OpenTelemetry (OTLP)
Ingest OpenTelemetry logs that have been uploaded to object storage as JSON.
Ingest Methods
RunReveal offers the following ways to ingest OpenTelemetry (OTLP) logs:
- AWS S3 Bucket
- AWS S3 Bucket with Custom SQS
- Azure Storage Account
- Google Cloud Storage
- Cloudflare R2 Bucket
If using an AWS S3 bucket use the following SNS topic ARN to send your bucket notifications.
arn:aws:sns:<REGION>:253602268883:runreveal_otlp_jsonReplace <REGION> with the AWS region where your S3 bucket is located (e.g., us-east-1, us-west-2, eu-west-1).
Schema
The following columns are exposed for this source. RunReveal applies schema normalization across all sources, ensuring uniform field names and data types for cross-source queries and reusable detection logic.
Table: runreveal_logs (22 columns)
runreveal_logs (22 columns)| Column | Type |
|---|---|
id | String |
receivedAt | DateTime |
workspaceID | String |
sourceType | String |
sourceID | String |
eventID | String |
eventName | String |
eventTime | DateTime |
readOnly | Bool |
srcIP | String |
resources | Array(String) |
serviceName | String |
srcASOrganization | Nullable(String) |
srcASNumber | Nullable(UInt32) |
srcASCountryCode | Nullable(String) |
dstIP | String |
dstASOrganization | Nullable(String) |
dstASNumber | Nullable(UInt32) |
dstASCountryCode | Nullable(String) |
actor | Map(String, String) |
tags | Map(String, String) |
rawLog | String |