General availability (GA) Open source

otelcol.receiver.otlp

otelcol.receiver.otlp accepts OTLP-formatted data over the network and forwards it to other otelcol.* components.

Note

otelcol.receiver.otlp is a wrapper over the upstream OpenTelemetry Collector otlp receiver. Bug reports or feature requests will be redirected to the upstream repository, if necessary.

Multiple otelcol.receiver.otlp components can be specified by giving them different labels.

Usage

alloy
otelcol.receiver.otlp "<LABEL>" {
  grpc { ... }
  http { ... }

  output {
    metrics = [...]
    logs    = [...]
    traces  = [...]
  }
}

Arguments

The otelcol.receiver.otlp component doesn’t support any arguments. You can configure this component with blocks.

Blocks

You can use the following blocks with otelcol.receiver.otlp:

BlockDescriptionRequired
outputConfigures where to send received telemetry data.yes
debug_metricsConfigures the metrics that this component generates to monitor its state.no
grpcConfigures the gRPC server to receive telemetry data.no
grpc > keepaliveConfigures keepalive settings for the configured server.no
grpc > keepalive > enforcement_policyEnforcement policy for keepalive settings.no
grpc > keepalive > server_parametersServer parameters used to configure keepalive settings.no
grpc > tlsConfigures TLS for the gRPC server.no
grpc > tls > tpmConfigures TPM settings for the TLS key_file.no
httpConfigures the HTTP server to receive telemetry data.no
http > corsConfigures CORS for the HTTP server.no
http > tlsConfigures TLS for the HTTP server.no
http > tls > tpmConfigures TPM settings for the TLS key_file.no

The > symbol indicates deeper levels of nesting. For example, grpc > tls refers to a tls block defined inside a grpc block.

output

Required

The output block configures a set of components to forward resulting telemetry data to.

The following arguments are supported:

NameTypeDescriptionDefaultRequired
logslist(otelcol.Consumer)List of consumers to send logs to.[]no
metricslist(otelcol.Consumer)List of consumers to send metrics to.[]no
traceslist(otelcol.Consumer)List of consumers to send traces to.[]no

You must specify the output block, but all its arguments are optional. By default, telemetry data is dropped. Configure the metrics, logs, and traces arguments accordingly to send telemetry data to other components.

debug_metrics

The debug_metrics block configures the metrics that this component generates to monitor its state.

The following arguments are supported:

NameTypeDescriptionDefaultRequired
disable_high_cardinality_metricsbooleanWhether to disable certain high cardinality metrics.trueno

disable_high_cardinality_metrics is the Alloy equivalent to the telemetry.disableHighCardinalityMetrics feature gate in the OpenTelemetry Collector. It removes attributes that could cause high cardinality metrics. For example, attributes with IP addresses and port numbers in metrics about HTTP and gRPC connections are removed.

Note

If configured, disable_high_cardinality_metrics only applies to otelcol.exporter.* and otelcol.receiver.* components.

grpc

The grpc block configures the gRPC server used by the component. If the grpc block isn’t provided, a gRPC server isn’t started.

The following arguments are supported:

NameTypeDescriptionDefaultRequired
authcapsule(otelcol.Handler)Handler from an otelcol.auth component to use for authenticating requests.no
endpointstringhost:port to listen for traffic on."0.0.0.0:4317"no
include_metadataboolPropagate incoming connection metadata to downstream consumers.falseno
max_concurrent_streamsnumberLimit the number of concurrent streaming RPC calls.no
max_recv_msg_sizestringMaximum size of messages the server will accept."4MiB"no
read_buffer_sizestringSize of the read buffer the gRPC server will use for reading from clients."512KiB"no
transportstringTransport to use for the gRPC server."tcp"no
write_buffer_sizestringSize of the write buffer the gRPC server will use for writing to clients.no

keepalive

The keepalive block configures keepalive settings for connections to a gRPC server.

keepalive doesn’t support any arguments and is configured fully through inner blocks.

enforcement_policy

The enforcement_policy block configures the keepalive enforcement policy for gRPC servers. The server will close connections from clients that violate the configured policy.

