Cloud

otlp_http

Type:

Available in: Cloud, Self-Managed

Send OpenTelemetry traces, logs, and metrics via OTLP/HTTP protocol.

Sends OpenTelemetry telemetry data to a remote collector via OTLP/HTTP protocol.

Accepts batches of Redpanda OTEL v1 protobuf messages (spans, log records, or metrics) and converts them to OTLP format for transmission to OpenTelemetry collectors.

  • Common

  • Advanced

outputs:
  label: ""
  otlp_http:
    endpoint: "" # No default (required)
    max_in_flight: 64
outputs:
  label: ""
  otlp_http:
    endpoint: "" # No default (required)
    content_type: protobuf
    headers: {}
    timeout: 30s
    proxy_url: ""
    follow_redirects: false
    disable_http2: false
    tls:
      enabled: false
      skip_cert_verify: false
      cert_file: ""
      key_file: ""
    tcp:
      connect_timeout: 0s
      keep_alive:
        idle: 15s
        interval: 15s
        count: 9
      tcp_user_timeout: 0s
    oauth:
      enabled: false
      consumer_key: ""
      consumer_secret: ""
      access_token: ""
      access_token_secret: ""
    basic_auth:
      enabled: false
      username: ""
      password: ""
    jwt:
      enabled: false
      private_key_file: ""
      signing_method: ""
      claims: {}
      headers: {}
    oauth2:
      enabled: false
      client_key: ""
      client_secret: ""
      token_url: ""
      scopes: []
      endpoint_params: {}
    max_in_flight: 64

Input format

Expects messages in Redpanda OTEL v1 protobuf format with metadata:

  • signal_type: "trace", "log", or "metric"

Each batch must contain messages of the same signal type. The entire batch is converted to a single OTLP export request and sent via HTTP POST.

Endpoints

The output automatically appends the signal type path to the base endpoint:

  • Traces: {endpoint}/v1/traces

  • Logs: {endpoint}/v1/logs

  • Metrics: {endpoint}/v1/metrics

Content types

Supports two content types:

  • protobuf (default): application/x-protobuf

  • json: application/json

Authentication

Supports multiple authentication methods:

  • Basic authentication

  • OAuth v1

  • OAuth v2

  • JWT

Fields

basic_auth

Allows you to specify basic authentication.

Type: object

basic_auth.enabled

Whether to use basic authentication in requests.

Type: bool

Default: false

basic_auth.password

A password to authenticate with.

This field contains sensitive information that usually shouldn’t be added to a configuration directly. For more information, see Manage Secrets before adding it to your configuration.

Type: string

Default: ""

basic_auth.username

A username to authenticate as.

Type: string

Default: ""

content_type

Content type for HTTP requests. Options: 'protobuf' or 'json'.

Type: string

Default: protobuf

Options: protobuf, json

disable_http2

Whether or not to disable HTTP/2.

Type: bool

Default: false

endpoint

The HTTP endpoint of the remote OTLP collector (without the signal path).

Type: string

follow_redirects

Transparently follow redirects, i.e. responses with 300-399 status codes. If disabled, the response message will contain the body, status, and headers from the redirect response and the processor will not make a request to the URL set in the Location header of the response.

Type: bool

Default: false

headers

A map of headers to add to the request.

This field supports interpolation functions.

Type: string

Default: {}

# Examples:
headers:
  X-Custom-Header: value
  traceparent: ${! tracing_span().traceparent }

jwt

Beta

Allows you to specify JWT authentication.

Type: object

jwt.claims

A value used to identify the claims that issued the JWT.

Type: object

Default: {}

jwt.enabled

Whether to use JWT authentication in requests.

Type: bool

Default: false

jwt.headers

Add optional key/value headers to the JWT.

Type: object

Default: {}

jwt.private_key_file

A file with the PEM encoded via PKCS1 or PKCS8 as private key.

Type: string

Default: ""

jwt.signing_method

A method used to sign the token such as RS256, RS384, RS512 or EdDSA.

Type: string

Default: ""

max_in_flight

The maximum number of messages to have in flight at a given time. Increase this to improve throughput.

Type: int

Default: 64

oauth

Allows you to specify open authentication via OAuth version 1.

Type: object

oauth.access_token

A value used to gain access to the protected resources on behalf of the user.

Type: string

Default: ""

oauth.access_token_secret

A secret provided in order to establish ownership of a given access token.

This field contains sensitive information that usually shouldn’t be added to a configuration directly. For more information, see Manage Secrets before adding it to your configuration.

Type: string

Default: ""

oauth.consumer_key

A value used to identify the client to the service provider.

Type: string

Default: ""

oauth.consumer_secret

A secret used to establish ownership of the consumer key.

This field contains sensitive information that usually shouldn’t be added to a configuration directly. For more information, see Manage Secrets before adding it to your configuration.

Type: string

Default: ""

oauth.enabled

Whether to use OAuth version 1 in requests.

Type: bool

Default: false

oauth2

Allows you to specify open authentication via OAuth version 2 using the client credentials token flow.

Type: object

oauth2.client_key

A value used to identify the client to the token provider.

Type: string

Default: ""

oauth2.client_secret

A secret used to establish ownership of the client key.

This field contains sensitive information that usually shouldn’t be added to a configuration directly. For more information, see Manage Secrets before adding it to your configuration.

Type: string

Default: ""

oauth2.enabled

Whether to use OAuth version 2 in requests.

Type: bool

Default: false

oauth2.endpoint_params

A list of optional endpoint parameters, values should be arrays of strings.

Type: object

Default: {}

# Examples:
endpoint_params:
  audience:
    - https://example.com
  resource:
    - https://api.example.com

oauth2.scopes[]

A list of optional requested permissions.

Type: array

Default: []

oauth2.token_url

The URL of the token provider.

Type: string

Default: ""

proxy_url

An optional HTTP proxy URL.

Type: string

Default: ""

tcp

TCP socket configuration.

Type: object

tcp.connect_timeout

Maximum amount of time a dial will wait for a connect to complete. Zero disables.

Type: string

Default: 0s

tcp.keep_alive

TCP keep-alive probe configuration.

Type: object

tcp.keep_alive.count

Maximum unanswered keep-alive probes before dropping the connection. Zero defaults to 9.

Type: int

Default: 9

tcp.keep_alive.idle

Duration the connection must be idle before sending the first keep-alive probe. Zero defaults to 15s. Negative values disable keep-alive probes.

Type: string

Default: 15s

tcp.keep_alive.interval

Duration between keep-alive probes. Zero defaults to 15s.

Type: string

Default: 15s

tcp.tcp_user_timeout

Maximum time to wait for acknowledgment of transmitted data before killing the connection. Linux-only (kernel 2.6.37+), ignored on other platforms. When enabled, keep_alive.idle must be greater than this value per RFC 5482. Zero disables.

Type: string

Default: 0s

timeout

Timeout for HTTP requests.

Type: string

Default: 30s

tls

TLS configuration for HTTP client.

Type: object

tls.cert_file

Path to the TLS certificate file for client authentication.

Type: string

Default: ""

tls.enabled

Enable TLS connections.

Type: bool

Default: false

tls.key_file

Path to the TLS key file for client authentication.

Type: string

Default: ""

tls.skip_cert_verify

Skip certificate verification (insecure).

Type: bool

Default: false