OpenTelemetry Integration
This guide shows you how to send qtap observability data to OpenTelemetry-compatible backends using OTLP (OpenTelemetry Protocol).
Understanding Qtap's OpenTelemetry Integration
Qtap exports two types of data as OpenTelemetry Logs via the OTLP protocol:
Events
qtap.yaml event_stores
Connection metadata, HTTP transaction summaries (method, URL, status, duration, process attribution)
Analytics, monitoring, troubleshooting — know WHAT happened and WHICH process did it
Objects
qtap.yaml object_stores
Full request/response headers and bodies
Compliance, security investigation, debugging — see the actual payload content
Both can be sent through the same OTel collector endpoint, giving you a unified pipeline for all captured data — no separate S3 setup required.
Events vs Objects: Events are lightweight metadata about every connection and HTTP transaction. Objects are the full request/response content, captured selectively based on your plugin configuration. You can send both through OTel, or use OTel for events and S3 for objects — see Storage Configuration for all options.
Prerequisites
Qtap installed and running (see Getting Started)
An OpenTelemetry-compatible backend or collector
Quick Start (5 minutes)
Send both events and artifacts to any OpenTelemetry-compatible backend.
Step 1: Configure Qtap
Create qtap-config.yaml:
Step 2: Deploy OpenTelemetry Collector
Already have an OpenTelemetry Collector? Update the endpoint in Step 1 to point to your collector and skip to Step 3.
Create otel-collector-config.yaml:
Create docker-compose.yaml:
Start the collector:
Step 3: Start Qtap
Note: No additional environment variables are needed — logs are configured entirely through qtap.yaml.
Step 4: Generate Traffic and Verify
You should see two types of log events:
1. Connection Event:
2. Artifact Record Event:
3. Object (Artifact Data):
When using OTel object stores, the full request/response content is also sent as log records:
Objects include the complete HTTP headers and bodies as captured by the http_capture plugin. The connection.id links objects back to their corresponding connection and artifact record events.
Success! Qtap is sending events and artifacts to OpenTelemetry. Use connection.id to correlate connection metadata, HTTP transaction summaries, and full request/response content.
Understanding the Data
What Logs Contain
Connection Events (event.type: connection):
TCP connection metadata
Protocol detection (http1, http2, tcp)
TLS version and inspection status
Bytes sent/received
Process information (exe path, user ID)
Artifact Record Events (event.type: artifact_record):
HTTP method, URL, path, status code
User agent and content type
Duration in milliseconds
Process information
Link to stored artifact (OTel or S3 URL depending on object store type)
What Objects Contain
When using OTel object stores (object_stores type: otel), artifact data is sent as additional log records:
artifact.type—http_requestorhttp_responseartifact.content_type— MIME type (e.g.,application/json)artifact.data— The raw bytes (full headers and body)artifact.size_bytes— Size of the artifactartifact.digest— Content hash for deduplicationconnection.id— Links back to the connection and artifact record eventsartifact.summary.*— Request/response metadata (method, host, status, etc.)
Events vs Objects: Events (event_stores) are lightweight metadata sent for every connection and HTTP transaction. Objects (object_stores) are the full payload content, captured based on your http_capture plugin level setting (summary, details, or full).
Example log query:
Kubernetes Deployment
Using OpenTelemetry Operator
Already have OpenTelemetry Operator installed? Skip to step 2.
Install the OpenTelemetry Operator:
Deploy an OpenTelemetry Collector:
Deploy qtap using Helm:
First, create your qtap configuration file qtap-config.yaml:
Install qtap with Helm:
Verify the deployment:
Backend-Specific Configurations
SaaS Platforms
Datadog
Datadog supports OTLP ingestion directly:
Honeycomb
New Relic
Grafana Cloud
Elastic
Self-Hosted
For self-hosted backends (Jaeger, Zipkin, Grafana Tempo, etc.), point qtap to your OpenTelemetry Collector, then configure the collector to export to your backend:
Then configure your OTel Collector with the appropriate exporter for your backend.
Querying and Filtering
Filter by Event Type
Find Slow Requests
Find Errors
Track Specific Endpoints
Monitor HTTP/2 vs HTTP/1 Traffic
Troubleshooting
No Logs Appearing
Check qtap logs for OTel connection:
Common issues:
Wrong endpoint - Verify the endpoint address and port
gRPC default:
4317HTTP default:
4318With
--network=host: uselocalhost:4317
TLS mismatch - If backend requires TLS, set
tls.enabled: trueAuthentication - Verify headers/API keys are correct
Collector not running - Check
docker ps | grep otel
Connection Refused Errors
Solutions:
Check if OTel Collector is running:
docker ps | grep otelVerify network connectivity between qtap and collector
Check firewall rules for port 4317/4318
Debugging with stdout Protocol
For local debugging, use the stdout protocol to see OTLP data printed to qtap logs:
Then check qtap logs:
Best Practices
Use TLS in production - Always enable
tls.enabled: truefor productionStore artifacts securely - Use OTel object stores for unified pipelines, or S3 for separate storage
Filter appropriately - Use qtap's filters to avoid capturing unnecessary traffic
Set resource attributes - Use
service_nameandenvironmentfor filteringMonitor qtap itself - Set up alerts on qtap's Prometheus metrics
Use batch processing - OTel Collector's batch processor reduces API calls
Use connection.id for correlation - Link connection events with artifact records using
connection.id
Configuration Quick Reference
qtap.yaml:
Next Steps
Storage Configuration — OTel and S3 object storage options
Self-Hosted ClickStack Observability — Full setup with OTel events + objects
Set up Prometheus Metrics for qtap health monitoring
Configure Traffic Filters to reduce noise
Additional Resources
Last updated