The following arguments are supported:

NameTypeDescriptionDefaultRequired
min_timedurationMinimum time clients should wait before sending a keepalive ping."5m"no
permit_without_streambooleanAllow clients to send keepalive pings when there are no active streams.falseno

server_parameters

The server_parameters block controls keepalive and maximum age settings for gRPC servers.

The following arguments are supported:

NameTypeDescriptionDefaultRequired
max_connection_age_gracedurationTime to wait before forcibly closing connections."infinity"no
max_connection_agedurationMaximum age for non-idle connections."infinity"no
max_connection_idledurationMaximum age for idle connections."infinity"no
timedurationHow often to ping inactive clients to check for liveness."2h"no
timeoutdurationTime to wait before closing inactive clients that don’t respond to liveness checks."20s"no

tls

The tls block configures TLS settings used for a server. If the tls block isn’t provided, TLS won’t be used for connections to the server.

The following arguments are supported:

NameTypeDescriptionDefaultRequired
ca_filestringPath to the CA file.no
ca_pemstringCA PEM-encoded text to validate the server with.no
cert_filestringPath to the TLS certificate.no
cert_pemstringCertificate PEM-encoded text for client authentication.no
cipher_suiteslist(string)A list of TLS cipher suites that the TLS transport can use.[]no
client_ca_filestringPath to the TLS cert to use by the server to verify a client certificate.no
curve_preferenceslist(string)Set of elliptic curves to use in a handshake.[]no
include_system_ca_certs_poolbooleanWhether to load the system certificate authorities pool alongside the certificate authority.falseno
key_filestringPath to the TLS certificate key.no
key_pemsecretKey PEM-encoded text for client authentication.no
max_versionstringMaximum acceptable TLS version for connections."TLS 1.3"no
min_versionstringMinimum acceptable TLS version for connections."TLS 1.2"no
reload_intervaldurationThe duration after which the certificate is reloaded."0s"no

If reload_interval is set to "0s", the certificate never reloaded.

The following pairs of arguments are mutually exclusive and can’t both be set simultaneously:

  • ca_pem and ca_file
  • cert_pem and cert_file
  • key_pem and key_file

If cipher_suites is left blank, a safe default list is used. Refer to the Go Cipher Suites documentation for a list of supported cipher suites.

client_ca_file sets the ClientCA and ClientAuth to RequireAndVerifyClientCert in the TLSConfig. Refer to the Go TLS documentation for more information.

The curve_preferences argument determines the set of elliptic curves to prefer during a handshake in preference order. If not provided, a default list is used. The set of elliptic curves available are X25519, P521, P256, and P384.

tpm

The tpm block configures retrieving the TLS key_file from a trusted device.

The following arguments are supported:

NameTypeDescriptionDefaultRequired
authstringThe authorization value used to authenticate the TPM device.""no
enabledboolLoad the tls.key_file from TPM.falseno
owner_authstringThe owner authorization value used to authenticate the TPM device.""no
pathstringPath to the TPM device or Unix domain socket.""no

The trusted platform module (TPM) configuration can be used for loading TLS key from TPM. Currently only TSS2 format is supported.

The path attribute is not supported on Windows.

Example

alloy
otelcol.example.component "<LABEL>" {
    ...
    tls {
        ...
        key_file = "my-tss2-key.key"
        tpm {
            enabled = true
            path = "/dev/tpmrm0"
        }
    }
}

In the above example, the private key my-tss2-key.key in TSS2 format will be loaded from the TPM device /dev/tmprm0.

http

The http block configures the HTTP server used by the component. If the http block isn’t specified, an HTTP server isn’t started.

