OpenObserve Connector

Search any OpenObserve stream with DuckDB SQL and graph metrics through the Prometheus-compatible endpoint. Works with OpenObserve Cloud, OSS, and Enterprise.

Service Account token (or email:password on Cloud)

What you'll need

  • OpenObserve Cloud or a self-hosted instance reachable from the Parumox connector service
  • Admin access to the org (only Admins can create Service Accounts)
  • The org id and the stream name your agents should query

Set it up — Service Account (recommended)

Service Accounts give you a rotatable token without sharing user credentials. They're available on OSS and Enterprise only — OpenObserve Cloud does not support them today; skip to the Cloud section below.

1

Create the service account

Enterprise: OpenObserve UI → IAMService AccountsAdd Service Account. Fill in Email, First Name, Last Name → Save. Copy the generated token.

OSS: The UI does not include a Service Accounts screen. Use the API as root or admin:

curl -u "root@example.com:rootPassword" \
  -H "Content-Type: application/json" \
  -X POST "https://your-instance/api/default/service_accounts" \
  -d '{"email":"parumox@svc.local","first_name":"Parumox","last_name":"Connector"}'

The response includes a token field — save it along with the email. You can rotate the token later with PUT /api/{org}/service_accounts/{email}?rotateToken=true.

2

Grant a role (Enterprise only)

On Enterprise, service accounts have no permissions by default. Assign a role with read access on the streams you want Parumox to query. OSS gives full access by default — no extra step needed.

Set it up — Cloud (email:password)

On OpenObserve Cloud, create a dedicated user account and use its email:password as the credential. The connector detects the colon and switches to HTTP Basic. We strongly recommend a dedicated user, not a real engineer's login, so you can rotate it independently.

Permissions required

The connector hits these endpoints, so the role must allow:

  • GET /api/{org}/summary — health check
  • POST /api/{org}/_search — log search (DuckDB SQL body, stream in the FROM clause)
  • GET|POST /api/{org}/prometheus/api/v1/* — PromQL metrics

Paste into Parumox

Portal → Connectors → Add Connector → choose OpenObserve and fill in:

  • Base URLhttps://api.openobserve.ai for Cloud, or your self-hosted root, no trailing slash
  • Organization — org id (visible in the URL after login, or Settings → Orgs)
  • API Token or email:password — for service accounts paste email:token (e.g. parumox@svc.local:FwaMU...); for Cloud users paste email:password. The colon triggers HTTP Basic auth. A bare token with no colon goes out as Authorization: Bearer
  • Default stream — leave blank for default, or the stream agents should query

Save. The health check hits GET /api/{org}/summary; the connector flips to Healthy within a few seconds.

Reference

Ready to fold OpenObserve into your investigations?

Wire your instance and let Parumox correlate streams with the rest of your cloud stack.

Start Free Trial Request a Demo