Connecting Providers

Each observability provider requires a connection with credentials. Connections are managed from Organization Settings > Integrations.

Prometheus

Prometheus connections require a base URL pointing to your Prometheus server's API.

1. Go to Integrations and find the Prometheus card.
2. Click Connect and enter:
   • Display name — A label for this connection (e.g., "Production Prometheus")
   • Base URL — Your Prometheus server URL (e.g., https://prometheus.example.com)
   • Authentication — Choose None, Basic (username/password), or Bearer Token
3. Click Test Connection to verify reachability.
4. Click Save.

Grafana Loki

Loki connections support log querying via LogQL.

1. Find the Loki card in Integrations.
2. Click Connect and enter:
   • Display name — A label for this connection
   • Base URL — Your Loki API URL (e.g., https://loki.example.com)
   • Authentication — None, Basic, or Bearer Token
3. Test and save.

Datadog

Datadog connections use API and Application keys. BlameTrail connects to the Datadog API for both metrics and log queries.

1. Find the Datadog card in Integrations.
2. Click Connect and enter:
   • Display name — A label for this connection
   • Datadog site — Select your Datadog site (e.g., datadoghq.com, datadoghq.eu)
   • API Key — Your Datadog API key
   • Application Key — Your Datadog Application key
3. Test and save.

To create API and Application keys, go to Datadog > Organization Settings > API Keys and Application Keys.

AWS CloudWatch

CloudWatch connections use AWS IAM credentials to query both CloudWatch Metrics and CloudWatch Logs Insights.

1. Find the AWS CloudWatch card in Integrations.
2. Click Connect and enter:
   • Display name — A label for this connection
   • Access Key ID — Your AWS IAM access key
   • Secret Access Key — Your AWS IAM secret key
   • Region — The AWS region to query (e.g., us-east-1)
3. Test and save.

The IAM user or role needs at minimum: cloudwatch:GetMetricData, logs:StartQuery, logs:GetQueryResults, and sts:GetCallerIdentity permissions.

Tempo

Tempo connections query the Grafana Tempo HTTP API for distributed traces.

1. Find the Tempo card in Integrations.
2. Click Connect and enter:
   • Display name — A label for this connection
   • Base URL — Your Tempo API URL (e.g., https://tempo.example.com:3200)
   • Authentication — None, Basic (username/password), or Bearer Token
3. Test and save.

Jaeger

Jaeger connections query the Jaeger HTTP API for distributed traces.

1. Find the Jaeger card in Integrations.
2. Click Connect and enter:
   • Display name — A label for this connection
   • Base URL — Your Jaeger Query API URL (e.g., https://jaeger.example.com:16686)
   • Authentication — None, Basic, or Bearer Token
3. Test and save.

Honeycomb

Honeycomb connections use an API key to query traces via the Honeycomb Query API.

1. Find the Honeycomb card in Integrations.
2. Click Connect and enter:
   • Display name — A label for this connection
   • Base URL — Leave blank for the default (https://api.honeycomb.io), or enter a custom endpoint
   • API Key — Your Honeycomb API key
   • Dataset — The Honeycomb dataset to query. Leave as All datasets for Environment-based accounts, or select a specific classic dataset
3. Test and save.

To create an API key, go to Honeycomb > Team Settings > API Keys and create a key with query permissions.

New Relic

New Relic connections use an API key to query traces via NRQL and the Trace API.

1. Find the New Relic card in Integrations.
2. Click Connect and enter:
   • Display name — A label for this connection
   • Base URL — Leave blank for the default, or enter a custom endpoint
   • API Key — Your New Relic User API key (NRAK-...)
   • Account ID — Your New Relic account ID
3. Test and save.

Elastic APM

Elastic APM connections query the Elasticsearch APM indices for distributed traces.

1. Find the Elastic APM card in Integrations.
2. Click Connect and enter:
   • Display name — A label for this connection
   • Base URL — Your Elasticsearch URL (e.g., https://elasticsearch.example.com:9200)
   • API Key — Your Elasticsearch API key
   • Index Pattern — The APM index pattern (default: apm-*-span-*,apm-*-transaction-*)
3. Test and save.

AWS X-Ray

AWS X-Ray connections use IAM credentials to query distributed traces via the X-Ray API.

1. Find the AWS X-Ray card in Integrations.
2. Click Connect and enter:
   • Display name — A label for this connection
   • Access Key ID — Your AWS IAM access key
   • Secret Access Key — Your AWS IAM secret key
   • Region — The AWS region to query (e.g., us-east-1)
3. Test and save.

The IAM user or role needs at minimum: xray:GetTraceSummaries, xray:BatchGetTraces, and sts:GetCallerIdentity permissions.

Lightstep

Lightstep (ServiceNow Cloud Observability) connections use an API key to query traces via the Lightstep public API.

1. Find the Lightstep card in Integrations.
2. Click Connect and enter:
   • Display name — A label for this connection
   • Base URL — Leave blank for the default (https://api.lightstep.com), or enter a custom endpoint
   • API Key — Your Lightstep API key
   • Organization — Your Lightstep organization name
   • Project — Your Lightstep project name
3. Test and save.

Connection health

After creating a connection, BlameTrail periodically checks its health. You can also manually test a connection at any time from the connection detail panel. Health check results are shown on the Integrations page.

Credential storage

All provider credentials are encrypted at rest using AES-256-GCM before being stored. Credentials are only decrypted at query time and are never logged or included in API responses.