The following arguments are supported:

NameTypeDescriptionDefaultRequired
authcapsule(otelcol.Handler)Handler from an otelcol.auth component to use for authenticating requests.no
compression_algorithmslist(string)A list of compression algorithms the server can accept.["", "gzip", "zstd", "zlib", "snappy", "deflate", "lz4"]no
endpointstringhost:port to listen for traffic on."0.0.0.0:4318"no
include_metadataboolPropagate incoming connection metadata to downstream consumers.falseno
logs_url_pathstringThe URL path to receive logs on."/v1/logs"no
max_request_body_sizestringMaximum request body size the server will allow."20MiB"no
metrics_url_pathstringThe URL path to receive metrics on."/v1/metrics"no
traces_url_pathstringThe URL path to receive traces on."/v1/traces"no

To send telemetry signals to otelcol.receiver.otlp with HTTP/JSON, POST to:

  • [endpoint][traces_url_path] for traces.
  • [endpoint][metrics_url_path] for metrics.
  • [endpoint][logs_url_path] for logs.

cors

The cors block configures CORS settings for an HTTP server.

The following arguments are supported:

NameTypeDescriptionDefaultRequired
allowed_originslist(string)Allowed values for the Origin header.no
allowed_headerslist(string)Accepted headers from CORS requests.["X-Requested-With"]no
max_agenumberConfigures the Access-Control-Max-Age response header.no

The allowed_headers argument specifies which headers are acceptable from a CORS request. The following headers are always implicitly allowed:

  • Accept
  • Accept-Language
  • Content-Type
  • Content-Language

If allowed_headers includes "*", all headers are permitted.

Exported fields

otelcol.receiver.otlp doesn’t export any fields.

Component health

otelcol.receiver.otlp is only reported as unhealthy if given an invalid configuration.

Debug information

otelcol.receiver.otlp doesn’t expose any component-specific debug information.

Debug metrics

  • otelcol_receiver_accepted_spans_total (counter): Number of spans successfully pushed into the pipeline.
  • otelcol_receiver_refused_spans_total (counter): Number of spans that couldn’t be pushed into the pipeline.
  • rpc_server_duration_milliseconds (histogram): Duration of RPC requests from a gRPC server.
  • rpc_server_request_size_bytes (histogram): Measures size of RPC request messages (uncompressed).
  • rpc_server_requests_per_rpc (histogram): Measures the number of messages received per RPC. Should be 1 for all non-streaming RPCs.
  • rpc_server_response_size_bytes (histogram): Measures size of RPC response messages (uncompressed).
  • rpc_server_responses_per_rpc (histogram): Measures the number of messages received per RPC. Should be 1 for all non-streaming RPCs.

Example

This example forwards received telemetry data through a batch processor before finally sending it to an OTLP-capable endpoint:

alloy
otelcol.receiver.otlp "default" {
  http {}
  grpc {}

  output {
    metrics = [otelcol.processor.batch.default.input]
    logs    = [otelcol.processor.batch.default.input]
    traces  = [otelcol.processor.batch.default.input]
  }
}

otelcol.processor.batch "default" {
  output {
    metrics = [otelcol.exporter.otlp.default.input]
    logs    = [otelcol.exporter.otlp.default.input]
    traces  = [otelcol.exporter.otlp.default.input]
  }
}

otelcol.exporter.otlp "default" {
  client {
    endpoint = sys.env("<OTLP_ENDPOINT>")
  }
}

Technical details

otelcol.receiver.otlp supports Gzip for compression.

Enable authentication

You can create a otelcol.reciever.otlp component that requires authentication for requests. This is useful for limiting who can push data to the server.

Note

Not all OpenTelemetry Collector authentication plugins support receiver authentication. Refer to the documentation for each otelcol.auth.* component to determine its compatibility.

alloy
otelcol.receiver.otlp "default" {
  http {
    auth = otelcol.auth.basic.creds.handler
  }
  grpc {
     auth = otelcol.auth.basic.creds.handler
  }

  output {
   ...
  }
}

otelcol.auth.basic "creds" {
    username = sys.env("<USERNAME>")
    password = sys.env("<PASSWORD>")
}

Compatible components

otelcol.receiver.otlp can accept arguments from the following components:

Note

Connecting some components may not be sensible or components may require further configuration to make the connection work correctly. Refer to the linked documentation for more details.