Native Ingest
POST /api/ingest?workspace=core-ops
Header: x-onyx-api-key: <INGEST_KEY>
Body: {"kind":"log","service":"checkout-api","message":"...","severity":"warning"}Quick Start
- Sign in with your tenant admin account.
- Create or select a tenant workspace (for example:
core-ops). - Add connectors from Integrations → Use Template → Template Builder.
- Send telemetry to ingest endpoints and enable Live Tail in Logs.
- Build dashboards and configure Alerts/AIOps response workflows.
Embedded Application
Use the embedded frame below for guided onboarding and support sessions.
Tenancy & Access
- Multi-tenant isolation by workspace slug and tenant id.
- Auth flows: Sign In, Sign Up, Free Trial.
- Roles:
viewer,admin,super_admin. - Per-workspace API keys: admin/query and ingest keys.
Integrations & Connectors
Built-in templates include Dynatrace, Datadog, Splunk, AWS CloudWatch, Azure, and GCP.
- Template Builder opens from Integrations and saves to Connectors.
- AWS connectors support per-service CloudWatch selection.
- Connector detail pages provide sync status, pull counts, and config extras.
- Duplicate template cards are deduplicated by canonical integration name.
Ingestion Endpoints
All endpoints are tenant/environment-specific via ?workspace=<slug>.
OTLP Logs
POST /api/ingest/otlp?workspace=core-ops
Header: x-onyx-api-key: <INGEST_KEY>Fluent Bit
POST /api/ingest/fluentbit?workspace=core-ops
Header: x-onyx-api-key: <INGEST_KEY>Firehose
POST /api/ingest/firehose?workspace=core-ops
Header: x-onyx-api-key: <INGEST_KEY>Platform Generic
POST /api/ingest/platform/vector?workspace=core-ops
Header: x-onyx-api-key: <INGEST_KEY>Logs, Metrics, RUM, Traces
- Global time panel supports presets, week range, and custom windows.
- Live Tail streams newly-ingested logs in real time.
- Log Detail page shows trace correlation, enrichment, and one-click actions.
- Service Detail and Trace Detail pages provide focused diagnostics.
Log Enrichment Pipeline
Rules supported: mask_regex, extract_json, add_attribute, add_tag, severity_map, drop_if_contains.
Dashboards
- Builder + Catalog + Live Preview workflow.
- Widget types: line, bar, area, pie, table, single, heatmap.
- Dashboard Detail page for deep view and edits.
- Create dashboards directly from log or finding context.
AIOps
- Live finding stream with risk score, likely bottleneck, possible cause, and resolutions.
- KPI cards are clickable for Open, Acknowledged, and Risk-prioritized views.
- One-click actions: Open Service, Create Rule, Add Dashboard, Acknowledge.
Alerts, SLOs, Query
- Alert rules by signal type and severity/service filters.
- Channels (webhook/email/slack) and incident lifecycle tracking.
- SLO target creation and report tracking.
- Query Studio for saved telemetry queries.
Admin & Governance
- Global tenant control plane: tenant creation, user management, licenses, demo keys.
- Onyx onboarding template visible in Admin only.
- Security controls: key rotation, SSO config, audit trail.
Agents & Deployment
- Deployable Linux/Windows agent enrollment and download flows.
- Docker packaging and local hosting patterns.
- Supports sovereign hosting strategy with multi-cloud options.
Troubleshooting
- If data is missing, validate connector status and run Pull Data.
- If logs are missing, verify endpoint path, workspace slug, and ingest key.
- If filters return empty, reset time range to
All Time. - If UI appears stale, use Reload Data or restart server.
Support Runbook
Escalation checklist for production incidents:
- Capture affected tenant, workspace, service, and time window.
- Open Log Detail and Trace Detail for a failing transaction path.
- Run AIOps diagnose and acknowledge/assign finding owner.
- Create temporary dashboard for incident visibility.
- Document root cause and remediation actions in postmortem notes.