Configuring log forwarding requires the Manage OpenTelemetry collector capability and an Enterprise plan that includes the OpenTelemetry integration. If you do not see the Logging → Integrations panel, see Who can set up log export.
What you’ll need
- A Grafana Cloud stack.
- Your stack’s numeric instance ID and OTLP gateway URL (both shown in the Grafana Cloud portal).
- A Cloud Access Policy token scoped with
logs:write— not a Grafana API or service-account token. - Access to MCP Manager with the Manage OpenTelemetry collector capability.
Step 1: Find your OTLP gateway URL and instance ID
In the Grafana Cloud portal, select your stack and open the OpenTelemetry (“Configure”) panel. It shows your OTLP gateway URL and your numeric instance ID. The gateway URL has the shape:<zone> is region-specific, for example prod-us-east-0 or prod-eu-west-0. The gateway is rooted at /otlp, so the logs endpoint you paste into MCP Manager is that base plus /v1/logs, on port 443:
Step 2: Create an access-policy token with logs:write
In the Grafana Cloud portal, go to Access Policies, create (or reuse) a policy that includes thelogs:write scope, and generate a token under it. Use this Cloud Access Policy token — a Grafana API key or service-account token will not authenticate against the OTLP gateway.
Step 3: Build the Basic auth header value
Grafana Cloud’s OTLP gateway uses HTTP Basic authentication, where the credentials are your instance ID and access-policy token joined with a colon and base64-encoded. Build the value yourself:terminal
Basic, a space, and that encoded string:
Step 4: Connect MCP Manager to Grafana Cloud
1
Open the OpenTelemetry collector panel
In MCP Manager, go to Logs → Integrations and find the OpenTelemetry collector panel.
2
Enter the collector URL
In Logs collector URL, paste your full logs endpoint including the
/otlp prefix, for example https://otlp-gateway-prod-us-east-0.grafana.net/otlp/v1/logs. (To also export traces, set Traces collector URL to the matching /otlp/v1/traces endpoint; this guide covers logs.)3
Add the Authorization request header
Under Request headers, add one header:
- Field name:
Authorization - Field value:
Basic <base64 of instance-id:access-policy-token>from Step 3
4
Save the configuration
Select Save. MCP Manager stores the configuration and encrypts the header value. Saving confirms storage only — it does not confirm delivery.
Step 5: Find your logs in Loki
Grafana Cloud routes OTLP logs into Loki, so query them with LogQL in Grafana Explore (or the Logs Drilldown app). The OTLPservice.name resource attribute becomes the service_name label, so filter MCP Manager’s logs with:
service.name shown in MCP Manager’s Filter your logs by panel. To discover available labels, open the label browser in Grafana Explore.
Troubleshooting
Export is failing with 404
Export is failing with 404
The
/otlp prefix is almost certainly missing. The logs endpoint is https://otlp-gateway-<zone>.grafana.net/otlp/v1/logs — MCP Manager appends nothing, so the URL must include /otlp/v1/logs in full.Export is failing with 401
Export is failing with 401
The
instance-id:access-policy-token pair is wrong or was not base64-encoded. Rebuild the value with printf '%s' '<instance-id>:<token>' | base64 and confirm the header is Basic <encoded> (a single Basic prefix). Also confirm you used a Cloud Access Policy token with logs:write, not a Grafana API or service-account token.No logs appear in Grafana
No logs appear in Grafana
Make sure you are querying Loki, not Prometheus. MCP Manager sends logs, which land in Loki; querying the Prometheus (metrics) datasource returns nothing and looks identical to logs not arriving. Switch the datasource selector in Explore to your Loki datasource and query
{service_name="mcp-manager"}.Test the connection manually
Test the connection manually
From any machine with outbound HTTPS access:A
terminal
2xx confirms the URL and credentials are valid; 401 means the instance-id:token pair is wrong or not base64-encoded; 404 almost always means the /otlp prefix was omitted; 400 means a malformed body (expected for this empty probe once the URL and auth are correct).Further reading
Datadog
The next per-vendor guide — per-site endpoint and the dd-api-key header.
Export to SIEM
What MCP Manager sends, how forwarding behaves, and general troubleshooting.
Self-hosted Collector
Route through your own collector to filter, enrich, or fan out.
External sources
Grafana Cloud OTLP overview
Grafana’s reference for native OTLP ingest into Loki, Mimir, and Tempo.
Send data to the OTLP endpoint
The gateway URL shape and the instance-ID/token Basic auth construction.
Create access policies and tokens
Generate the Cloud Access Policy token with the
logs:write scope.OTLP specification
The protocol spec, including the success and partial-success response contract.

