Getting Started - External Services

If your application runs outside Platon PaaS and Puppet-managed VMs — for example, in your own Kubernetes cluster, on a cloud provider, or on manually managed servers — you can ship telemetry to Platon's backends with proper authentication.

External services can ship either structured logs alone, or the full three signals via OpenTelemetry. Use the section that matches your setup.

Request access

Contact the Platon team on #platon (Slack) with:

Tenant name — a name for your team or product
EntraID group — the Microsoft Entra ID group that should have access to Grafana

We will provide you with:

Username and password for authentication
Tenant name confirmation
Endpoint URLs

Authentication

All requests to the observability backends must include:

Basic authentication — Authorization: Basic <base64(username:password)>
Tenant header — X-Scope-OrgID: <your-tenant-name>

Note: The X-Scope-OrgID header is the direct-to-backend tenant mechanism for external senders. This is different from the PaaS setup, where Alloy handles tenancy and your application does not set any tenant header.

Shipping logs only

For teams that use structured logs as their primary observability vehicle.

Run a log collector (Grafana Alloy, Vector, or the OpenTelemetry Collector) that reads logs from your hosts or containers and forwards them to Loki with the authentication headers above.

Example: Vector configuration for logs

sinks:
  loki:
    type: loki
    endpoint: "https://<loki-endpoint>"
    auth:
      strategy: basic
      user: "<username>"
      password: "<password>"
    labels:
      tenant: "<your-tenant>"
    out_of_order_action: accept
    request:
      headers:
        X-Scope-OrgID: "<your-tenant>"

Shipping OpenTelemetry (logs, metrics, and traces)

For teams instrumented with OpenTelemetry that want to ship all three signals.

Run a collector (Alloy or the OpenTelemetry Collector) that receives OTLP from your services and forwards each signal to the appropriate backend.

Example: OpenTelemetry Collector configuration

extensions:
  basicauth/client:
    client_auth:
      username: "<username>"
      password: "<password>"

exporters:
  otlphttp/loki:
    endpoint: "https://<loki-endpoint>/otlp"
    auth:
      authenticator: basicauth/client
    headers:
      X-Scope-OrgID: "<your-tenant>"
  otlphttp/mimir:
    endpoint: "https://<mimir-endpoint>/otlp"
    auth:
      authenticator: basicauth/client
    headers:
      X-Scope-OrgID: "<your-tenant>"
  otlp/tempo:
    endpoint: "<tempo-endpoint>"
    auth:
      authenticator: basicauth/client
    headers:
      X-Scope-OrgID: "<your-tenant>"

service:
  extensions: [basicauth/client]
  pipelines:
    logs:
      exporters: [otlphttp/loki]
    metrics:
      exporters: [otlphttp/mimir]
    traces:
      exporters: [otlp/tempo]

If you are new to OpenTelemetry itself, start with the tutorial. This page covers only the external-sender specifics.

View your data

Once data is flowing:

Go to grafana.platon.sikt.no.
Log in with Feide.
Select your organization.
Use Explore to query your data.

Next steps

Querying logs
Tenant model — authentication and tenant details
Alerting

Request access​

Authentication​

Shipping logs only​

Example: Vector configuration for logs​

Shipping OpenTelemetry (logs, metrics, and traces)​

Example: OpenTelemetry Collector configuration​

View your data​

Next steps​