available on request. Reach out to your Account Manager to get started.


Send logs to Cloud Observability with tools such as Logstash, OpenTelemetry Collector, and Vector. Visit Log integrations for the list of integrations and setup instructions.

Best practices

Before sending logs to Cloud Observability, review the sections below to optimize your logging experience.

Log body tokenization

Cloud Observability tokenizes only the body field of a log. It parses the field value and stores it as distinct strings. For example, Cloud Observability stores body="space launch" as body=["space","launch"].

Cloud Observability tokenizes this field to improve query performance and help you find information. For example, Cloud Observability’s logs tab lets you search body in the search box and filter untokenized fields in the sidebar.

If you can’t change the field name to body and want to use a different field name, contact your customer success representative about field remapping.

Connect logs to traces

To help you explore and resolve issues, Cloud Observability lets you connect logs and traces in the logs tab and Trace view.

To use those features, when sending log data to Cloud Observability, include span IDs in one of the field keys below. Example: span_id=25bd1104506ec466.

  • span_id
  • SpanId
  • tags.span_id

How it works

Click the tabs to learn about logging authorization, indexing, and ingest format.

  • Access tokens let users and tools send data to Cloud Observability.

    Access tokens are project-specific. You create access tokens in a project. And you include them in API requests or tool configurations to send data to that project.

    There are two ways to configure access tokens in requests:

    • Set the access token in a CloudObs-Access-Token header.
    • Using basic authentication, set the access token as the password.

      Cloud Observability Logs ignores the username, so you can set it to anything, for example, HTTP_User spacecat.

  • Indexes are a collection of logs. Indexes, as Elasticsearch uses them, are equivalent to projects in Cloud Observability.

    When sending data to Cloud Observability in the Elasticsearch format, your access token identifies the project. If you must include an index name, set the name to anything you want – Cloud Observability ignores the setting.

  • Cloud Observability Logs supports Elasticsearch’s Bulk API format for ingesting logs. Several integrations rely on existing Elasticsearch output exporters, plugins, and sinks.

See also

Log integrations

Explore logs

Get started with UQL log queries

Updated Sep 14, 2023