Skip to main content
Connect your SigNoz instance to enable CloudThinker agents to investigate service latency, search and aggregate logs, audit alert rules, and drill into distributed traces across your stack.

Supported Platforms

PlatformSupport
SigNoz CloudAll tenants
SigNoz (Self-Hosted)Self-managed instances
SigNoz Cloud and self-hosted share the same interface, so the setup steps below are identical for both.

Prerequisites

  • A SigNoz Cloud or self-hosted instance
  • A Service Account to mint an API key (use signoz-viewer for read-only access or signoz-admin if CloudThinker should make changes)
  • Your SigNoz base URL

Setup

1

Create a Service Account

In SigNoz, open Settings → Workspace Settings → Service Accounts and click New Service Account. Enter a name (e.g. cloudthinker-svc) and click Create Service Account.
2

Assign a Role

On the Overview tab, use the Roles dropdown to pick signoz-viewer for read-only access or signoz-admin if CloudThinker should make changes. Click Save Changes so the role takes effect.
3

Create an API Key

Switch to the Keys tab and click Add Key. Enter a key name (e.g. cloudthinker-key), optionally set an expiration date, click Create Key, and copy the key.
4

Add Connection in CloudThinker

Navigate to Connections → SigNoz and enter:
  • SigNoz URL: Your instance base URL, e.g. https://<hash>.signoz.cloud (base URL only, no path, or requests return a 404)
  • API Key: The key you copied
  • Log Level (optional): Leave as info unless you are debugging
Click Connect. CloudThinker verifies the credentials and shows a Connected status.

Connection Details

FieldDescriptionExample
SIGNOZ_URLBase URL of your instance, no path suffixhttps://<hash>.signoz.cloud
SIGNOZ_API_KEYService Account keyCopied from the Keys tab
LOG_LEVELMCP server log verbosity: debug, info, warn, or errorinfo

Required Permissions

  • signoz-viewer grants read-only access: querying services, logs, traces, metrics, and inspecting alerts, dashboards, and views.
  • signoz-admin additionally grants write access: creating, updating, or deleting alerts, dashboards, views, and channels.
  • Write operations also require explicit approval in CloudThinker before they run.

Agent Capabilities

Once connected, agents can perform read operations across your observability data and a set of approval-gated write operations.

Read Capabilities

CategoryWhat the agent can do
Services (APM)List instrumented services, inspect top operations by latency
LogsSearch logs by time and filter, aggregate and group by patterns
TracesSearch traces, fetch full trace waterfalls, drill into dependencies
MetricsList metrics and run time-series queries
DashboardsList and inspect dashboards and templates
AlertsList alert rules, inspect a rule and its state-transition history
Saved ViewsList and inspect saved query views
Notification ChannelsList and inspect notification channel config
DocumentationSearch and fetch SigNoz documentation

Write Capabilities

CategoryWhat the agent can do
AlertsCreate, update, or delete alert rules
DashboardsCreate, update, delete, or import dashboards
Saved ViewsCreate, update, or delete saved query views
Notification ChannelsCreate, update, or delete notification channels
Write operations change live alerting and dashboards. CloudThinker requires explicit approval, naming the resource, before any write runs. Deletes are irreversible.

Example Prompts

@tony find the slowest operations for the checkout service
@tony search error logs and group spikes by service
@tony audit alert rules and flag misconfigured thresholds
@tony trace a slow request and break down the critical path
Log, trace, and metric searches are time-bounded, so mention a window (e.g. “the last 15 minutes”) to scope the query.

Troubleshooting

  • Verify the API key is correct and has not been revoked.
  • Confirm you clicked Save Changes after assigning the role, then re-mint the key.
  • SIGNOZ_URL has an extra path suffix. Set it to the base URL only, e.g. https://<hash>.signoz.cloud, with no /api/v1.
  • The service account’s role is too low for the action. Assign signoz-admin for write operations, then Save Changes.
  • Log, trace, and metric searches need a time range. Ask the agent to use a recent window (e.g. the last 15 minutes) and widen it only if needed.

Security Best Practices

  • Dedicated service account - Create a separate service account for CloudThinker so access is easy to audit and revoke
  • Base URL only - Store the root URL with no path suffix to avoid request failures
  • Approval for writes - Keep write operations approval-gated so alert and dashboard changes stay deliberate
  • Key rotation - Rotate the Service Account key periodically and update it in CloudThinker
  • Revoke when unused - Delete the key in SigNoz if you disconnect the integration
https://mintcdn.com/cloudthinker/aLd-ttc-SCW-aFky/images/icons/datadog.svg?fit=max&auto=format&n=aLd-ttc-SCW-aFky&q=85&s=e8382167f2a1eb1e00971b5f4d703d48

Datadog Connection

Observability and monitoring
https://mintcdn.com/cloudthinker/aLd-ttc-SCW-aFky/images/icons/grafana.svg?fit=max&auto=format&n=aLd-ttc-SCW-aFky&q=85&s=c1329049025cd3c3a0909b400baef7be

Grafana Connection

Dashboards and metrics