Docs Connect Components Catalog Inputs otlp_grpc otlp_grpc Page options Copy as Markdown Copied! View as plain text Ask AI about this topic Add MCP server to VS Code Type: Input ▼ InputOutput Available in: Cloud, Self-Managed License: This component requires an enterprise license. You can either upgrade to an Enterprise Edition license, or generate a trial license key that's valid for 30 days. Receive OpenTelemetry traces, logs, and metrics via OTLP/gRPC protocol. Introduced in version 4.78.0. Exposes an OpenTelemetry Collector gRPC receiver that accepts traces, logs, and metrics via gRPC. Telemetry data is received in OTLP protobuf format and converted to individual Redpanda OTEL v1 protobuf messages. Each signal (span, log record, or metric) becomes a separate message with embedded Resource and Scope metadata, optimized for Kafka partitioning. Common Advanced inputs: label: "" otlp_grpc: encoding: json address: 0.0.0.0:4317 rate_limit: "" inputs: label: "" otlp_grpc: encoding: json address: 0.0.0.0:4317 tls: enabled: false cert_file: "" key_file: "" auth_token: "" max_recv_msg_size: 4194304 rate_limit: "" tcp: reuse_addr: false reuse_port: false schema_registry: url: "" # No default (required) timeout: 5s tls: enabled: false skip_cert_verify: false enable_renegotiation: false root_cas: "" root_cas_file: "" client_certs: [] oauth: enabled: false consumer_key: "" consumer_secret: "" access_token: "" access_token_secret: "" basic_auth: enabled: false username: "" password: "" jwt: enabled: false private_key_file: "" signing_method: "" claims: {} headers: {} common_subject: "" trace_subject: "" log_subject: "" metric_subject: "" Protocols This input supports OTLP/gRPC on the default port 4317 using the standard OTLP protobuf format for all signal types (traces, logs, metrics). Output format Each OTLP export request is unbatched into individual messages: Traces: One message per span Logs: One message per log record Metrics: One message per metric Messages are encoded in Redpanda OTEL v1 protobuf format. Metadata This input adds the following metadata fields to each message: signal_type - The signal type: "trace", "log", or "metric" You can access these metadata fields using function interpolation. Authentication When auth_token is configured, clients must include the token in the gRPC metadata. Go client example import ( "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc" ) exporter, err := otlptracegrpc.New(ctx, otlptracegrpc.WithEndpoint("localhost:4317"), otlptracegrpc.WithInsecure(), // or WithTLSCredentials() for TLS otlptracegrpc.WithHeaders(map[string]string{ "authorization": "Bearer your-token-here", }), ) Environment variable export OTEL_EXPORTER_OTLP_HEADERS="authorization=Bearer your-token-here" Rate limiting An optional rate limit resource can be specified to throttle incoming requests. When the rate limit is breached, requests will receive a ResourceExhausted gRPC status code. Fields address The address to listen on for gRPC connections. Type: string Default: 0.0.0.0:4317 auth_token Optional bearer token for authentication. When set, requests must include 'authorization: Bearer <token>' metadata. This field contains sensitive information that usually shouldn’t be added to a configuration directly. For more information, see Secrets. Type: string Default: "" encoding Encoding format for messages in the batch. Options: 'protobuf' or 'json'. Type: string Default: json Options: protobuf, json max_recv_msg_size Maximum size of gRPC messages to receive in bytes. Type: int Default: 4194304 rate_limit An optional rate limit resource to throttle requests. Type: string Default: "" schema_registry Optional Schema Registry configuration for adding Schema Registry wire format headers to messages. Type: object schema_registry.basic_auth Allows you to specify basic authentication. Type: object schema_registry.basic_auth.enabled Whether to use basic authentication in requests. Type: bool Default: false schema_registry.basic_auth.password A password to authenticate with. This field contains sensitive information that usually shouldn’t be added to a configuration directly. For more information, see Secrets. Type: string Default: "" schema_registry.basic_auth.username A username to authenticate as. Type: string Default: "" schema_registry.common_subject Schema subject name for the common protobuf schema. Only used when encoding is 'protobuf'. Defaults to 'redpanda-otel-common' for protobuf encoding or 'redpanda-otel-common-json' for JSON encoding. Type: string Default: "" schema_registry.jwt Beta Allows you to specify JWT authentication. Type: object schema_registry.jwt.claims A value used to identify the claims that issued the JWT. Type: object Default: {} schema_registry.jwt.enabled Whether to use JWT authentication in requests. Type: bool Default: false schema_registry.jwt.headers Add optional key/value headers to the JWT. Type: object Default: {} schema_registry.jwt.private_key_file A file with the PEM encoded via PKCS1 or PKCS8 as private key. Type: string Default: "" schema_registry.jwt.signing_method A method used to sign the token such as RS256, RS384, RS512 or EdDSA. Type: string Default: "" schema_registry.log_subject Schema subject name for log data. Defaults to 'redpanda-otel-logs' for protobuf encoding or 'redpanda-otel-logs-json' for JSON