LogTide vs SigNoz for Log Management
Compare LogTide and SigNoz for log management. Both open-source, both support OpenTelemetry. See where they differ.
SigNoz and LogTide are both open-source, self-hosted platforms that support OpenTelemetry. SigNoz focuses on full observability (metrics, traces, logs). LogTide focuses on log management with built-in SIEM capabilities, plus basic metrics and traces support. Here’s how they compare.
Philosophy Comparison
SigNoz
SigNoz positions itself as an open-source alternative to Datadog and New Relic, covering all three pillars of observability: metrics, traces, and logs. It’s built on ClickHouse for high-performance analytics.
LogTide
LogTide focuses on log management with security built in, plus basic support for metrics and traces. Rather than trying to replace your entire observability stack, LogTide excels at logs + security detection. It supports both TimescaleDB and ClickHouse as storage backends via its Reservoir abstraction layer.
Feature Comparison
| Feature | SigNoz | LogTide |
|---|---|---|
| OpenTelemetry | Native OTLP | Native OTLP |
| Logs | Yes | Yes |
| Traces | Yes | Yes (via OTLP) |
| Metrics | Yes | Yes (basic) |
| Custom SDKs | OTel only | OTel + Custom (Node.js, Python, Go, etc.) |
| Alerting | Yes | Yes |
| Sigma detection rules | No | Built-in |
| Incident management | No | Built-in |
| MITRE ATT&CK mapping | No | Built-in |
| Database | ClickHouse | TimescaleDB or ClickHouse (via Reservoir) |
| Full-text search | Yes | Yes |
| Real-time streaming | Yes | Yes (SSE) |
| Custom dashboards | Yes | SIEM dashboard |
| Multi-tenancy | Limited | Organizations + Projects |
Where SigNoz Wins
Full observability. SigNoz covers metrics, traces, and logs with deep correlation across all three pillars. While LogTide now supports basic metrics, SigNoz’s metrics capabilities are more mature.
Deeper ClickHouse integration. While LogTide also supports ClickHouse via its Reservoir storage abstraction, SigNoz is built natively on ClickHouse with deeper integration for cross-signal correlation and analytical queries.
Custom dashboards. SigNoz has a query builder and dashboard creator for building custom visualizations across metrics, traces, and logs with advanced correlation.
Service maps. SigNoz auto-generates service dependency maps from trace data, helping you understand your microservice architecture.
Where LogTide Wins
Security detection. LogTide includes Sigma rules, MITRE ATT&CK mapping, and incident management. SigNoz is purely an observability tool with no security capabilities.
Flexible storage. LogTide supports both TimescaleDB (default, PostgreSQL-based) and ClickHouse via its Reservoir abstraction. Start with TimescaleDB for simplicity, or use ClickHouse for high-volume workloads — without changing application code.
Native SDKs. SigNoz relies exclusively on OpenTelemetry SDKs. LogTide provides lightweight, purpose-built SDKs for Node.js, Python, Go, PHP, Kotlin, and C# in addition to OTLP support.
Multi-tenancy. LogTide has built-in multi-tenancy with organizations and projects, each with separate API keys and access controls. SigNoz’s multi-tenancy is more limited.
SIEM dashboard. LogTide provides a security-focused dashboard for threat monitoring, detection rule management, and incident tracking that SigNoz doesn’t offer.
When to Choose SigNoz
- You need advanced metrics with custom dashboards and deep correlation
- You want custom dashboards across all telemetry types
- Service dependency mapping is important
- You want deeper native ClickHouse integration for cross-signal analytics
- You don’t need security detection or SIEM capabilities
When to Choose LogTide
- Security detection (Sigma rules, SIEM) is a requirement
- You want flexible storage (TimescaleDB for simplicity or ClickHouse for scale)
- You need native SDKs beyond OpenTelemetry
- Incident management and MITRE ATT&CK mapping are important
- You need focused log management with basic metrics and built-in security
Migration: Seamless via OpenTelemetry
Since both platforms support OTLP natively, migration is straightforward - just update the endpoint:
// Before (SigNoz)
const logExporter = new OTLPLogExporter({
url: 'http://signoz:4318/v1/logs',
});
// After (LogTide)
const logExporter = new OTLPLogExporter({
url: 'http://logtide:8080/v1/otlp/logs',
headers: { 'X-API-Key': 'lp_your_api_key' },
});For OpenTelemetry Collector, update the exporter config:
# Before (SigNoz)
exporters:
otlp:
endpoint: signoz-otel-collector:4317
# After (LogTide)
exporters:
otlphttp/logtide:
endpoint: http://logtide:8080
headers:
X-API-Key: lp_your_api_keyConcept Mapping
| SigNoz | LogTide | Notes |
|---|---|---|
| Service | Service | 1:1 mapping (from OTel resource) |
| Trace | trace_id | Indexed for correlation |
| Span | span_id | Indexed for correlation |
| Log attributes | metadata | Stored as JSON |
| Alert | Alert Rule | Similar configuration |
| Dashboard | SIEM Dashboard | Security-focused |
| N/A | Sigma Rules | LogTide exclusive |
| N/A | Incidents | LogTide exclusive |
Migration Path
Our migration guide covers updating OTLP endpoints, migrating alerts, and enabling LogTide’s security features that aren’t available in SigNoz.
View the full SigNoz migration guide
Ready to add security to your log management?
- Deploy LogTide - Free, open-source
- Migration Guide - Step-by-step instructions
- Join GitHub Discussions - Get help from the community