LogTide

Migrate from SigNoz

Easy
2-4 hours

Migrate from SigNoz to LogTide for enhanced security capabilities including Sigma detection rules, incident management, and MITRE ATT&CK mapping. Both platforms support OpenTelemetry, making the transition seamless.

Why Migrate from SigNoz?

Built-in SIEM

LogTide includes Sigma detection rules, incident management, and MITRE ATT&CK mapping. SigNoz focuses on observability, not security.

Flexible Storage

LogTide supports both TimescaleDB and ClickHouse via its Reservoir abstraction. Start simple with TimescaleDB or scale with ClickHouse.

Native OpenTelemetry

Both platforms support OTLP natively. Your existing OTel instrumentation works unchanged - just update the endpoint.

Threat Detection

Security-focused organizations need detection capabilities. LogTide's Sigma rules provide enterprise-grade threat detection.

Feature Comparison

Feature SigNoz LogTide
OpenTelemetry Native OTLP Native OTLP
Logs Yes Yes
Traces Yes Yes (via OTLP)
Metrics Yes Yes (basic)
Alerting Yes Yes
Sigma Rules No Built-in
Incident Management No Built-in
MITRE ATT&CK No Built-in
Database ClickHouse TimescaleDB or ClickHouse
Custom SDKs OTel only OTel + Custom
Pricing Open-source Open-source

Step 1: Deploy LogTide

See the Deployment Guide for full instructions: 

# Clone LogTide
git clone https://github.com/logtide-dev/logtide.git
cd logtide/docker

# Configure
cp .env.example .env
# Edit .env with your settings

# Start
docker compose up -d

# Verify
curl http://localhost:8080/health

Create your organization and project via the UI, then generate an API key.

Step 2: Update OpenTelemetry Endpoint

Since both platforms use OTLP, migration is straightforward - just update the endpoint URL:

Node.js (OpenTelemetry SDK)

Before (SigNoz) 
const logExporter = new OTLPLogExporter({
url: 'http://signoz:4318/v1/logs',
headers: {},
});
After (LogTide) 
const logExporter = new OTLPLogExporter({
url: 'http://logtide:8080/v1/otlp/logs',
headers: {
  'X-API-Key': 'lp_your_api_key'
},
});

Python (OpenTelemetry SDK)

Before (SigNoz) 
exporter = OTLPLogExporter(
  endpoint="http://signoz:4318/v1/logs",
)
After (LogTide) 
exporter = OTLPLogExporter(
  endpoint="http://logtide:8080/v1/otlp/logs",
  headers={"X-API-Key": "lp_your_api_key"},
)

OpenTelemetry Collector

If you're using the OTel Collector, update the exporter configuration:

Before (SigNoz) 
exporters:
otlp:
  endpoint: signoz-otel-collector:4317
  tls:
    insecure: true

service:
pipelines:
  logs:
    exporters: [otlp]
After (LogTide) 
exporters:
otlphttp/logtide:
  endpoint: http://logtide:8080
  headers:
    X-API-Key: lp_your_api_key

service:
pipelines:
  logs:
    exporters: [otlphttp/logtide]

Step 3: Migrate Alerts

SigNoz and LogTide have similar alert concepts. Convert your alert rules:

SigNoz Alert 
name: High Error Rate
description: Errors exceeded threshold
severity: critical
rule:
type: log_based
query: level = "error"
threshold: 100
duration: 5m
notification:
channels:
  - email
  - slack
LogTide Alert Rule 
{
"name": "High Error Rate",
"enabled": true,
"level": ["error"],
"threshold": 100,
"timeWindow": 5,
"emailRecipients": [
  "[email protected]"
],
"webhookUrl": "https://hooks.slack.com/..."
}

Step 4: Enable Security Features

LogTide's key advantage over SigNoz is built-in security capabilities:

Enable Sigma Detection

  1. 1 Navigate to /dashboard/security/sigma
  2. 2 Import Sigma rules from YAML or sync from SigmaHQ
  3. 3 Enable rules for your log sources
  4. 4 Configure alert notifications for detections

Example Sigma rule for detecting suspicious activity:

title: Multiple Failed Login Attempts
status: stable
level: medium
logsource:
  category: authentication
  product: custom
detection:
  selection:
      message|contains: "login failed"
  timeframe: 5m
  condition: selection | count() > 10
tags:
  - attack.credential_access
  - attack.t1110

Concept Mapping

SigNoz Term LogTide Equivalent Notes
Service Service 1:1 mapping (from OTel resource)
Trace trace_id Indexed for correlation
Span span_id Indexed for correlation
Log attributes metadata Stored as JSON
Alert Alert Rule Similar configuration
Dashboard SIEM Dashboard Security-focused
N/A Sigma Rules LogTide exclusive
N/A Incidents LogTide exclusive

Common Issues

OTLP endpoint format
SigNoz uses standard OTLP port 4317/4318. LogTide uses /v1/otlp/logs on the main API port (8080). Update your endpoint URLs accordingly.
Authentication required
Unlike SigNoz, LogTide requires an API key. Add X-API-Key header to all OTLP requests. The API key is project-scoped and starts with lp_.
Basic metrics support
LogTide now supports basic metrics ingestion. For advanced metrics use cases (custom dashboards, PromQL queries, deep correlation), you may want to keep your existing metrics solution (Prometheus, etc.) alongside LogTide.

Next Steps

OpenTelemetry Integration
API Reference
Custom SDKs (Node.js, Python, etc.)
Edit this page on GitHub
Esc

Type to search across all documentation pages

Navigate Open Esc Close