Overview
The Scalyr (DataSet by SentinelOne) integration enables Steadwing to query your logs, metrics, and analytical data during incident analysis. When an incident triggers, Steadwing’s RCA agent searches your Scalyr logs for errors, identifies affected servers and services, analyzes error rate trends, and runs complex correlations — all automatically.Why Use Scalyr with Steadwing?
Log Search
Search for error logs, exceptions, and warnings around the incident time window
Impact Analysis
Identify affected servers, services, and log sources using facet queries
Trend Analysis
Track error rates and latency over time to pinpoint when degradation began
Correlation
Run PowerQuery analytical queries to group errors by service, status code, or any dimension
Setup Instructions
Step 1: Get Your API Key
- Log in to your Scalyr instance
- Navigate to Settings → API Keys (or visit
https://<your-instance>/keys) - Find or create a Read Logs token
- Copy the token
Step 2: Connect Scalyr in Steadwing
- Navigate to Steadwing Settings
- Find the Scalyr (DataSet) integration card
- Click to expand the collapsible form
- Enter your configuration:
- Scalyr API Key — your Read Logs API token
- Scalyr URL — your Scalyr instance URL:
- US region:
https://app.scalyr.com - EU region:
https://eu.scalyr.com - Self-hosted/on-prem: your custom URL (e.g.,
https://scalyr.yourcompany.com)
- US region:
- Toggle the switch to Enable the integration
How Scalyr Integration Works
Data Collection
Steadwing queries Scalyr for:- Error Logs - Errors, exceptions, and warnings around the incident timeframe
- Server & Service Impact - Affected
$serverHostvalues, services, and log sources via facet queries - Error Trends - Error rates and latency over time to identify degradation onset
- Analytical Queries - PowerQuery (SQL-like) queries to group and correlate errors by service, status code, or other dimensions
Configuration
Required Permissions
The Scalyr API key must have:- Read Logs permission to query log data
Limitations
- Scalyr applies a shared query budget of 30,000ms of server processing time, replenished at 36,000ms/hour
- This budget is shared across all API and CLI queries for your account
- If rate limits are encountered during RCA, the agent will note partial results in its analysis
FAQs
What Scalyr data does Steadwing access?
What Scalyr data does Steadwing access?
Steadwing reads log data using Scalyr’s query and PowerQuery APIs. It does NOT write, modify, or delete any data in your Scalyr account.
Which Scalyr regions are supported?
Which Scalyr regions are supported?
US (
app.scalyr.com), EU (eu.scalyr.com), and self-hosted/on-prem instances are all supported.What if I hit rate limits during RCA?
What if I hit rate limits during RCA?
Scalyr’s query budget is shared across all API consumers. If limits are reached, Steadwing will note partial results in the RCA report. Check if other tools are consuming the budget.
Why am I getting empty results?
Why am I getting empty results?
Verify your API key has Read Logs permission and the Scalyr URL matches your region.
What if the connection fails?
What if the connection fails?
Verify the Scalyr URL is correct and reachable from your network. Ensure both the API key and URL fields are filled in.