LogTide vs SigNoz for Log Management
Compare LogTide and SigNoz for log management. Both open-source, both support OpenTelemetry. See where they differ.
SigNoz and LogTide are both open-source, self-hosted platforms that support OpenTelemetry. SigNoz focuses on full observability (metrics, traces, logs). LogTide focuses on log management with built-in SIEM capabilities, plus basic metrics and traces support. Here’s how they compare.
Philosophy Comparison
SigNoz
SigNoz positions itself as an open-source alternative to Datadog and New Relic, covering all three pillars of observability: metrics, traces, and logs. It’s built on ClickHouse for high-performance analytics.
LogTide
LogTide focuses on log management with security built in, plus basic support for metrics and traces. Rather than trying to replace your entire observability stack, LogTide excels at logs + security detection. It supports both TimescaleDB and ClickHouse as storage backends via its Reservoir abstraction layer.
Feature Comparison
| Feature | SigNoz | LogTide |
|---|---|---|
| OpenTelemetry | Native OTLP | Native OTLP |
| Logs | Yes | Yes |
| Traces | Yes | Yes (via OTLP) |
| Metrics | Yes | Yes (basic) |
| Custom SDKs | OTel only | OTel + Custom (Node.js, Python, Go, etc.) |
| Alerting | Yes | Yes |
| Sigma detection rules | No | Built-in |
| Incident management | No | Built-in |
| MITRE ATT&CK mapping | No | Built-in |
| Database | ClickHouse | TimescaleDB or ClickHouse (via Reservoir) |
| Full-text search | Yes | Yes |
| Real-time streaming | Yes | Yes (SSE) |
| Custom dashboards | Yes | SIEM dashboard |
| Multi-tenancy | Limited | Organizations + Projects |
Where SigNoz Wins
Full observability. SigNoz covers metrics, traces, and logs with deep correlation across all three pillars. While LogTide now supports basic metrics, SigNoz’s metrics capabilities are more mature.
Deeper ClickHouse integration. While LogTide also supports ClickHouse via its Reservoir storage abstraction, SigNoz is built natively on ClickHouse with deeper integration for cross-signal correlation and analytical queries.
Custom dashboards. SigNoz has a query builder and dashboard creator for building custom visualizations across metrics, traces, and logs with advanced correlation.
Service maps. SigNoz auto-generates service dependency maps from trace data, helping you understand your microservice architecture.
Where LogTide Wins
Security detection. LogTide includes Sigma rules, MITRE ATT&CK mapping, and incident management. SigNoz is purely an observability tool with no security capabilities.
Flexible storage. LogTide supports both TimescaleDB (default, PostgreSQL-based) and ClickHouse via its Reservoir abstraction. Start with TimescaleDB for simplicity, or use ClickHouse for high-volume workloads — without changing application code.
Native SDKs. SigNoz relies exclusively on OpenTelemetry SDKs. LogTide provides lightweight, purpose-built SDKs for Node.js, Python, Go, PHP, Kotlin, and C# in addition to OTLP support.
Multi-tenancy. LogTide has built-in multi-tenancy with organizations and projects, each with separate API keys and access controls. SigNoz’s multi-tenancy is more limited.
SIEM dashboard. LogTide provides a security-focused dashboard for threat monitoring, detection rule management, and incident tracking that SigNoz doesn’t offer.
When to Choose SigNoz
- You need advanced metrics with custom dashboards and deep correlation
- You want custom dashboards across all telemetry types
- Service dependency mapping is important
- You want deeper native ClickHouse integration for cross-signal analytics
- You don’t need security detection or SIEM capabilities
When to Choose LogTide
- Security detection (Sigma rules, SIEM) is a requirement
- You want flexible storage (TimescaleDB for simplicity or ClickHouse for scale)
- You need native SDKs beyond OpenTelemetry
- Incident management and MITRE ATT&CK mapping are important
- You need focused log management with basic metrics and built-in security
Migration: Seamless via OpenTelemetry
Since both platforms support OTLP natively, migration is straightforward - just update the endpoint:
// Before (SigNoz)
const logExporter = new OTLPLogExporter({
url: 'http://signoz:4318/v1/logs',
});
// After (LogTide)
const logExporter = new OTLPLogExporter({
url: 'http://logtide:8080/v1/otlp/logs',
headers: { 'X-API-Key': 'lp_your_api_key' },
});
For OpenTelemetry Collector, update the exporter config:
# Before (SigNoz)
exporters:
otlp:
endpoint: signoz-otel-collector:4317
# After (LogTide)
exporters:
otlphttp/logtide:
endpoint: http://logtide:8080
headers:
X-API-Key: lp_your_api_key
Concept Mapping
| SigNoz | LogTide | Notes |
|---|---|---|
| Service | Service | 1:1 mapping (from OTel resource) |
| Trace | trace_id | Indexed for correlation |
| Span | span_id | Indexed for correlation |
| Log attributes | metadata | Stored as JSON |
| Alert | Alert Rule | Similar configuration |
| Dashboard | SIEM Dashboard | Security-focused |
| N/A | Sigma Rules | LogTide exclusive |
| N/A | Incidents | LogTide exclusive |
Migration Path
Our migration guide covers updating OTLP endpoints, migrating alerts, and enabling LogTide’s security features that aren’t available in SigNoz.
View the full SigNoz migration guide
Ready to add security to your log management?
- Deploy LogTide - Free, open-source
- Migration Guide - Step-by-step instructions
- Join GitHub Discussions - Get help from the community
Frequently Asked Questions
Does LogTide support OpenTelemetry like SigNoz does?
Yes. Both platforms support native OTLP ingestion. Because they share the same wire protocol, migrating from SigNoz to LogTide is as simple as updating the exporter endpoint URL and adding an X-API-Key header in your OpenTelemetry Collector config or SDK initializer — no log re-instrumentation required.
Does LogTide include SIEM capabilities that SigNoz lacks?
Yes. SigNoz is a pure observability tool with no security detection features. LogTide adds Sigma detection rules, MITRE ATT&CK mapping, and incident management on top of log management, all included at no extra cost. If security monitoring or compliance audit trails are a requirement, LogTide covers that natively.
Can I use ClickHouse with LogTide the same way SigNoz does?
LogTide supports ClickHouse as a storage backend via its Reservoir abstraction layer, giving you columnar storage optimized for high-volume analytical queries. You can also start with TimescaleDB (the PostgreSQL-based default) and switch later without changing application code. SigNoz is built natively on ClickHouse with deeper cross-signal correlation, so if advanced multi-signal analytics across metrics, traces, and logs is your primary need, SigNoz has a more mature implementation.
When is SigNoz the better choice over LogTide?
SigNoz wins when you need full observability across all three pillars — metrics, traces, and logs — with deep cross-signal correlation, service dependency maps auto-generated from trace data, and a custom dashboard builder. If your priority is broad observability rather than log-centric security detection, SigNoz is the stronger fit.