Skip to main content
TealTiger exports governance telemetry via OpenTelemetry (OTLP), which means any platform that accepts OTLP data works out of the box — including Datadog, Splunk, New Relic, Elastic, and Grafana Cloud.

Architecture

TealTiger emits traces, metrics, and logs via OTLP. The OpenTelemetry Collector routes them to your SIEM/APM platform.

Datadog

Step 1: Configure TealTiger OTLP export

import { TealTiger } from 'tealtiger';

const teal = new TealTiger({
  policies: { /* ... */ },
  telemetry: {
    opentelemetry: {
      enabled: true,
      endpoint: 'http://localhost:4318',  // OTel Collector
      serviceName: 'tealtiger-governance',
      exportDecisions: true,
      exportCosts: true,
      exportMetrics: true,
    }
  }
});

Step 2: Configure OTel Collector for Datadog

# otel-collector-config.yaml
receivers:
  otlp:
    protocols:
      grpc:
        endpoint: 0.0.0.0:4317
      http:
        endpoint: 0.0.0.0:4318

processors:
  batch:
    timeout: 5s
    send_batch_size: 1000

  attributes:
    actions:
      - key: deployment.environment
        value: production
        action: upsert

exporters:
  datadog:
    api:
      key: ${DD_API_KEY}
      site: datadoghq.com
    traces:
      span_name_as_resource_name: true
    metrics:
      resource_attributes_as_tags: true

service:
  pipelines:
    traces:
      receivers: [otlp]
      processors: [batch, attributes]
      exporters: [datadog]
    metrics:
      receivers: [otlp]
      processors: [batch]
      exporters: [datadog]
    logs:
      receivers: [otlp]
      processors: [batch]
      exporters: [datadog]

Step 3: Run the Collector

docker run -d \
  -e DD_API_KEY=your-datadog-api-key \
  -p 4317:4317 \
  -p 4318:4318 \
  -v $(pwd)/otel-collector-config.yaml:/etc/otelcol/config.yaml \
  otel/opentelemetry-collector-contrib:latest

Datadog Dashboard

Once data flows, you’ll see in Datadog:
  • APM Traces: Each teal.evaluate() call appears as a span with decision, reason codes, and risk score
  • Custom Metrics: tealtiger.decisions.total, tealtiger.decisions.denied, tealtiger.cost.total
  • Logs: Audit events with full decision context
Create a Datadog dashboard with:
  • Decision rate (ALLOW vs DENY over time)
  • P95 evaluation latency
  • Cost per provider/model
  • Top reason codes for denials
  • Risk score distribution

Splunk

Step 1: Configure TealTiger OTLP export

Same as Datadog — TealTiger exports to the OTel Collector.

Step 2: Configure OTel Collector for Splunk

# otel-collector-config.yaml
receivers:
  otlp:
    protocols:
      grpc:
        endpoint: 0.0.0.0:4317
      http:
        endpoint: 0.0.0.0:4318

processors:
  batch:
    timeout: 5s

exporters:
  splunk_hec:
    token: ${SPLUNK_HEC_TOKEN}
    endpoint: https://your-splunk-instance:8088/services/collector
    source: tealtiger
    sourcetype: tealtiger:governance
    index: main
    tls:
      insecure_skip_verify: false

  # For Splunk Observability Cloud (SignalFx)
  signalfx:
    access_token: ${SPLUNK_ACCESS_TOKEN}
    realm: us1

service:
  pipelines:
    traces:
      receivers: [otlp]
      processors: [batch]
      exporters: [splunk_hec]
    metrics:
      receivers: [otlp]
      processors: [batch]
      exporters: [signalfx]
    logs:
      receivers: [otlp]
      processors: [batch]
      exporters: [splunk_hec]

Step 3: Run the Collector

docker run -d \
  -e SPLUNK_HEC_TOKEN=your-hec-token \
  -p 4317:4317 \
  -p 4318:4318 \
  -v $(pwd)/otel-collector-config.yaml:/etc/otelcol/config.yaml \
  otel/opentelemetry-collector-contrib:latest

Splunk Queries

Search for TealTiger governance events: 
index=main sourcetype="tealtiger:governance"
| stats count by decision_action
| sort -count
Top denial reasons: 
index=main sourcetype="tealtiger:governance" decision_action="DENY"
| spath reason_codes{}
| mvexpand reason_codes{}
| stats count by reason_codes{}
| sort -count
Cost tracking: 
index=main sourcetype="tealtiger:governance"
| timechart sum(estimated_cost) by provider

What TealTiger exports via OTLP

Traces (Spans)

Every teal.evaluate() call emits a span:
AttributeExampleDescription
tealtiger.decisionALLOW / DENYPolicy decision
tealtiger.reason_codes["BUDGET_EXCEEDED"]Why the decision was made
tealtiger.risk_score75Computed risk score
tealtiger.policy_idbudget.daily.v1Policy that triggered
tealtiger.modeENFORCEPolicy mode
tealtiger.provideropenaiLLM provider
tealtiger.modelgpt-4Model used
tealtiger.cost0.05Estimated cost

Metrics

MetricTypeDescription
tealtiger.decisions.totalCounterTotal decisions made
tealtiger.decisions.allowedCounterAllowed decisions
tealtiger.decisions.deniedCounterDenied decisions
tealtiger.evaluation.duration_msHistogramEvaluation latency
tealtiger.cost.totalCounterTotal estimated cost
tealtiger.tokens.inputCounterInput tokens processed
tealtiger.tokens.outputCounterOutput tokens generated

Logs

Audit events are exported as structured logs with the full decision payload.

Other Platforms

The same OTLP pattern works for any platform with an OTel Collector exporter:
PlatformExporterDocs
New Relicotlp exporterNew Relic OTLP
Elasticelasticsearch exporterElastic OTel
Grafana Cloudotlp exporterGrafana OTLP
Honeycombotlp exporterHoneycomb OTel
Dynatraceotlphttp exporterDynatrace OTel

Next Steps

OpenTelemetry

Core OTLP integration details

Audit Schema

Full audit event format

Slack / Discord

Real-time alert webhooks

All Integrations

View all integrations