LogTide
Comparison

LogTide vs SigNoz for Log Management

Compare LogTide and SigNoz for log management. Both open-source, both support OpenTelemetry. See where they differ.

Built-in SIEM & Sigma rules Flexible storage (TimescaleDB or ClickHouse) Native SDKs + OTLP Incident management

SigNoz and LogTide are both open-source, self-hosted platforms that support OpenTelemetry. SigNoz focuses on full observability (metrics, traces, logs). LogTide focuses on log management with built-in SIEM capabilities, plus basic metrics and traces support. Here’s how they compare.

Philosophy Comparison

SigNoz

SigNoz positions itself as an open-source alternative to Datadog and New Relic, covering all three pillars of observability: metrics, traces, and logs. It’s built on ClickHouse for high-performance analytics.

LogTide

LogTide focuses on log management with security built in, plus basic support for metrics and traces. Rather than trying to replace your entire observability stack, LogTide excels at logs + security detection. It supports both TimescaleDB and ClickHouse as storage backends via its Reservoir abstraction layer.

Feature Comparison

FeatureSigNozLogTide
OpenTelemetryNative OTLPNative OTLP
LogsYesYes
TracesYesYes (via OTLP)
MetricsYesYes (basic)
Custom SDKsOTel onlyOTel + Custom (Node.js, Python, Go, etc.)
AlertingYesYes
Sigma detection rulesNoBuilt-in
Incident managementNoBuilt-in
MITRE ATT&CK mappingNoBuilt-in
DatabaseClickHouseTimescaleDB or ClickHouse (via Reservoir)
Full-text searchYesYes
Real-time streamingYesYes (SSE)
Custom dashboardsYesSIEM dashboard
Multi-tenancyLimitedOrganizations + Projects

Where SigNoz Wins

Full observability. SigNoz covers metrics, traces, and logs with deep correlation across all three pillars. While LogTide now supports basic metrics, SigNoz’s metrics capabilities are more mature.

Deeper ClickHouse integration. While LogTide also supports ClickHouse via its Reservoir storage abstraction, SigNoz is built natively on ClickHouse with deeper integration for cross-signal correlation and analytical queries.

Custom dashboards. SigNoz has a query builder and dashboard creator for building custom visualizations across metrics, traces, and logs with advanced correlation.

Service maps. SigNoz auto-generates service dependency maps from trace data, helping you understand your microservice architecture.

Where LogTide Wins

Security detection. LogTide includes Sigma rules, MITRE ATT&CK mapping, and incident management. SigNoz is purely an observability tool with no security capabilities.

Flexible storage. LogTide supports both TimescaleDB (default, PostgreSQL-based) and ClickHouse via its Reservoir abstraction. Start with TimescaleDB for simplicity, or use ClickHouse for high-volume workloads — without changing application code.

Native SDKs. SigNoz relies exclusively on OpenTelemetry SDKs. LogTide provides lightweight, purpose-built SDKs for Node.js, Python, Go, PHP, Kotlin, and C# in addition to OTLP support.

Multi-tenancy. LogTide has built-in multi-tenancy with organizations and projects, each with separate API keys and access controls. SigNoz’s multi-tenancy is more limited.

SIEM dashboard. LogTide provides a security-focused dashboard for threat monitoring, detection rule management, and incident tracking that SigNoz doesn’t offer.

When to Choose SigNoz

  • You need advanced metrics with custom dashboards and deep correlation
  • You want custom dashboards across all telemetry types
  • Service dependency mapping is important
  • You want deeper native ClickHouse integration for cross-signal analytics
  • You don’t need security detection or SIEM capabilities

When to Choose LogTide

  • Security detection (Sigma rules, SIEM) is a requirement
  • You want flexible storage (TimescaleDB for simplicity or ClickHouse for scale)
  • You need native SDKs beyond OpenTelemetry
  • Incident management and MITRE ATT&CK mapping are important
  • You need focused log management with basic metrics and built-in security

Migration: Seamless via OpenTelemetry

Since both platforms support OTLP natively, migration is straightforward - just update the endpoint:

// Before (SigNoz)
const logExporter = new OTLPLogExporter({
  url: 'http://signoz:4318/v1/logs',
});

// After (LogTide)
const logExporter = new OTLPLogExporter({
  url: 'http://logtide:8080/v1/otlp/logs',
  headers: { 'X-API-Key': 'lp_your_api_key' },
});

For OpenTelemetry Collector, update the exporter config:

# Before (SigNoz)
exporters:
  otlp:
    endpoint: signoz-otel-collector:4317

# After (LogTide)
exporters:
  otlphttp/logtide:
    endpoint: http://logtide:8080
    headers:
      X-API-Key: lp_your_api_key

Concept Mapping

SigNozLogTideNotes
ServiceService1:1 mapping (from OTel resource)
Tracetrace_idIndexed for correlation
Spanspan_idIndexed for correlation
Log attributesmetadataStored as JSON
AlertAlert RuleSimilar configuration
DashboardSIEM DashboardSecurity-focused
N/ASigma RulesLogTide exclusive
N/AIncidentsLogTide exclusive

Migration Path

Our migration guide covers updating OTLP endpoints, migrating alerts, and enabling LogTide’s security features that aren’t available in SigNoz.

View the full SigNoz migration guide


Ready to add security to your log management?

Frequently Asked Questions

Does LogTide support OpenTelemetry like SigNoz does?

Yes. Both platforms support native OTLP ingestion. Because they share the same wire protocol, migrating from SigNoz to LogTide is as simple as updating the exporter endpoint URL and adding an X-API-Key header in your OpenTelemetry Collector config or SDK initializer — no log re-instrumentation required.

Does LogTide include SIEM capabilities that SigNoz lacks?

Yes. SigNoz is a pure observability tool with no security detection features. LogTide adds Sigma detection rules, MITRE ATT&CK mapping, and incident management on top of log management, all included at no extra cost. If security monitoring or compliance audit trails are a requirement, LogTide covers that natively.

Can I use ClickHouse with LogTide the same way SigNoz does?

LogTide supports ClickHouse as a storage backend via its Reservoir abstraction layer, giving you columnar storage optimized for high-volume analytical queries. You can also start with TimescaleDB (the PostgreSQL-based default) and switch later without changing application code. SigNoz is built natively on ClickHouse with deeper cross-signal correlation, so if advanced multi-signal analytics across metrics, traces, and logs is your primary need, SigNoz has a more mature implementation.

When is SigNoz the better choice over LogTide?

SigNoz wins when you need full observability across all three pillars — metrics, traces, and logs — with deep cross-signal correlation, service dependency maps auto-generated from trace data, and a custom dashboard builder. If your priority is broad observability rather than log-centric security detection, SigNoz is the stronger fit.