encoding. Type: string Default: "" schema_registry.metric_subject Schema subject name for metric data. Defaults to 'redpanda-otel-metrics' for protobuf encoding or 'redpanda-otel-metrics-json' for JSON encoding. Type: string Default: "" schema_registry.oauth Allows you to specify open authentication via OAuth version 1. Type: object schema_registry.oauth.access_token A value used to gain access to the protected resources on behalf of the user. Type: string Default: "" schema_registry.oauth.access_token_secret A secret provided in order to establish ownership of a given access token. This field contains sensitive information that usually shouldn’t be added to a configuration directly. For more information, see Secrets. Type: string Default: "" schema_registry.oauth.consumer_key A value used to identify the client to the service provider. Type: string Default: "" schema_registry.oauth.consumer_secret A secret used to establish ownership of the consumer key. This field contains sensitive information that usually shouldn’t be added to a configuration directly. For more information, see Secrets. Type: string Default: "" schema_registry.oauth.enabled Whether to use OAuth version 1 in requests. Type: bool Default: false schema_registry.timeout HTTP client timeout for Schema Registry requests. Type: string Default: 5s schema_registry.tls Custom TLS settings can be used to override system defaults. Type: object schema_registry.tls.client_certs[] A list of client certificates to use. For each certificate either the fields cert and key, or cert_file and key_file should be specified, but not both. Type: object Default: [] # Examples: client_certs: - cert: foo key: bar # --- client_certs: - cert_file: ./example.pem key_file: ./example.key schema_registry.tls.client_certs[].cert A plain text certificate to use. Type: string Default: "" schema_registry.tls.client_certs[].cert_file The path of a certificate to use. Type: string Default: "" schema_registry.tls.client_certs[].key A plain text certificate key to use. This field contains sensitive information that usually shouldn’t be added to a configuration directly. For more information, see Secrets. Type: string Default: "" schema_registry.tls.client_certs[].key_file The path of a certificate key to use. Type: string Default: "" schema_registry.tls.client_certs[].password A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete pbeWithMD5AndDES-CBC algorithm is not supported for the PKCS#8 format. Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. This field contains sensitive information that usually shouldn’t be added to a configuration directly. For more information, see Secrets. Type: string Default: "" # Examples: password: foo # --- password: ${KEY_PASSWORD} schema_registry.tls.enable_renegotiation Whether to allow the remote server to repeatedly request renegotiation. Enable this option if you’re seeing the error message local error: tls: no renegotiation. Requires version 3.45.0 or later. Type: bool Default: false schema_registry.tls.enabled Whether custom TLS settings are enabled. Type: bool Default: false schema_registry.tls.root_cas An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. This field contains sensitive information that usually shouldn’t be added to a configuration directly. For more information, see Secrets. Type: string Default: "" # Examples: root_cas: |- -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- schema_registry.tls.root_cas_file An optional path of a root certificate authority file to use. This is a file, often with a .pem extension, containing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. Type: string Default: "" # Examples: root_cas_file: ./root_cas.pem schema_registry.tls.skip_cert_verify Whether to skip server side certificate verification. Type: bool Default: false schema_registry.trace_subject Schema subject name for trace data. Defaults to 'redpanda-otel-traces' for protobuf encoding or 'redpanda-otel-traces-json' for JSON encoding. Type: string Default: "" schema_registry.url Schema Registry URL for schema operations. Type: string # Examples: url: http://localhost:8081 tcp TCP listener socket configuration. Type: object tcp.reuse_addr Enable SO_REUSEADDR, allowing binding to ports in TIME_WAIT state. Useful for graceful restarts and config reloads where the server needs to rebind to the same port immediately after shutdown. Type: bool Default: false tcp.reuse_port Enable SO_REUSEPORT, allowing multiple sockets to bind to the same port for load balancing across multiple processes/threads. Type: bool Default: false tls TLS configuration for gRPC. Type: object tls.cert_file Path to the TLS certificate file. Type: string Default: "" tls.enabled Enable TLS connections. Type: bool Default: false tls.key_file Path to the TLS key file. Type: string Default: "" Back to top × Simple online edits For simple changes, such as fixing a typo, you can edit the content directly on GitHub. Edit on GitHub Or, open an issue to let us know about something that you want us to change. Open an issue Contribution guide For extensive content updates, or if you prefer to work locally, read our contribution guide . Was this helpful? thumb_up thumb_down group Ask in the community mail Share your feedback group_add Make a contribution 🎉 Thanks for your feedback! otlp_http parquet