What does the Scalyr integration do?
The Scalyr integration lets Steadwing automatically search your logs for errors, identify affected servers and services, analyze error rate trends, and run complex correlations when an incident triggers. Steadwing queries your Scalyr (DataSet by SentinelOne) logs, metrics, and analytical data so you get root cause analysis without manual log investigation.Why Use Scalyr with Steadwing?
Log Search
Search for error logs, exceptions, and warnings around the incident time window
Impact Analysis
Identify affected servers, services, and log sources using facet queries
Trend Analysis
Track error rates and latency over time to pinpoint when degradation began
Correlation
Run PowerQuery analytical queries to group errors by service, status code, or any dimension
How do I connect Scalyr to Steadwing?
Step 1: Get Your API Key
- Log in to your Scalyr instance
- Navigate to Settings → API Keys (or visit
https://<your-instance>/keys) - Find or create a Read Logs token
- Copy the token
Step 2: Connect Scalyr in Steadwing
- Navigate to Steadwing Settings
- Find the Scalyr (DataSet) integration card
- Click to expand the collapsible form
- Enter your configuration:
- Scalyr API Key — your Read Logs API token
- Scalyr URL — your Scalyr instance URL:
- US region:
https://app.scalyr.com - EU region:
https://eu.scalyr.com - Self-hosted/on-prem: your custom URL (e.g.,
https://scalyr.yourcompany.com)
- US region:
- Toggle the switch to Enable the integration
What data does Steadwing pull from Scalyr?
Data Collection
Steadwing queries Scalyr for:- Error Logs - Errors, exceptions, and warnings around the incident timeframe
- Server & Service Impact - Affected
$serverHostvalues, services, and log sources via facet queries - Error Trends - Error rates and latency over time to identify degradation onset
- Analytical Queries - PowerQuery (SQL-like) queries to group and correlate errors by service, status code, or other dimensions
What permissions does the Scalyr integration need?
Required Permissions
The Scalyr API key must have:- Read Logs permission to query log data
Limitations
- Scalyr applies a shared query budget of 30,000ms of server processing time, replenished at 36,000ms/hour
- This budget is shared across all API and CLI queries for your account
- If rate limits are encountered during RCA, the agent will note partial results in its analysis
FAQs
What Scalyr data does Steadwing access?
What Scalyr data does Steadwing access?
Steadwing reads log data using Scalyr’s query and PowerQuery APIs. It does NOT write, modify, or delete any data in your Scalyr account.
Which Scalyr regions are supported?
Which Scalyr regions are supported?
US (
app.scalyr.com), EU (eu.scalyr.com), and self-hosted/on-prem instances are all supported.What if I hit rate limits during RCA?
What if I hit rate limits during RCA?
Scalyr’s query budget is shared across all API consumers. If limits are reached, Steadwing will note partial results in the RCA report. Check if other tools are consuming the budget.
Why am I getting empty results?
Why am I getting empty results?
Verify your API key has Read Logs permission and the Scalyr URL matches your region.
What if the connection fails?
What if the connection fails?
Verify the Scalyr URL is correct and reachable from your network. Ensure both the API key and URL fields are filled in.