Skip to main content
Connect your Prometheus-compatible monitoring backend to enable CloudThinker agents to run PromQL queries, discover metrics and labels, inspect scrape-target health, and correlate active alerts — all read-only.
The connector works with any backend that speaks the standard Prometheus HTTP API: self-hosted Prometheus, Thanos, VictoriaMetrics, and Grafana Cloud. Authentication supports None, Bearer Token, and Basic Auth.

Supported Platforms

PlatformSupportTypical auth
PrometheusSelf-hosted, all recent releasesNone or Bearer
ThanosQuerier behind an auth proxyNone, Bearer, or Basic
VictoriaMetricsSingle-node and clusterNone or Basic
Grafana CloudPrometheus / Mimir endpointBasic
Against managed, Mimir-backed endpoints (Grafana Cloud), the /api/v1/targets, /rules, and /alerts paths are not exposed and return 404. This is expected — the query API (instant queries, range queries, labels, and metadata) works normally.

Choosing an Auth Mode

Pick the mode that matches how your endpoint is exposed:
ModeWhen to useFields
NoneOpen or network-restricted endpoint (self-hosted Prometheus inside a private network)URL only
Bearer TokenEndpoint behind a proxy or gateway that expects Authorization: Bearer <token>URL + token
Basic AuthGrafana Cloud, Thanos behind an auth proxy, or VictoriaMetrics with username/passwordURL + username + password
For Grafana Cloud, the username is your numeric instance ID (e.g. prometheus-prod-37’s instance ID) and the password is an access-policy token with metrics read scope.

Setup

1

Find your Prometheus URL

Identify the base URL of your Prometheus HTTP API, e.g. https://prometheus.your-domain.com or your Grafana Cloud Prometheus query endpoint. CloudThinker appends the standard /api/v1/... paths.
2

Prepare credentials (if required)

  • None — nothing to prepare; the endpoint is reachable without auth.
  • Bearer Token — obtain the bearer token your proxy or gateway expects.
  • Basic Auth — obtain the username and password (for Grafana Cloud, the numeric instance ID and an access-policy token).
3

Add Connection in CloudThinker

Navigate to Connections → Prometheus and enter:
  • PROMETHEUS_URL: your endpoint, e.g. https://prometheus.your-domain.com
  • PROMETHEUS_AUTH_TYPE: select None, Bearer Token, or Basic Auth
The credential fields appear based on your selection:
  • Bearer TokenPROMETHEUS_TOKEN
  • Basic AuthPROMETHEUS_USERNAME and PROMETHEUS_PASSWORD

Connection Details

FieldDescriptionExample
PROMETHEUS_URLBase URL of the Prometheus HTTP APIhttps://prometheus.your-domain.com
PROMETHEUS_AUTH_TYPEAuthentication mode: none, bearer, or basicbasic
PROMETHEUS_TOKENBearer token (Bearer Token mode only)eyJhbGci...
PROMETHEUS_USERNAMEUsername, or numeric instance ID for Grafana Cloud (Basic Auth only)1234567
PROMETHEUS_PASSWORDPassword or access-policy token (Basic Auth only)glc_xxxxx...

Agent Capabilities

The Prometheus connector is read-only — agents query and inspect, but never modify your monitoring backend.
CapabilityWhat the agent can do
Instant queriesRun a PromQL expression for a single point in time
Range queriesRun a PromQL expression over a time window with a step interval
Metric discoveryList available metric names, optionally filtered by prefix
Label enumerationList label names and inspect the dimensions a metric is sliced by
Target healthInspect scrape targets and spot ones that are down or unhealthy
Alert inspectionList active alerts and review configured alert rules
Health probeRun the universal up query to confirm the backend and its targets are reachable

Example Prompts

@alex query node_cpu utilization across the cluster for the last hour and #flag anything sustained above 85%
@alex discover all metrics matching the http_ prefix and #report their cardinality and label dimensions
@kai list scrape targets that are currently down and #report which jobs they belong to
@tony run a range query on database connection counts over the last 6h and #visualize the trend
@alex show all active alerts and #recommend which to investigate first
Prometheus exposes no tool for label values — label enumeration returns label names only. Name the metric and the labels you care about so the agent can build an accurate PromQL selector.

Troubleshooting

  • Confirm PROMETHEUS_AUTH_TYPE matches what the endpoint expects
  • For Bearer, verify the token is current and has not been revoked
  • For Basic, verify the username/password — on Grafana Cloud, the username is the numeric instance ID and the password is the access-policy token
  • Expected on managed, Mimir-backed endpoints (Grafana Cloud) — these paths are not exposed
  • The query API (instant, range, labels, metadata) still works; use queries instead of target/rule inspection
  • Verify PROMETHEUS_URL is reachable from CloudThinker over HTTPS
  • For self-hosted or network-restricted endpoints, confirm there’s a network path from CloudThinker
  • Drop any trailing /api/v1 from the URL — enter only the base URL
  • Confirm the metric exists with a discovery query before slicing by labels
  • Widen the time window — the series may not have samples in the requested range

Security Best Practices

  • Read-only by design - The connector cannot modify your monitoring backend
  • Least-privilege credentials - Use a token or access policy scoped to metrics read only
  • Scoped access policies - On Grafana Cloud, grant the access-policy token only the metrics read scope it needs
  • Token rotation - Rotate bearer tokens and access-policy tokens periodically
  • HTTPS only - Always use an HTTPS endpoint URL
https://mintcdn.com/cloudthinker/aLd-ttc-SCW-aFky/images/icons/grafana.svg?fit=max&auto=format&n=aLd-ttc-SCW-aFky&q=85&s=c1329049025cd3c3a0909b400baef7be

Grafana Connection

Dashboards and unified observability
https://mintcdn.com/cloudthinker/aLd-ttc-SCW-aFky/images/icons/datadog.svg?fit=max&auto=format&n=aLd-ttc-SCW-aFky&q=85&s=e8382167f2a1eb1e00971b5f4d703d48

Datadog Connection

Log search, metrics, and infrastructure monitoring