LogTide
Login Get Started

Migrate from SigNoz

Easy
2-4 hours

Migrate from SigNoz to LogTide for enhanced security capabilities including Sigma detection rules, incident management, and MITRE ATT&CK mapping. Both platforms support OpenTelemetry, making the transition seamless.

Why Migrate from SigNoz?

Built-in SIEM

LogTide includes Sigma detection rules, incident management, and MITRE ATT&CK mapping. SigNoz focuses on observability, not security.

Simpler Architecture

SigNoz uses ClickHouse which requires tuning. LogTide uses PostgreSQL/TimescaleDB for easier operations.

Native OpenTelemetry

Both platforms support OTLP natively. Your existing OTel instrumentation works unchanged - just update the endpoint.

Threat Detection

Security-focused organizations need detection capabilities. LogTide's Sigma rules provide enterprise-grade threat detection.

Feature Comparison

Feature SigNoz LogTide
OpenTelemetry Native OTLP Native OTLP
Logs Yes Yes
Traces Yes Yes (via OTLP)
Metrics Yes Roadmap
Alerting Yes Yes
Sigma Rules No Built-in
Incident Management No Built-in
MITRE ATT&CK No Built-in
Database ClickHouse TimescaleDB
Custom SDKs OTel only OTel + Custom
Pricing Open-source Open-source

Step 1: Deploy LogTide

See the Deployment Guide for full instructions: 

# Clone LogTide
git clone https://github.com/logtide-dev/logtide.git
cd logtide/docker

# Configure
cp .env.example .env
# Edit .env with your settings

# Start
docker compose up -d

# Verify
curl http://localhost:8080/health

Create your organization and project via the UI, then generate an API key.

Step 2: Update OpenTelemetry Endpoint

Since both platforms use OTLP, migration is straightforward - just update the endpoint URL:

Node.js (OpenTelemetry SDK)

Before (SigNoz) 
const logExporter = new OTLPLogExporter({
url: 'http://signoz:4318/v1/logs',
headers: {},
});
After (LogTide) 
const logExporter = new OTLPLogExporter({
url: 'http://logtide:8080/v1/otlp/logs',
headers: {
  'X-API-Key': 'lp_your_api_key'
},
});

Python (OpenTelemetry SDK)

Before (SigNoz) 
exporter = OTLPLogExporter(
  endpoint="http://signoz:4318/v1/logs",
)
After (LogTide) 
exporter = OTLPLogExporter(
  endpoint="http://logtide:8080/v1/otlp/logs",
  headers={"X-API-Key": "lp_your_api_key"},
)

OpenTelemetry Collector

If you're using the OTel Collector, update the exporter configuration:

Before (SigNoz) 
exporters:
otlp:
  endpoint: signoz-otel-collector:4317
  tls:
    insecure: true

service:
pipelines:
  logs:
    exporters: [otlp]
After (LogTide) 
exporters:
otlphttp/logtide:
  endpoint: http://logtide:8080
  headers:
    X-API-Key: lp_your_api_key

service:
pipelines:
  logs:
    exporters: [otlphttp/logtide]

Step 3: Migrate Alerts

SigNoz and LogTide have similar alert concepts. Convert your alert rules:

SigNoz Alert 
name: High Error Rate
description: Errors exceeded threshold
severity: critical
rule:
type: log_based
query: level = "error"
threshold: 100
duration: 5m
notification:
channels:
  - email
  - slack
LogTide Alert Rule 
{
"name": "High Error Rate",
"enabled": true,
"level": ["error"],
"threshold": 100,
"timeWindow": 5,
"emailRecipients": [
  "[email protected]"
],
"webhookUrl": "https://hooks.slack.com/..."
}

Step 4: Enable Security Features

LogTide's key advantage over SigNoz is built-in security capabilities:

Enable Sigma Detection

  1. 1 Navigate to /dashboard/security/sigma
  2. 2 Import Sigma rules from YAML or sync from SigmaHQ
  3. 3 Enable rules for your log sources
  4. 4 Configure alert notifications for detections

Example Sigma rule for detecting suspicious activity:

title: Multiple Failed Login Attempts
status: stable
level: medium
logsource:
  category: authentication
  product: custom
detection:
  selection:
      message|contains: "login failed"
  timeframe: 5m
  condition: selection | count() > 10
tags:
  - attack.credential_access
  - attack.t1110

Concept Mapping

SigNoz Term LogTide Equivalent Notes
Service Service 1:1 mapping (from OTel resource)
Trace trace_id Indexed for correlation
Span span_id Indexed for correlation
Log attributes metadata Stored as JSON
Alert Alert Rule Similar configuration
Dashboard SIEM Dashboard Security-focused
N/A Sigma Rules LogTide exclusive
N/A Incidents LogTide exclusive

Common Issues

OTLP endpoint format
SigNoz uses standard OTLP port 4317/4318. LogTide uses /v1/otlp/logs on the main API port (8080). Update your endpoint URLs accordingly.
Authentication required
Unlike SigNoz, LogTide requires an API key. Add X-API-Key header to all OTLP requests. The API key is project-scoped and starts with lp_.
Missing metrics support
LogTide currently focuses on logs. Metrics support is on the roadmap. Continue using your existing metrics solution (Prometheus, etc.) alongside LogTide.

Next Steps

OpenTelemetry Integration
API Reference
Custom SDKs (Node.js, Python, etc.)
Edit this page on GitHub