ClickHouse
diff --git a/‎contribute/style-guide.md‎
Lines changed: 2 additions & 0 deletions b/‎contribute/style-guide.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎docs/use-cases/observability/clickstack/deployment/_snippets/otel-cloud-config.yaml‎
Lines changed: 147 additions & 0 deletions b/‎docs/use-cases/observability/clickstack/deployment/_snippets/otel-cloud-config.yaml‎
Lines changed: 147 additions & 0 deletions
diff --git a/‎docs/use-cases/observability/clickstack/deployment/hyperdx-clickhouse-cloud.md‎
Lines changed: 12 additions & 152 deletions b/‎docs/use-cases/observability/clickstack/deployment/hyperdx-clickhouse-cloud.md‎
Lines changed: 12 additions & 152 deletions
diff --git a/‎docs/use-cases/observability/clickstack/deployment/local-mode-only.md‎
Lines changed: 1 addition & 1 deletion b/‎docs/use-cases/observability/clickstack/deployment/local-mode-only.md‎
Lines changed: 1 addition & 1 deletion
@@ -145,6 +145,8 @@ Code will be inserted here
 \```
 ```
 
+**File paths are relative to the root of the docs repository**
+
 You should commit the code inserted to the snippet as we want people (or LLMs) 
 reading the markdown to be able to see the code. The advantage of importing code
 to snippets this way is that you can test your snippets externally or store them
 
@@ -0,0 +1,147 @@
+receivers:
+  otlp/hyperdx:
+    protocols:
+      grpc:
+        include_metadata: true
+        endpoint: '0.0.0.0:4317'
+      http:
+        cors:
+          allowed_origins: ['*']
+          allowed_headers: ['*']
+        include_metadata: true
+        endpoint: '0.0.0.0:4318'
+processors:
+  transform:
+    log_statements:
+      - context: log
+        error_mode: ignore
+        statements:
+          # JSON parsing: Extends log attributes with the fields from structured log body content, either as an OTEL map or
+          # as a string containing JSON content.
+          - set(log.cache, ExtractPatterns(log.body, "(?P<0>(\\{.*\\}))")) where
+            IsString(log.body)
+          - merge_maps(log.attributes, ParseJSON(log.cache["0"]), "upsert")
+            where IsMap(log.cache)
+          - flatten(log.attributes) where IsMap(log.cache)
+          - merge_maps(log.attributes, log.body, "upsert") where IsMap(log.body)
+      - context: log
+        error_mode: ignore
+        conditions:
+          - severity_number == 0 and severity_text == ""
+        statements:
+          # Infer: extract the first log level keyword from the first 256 characters of the body
+          - set(log.cache["substr"], log.body.string) where Len(log.body.string)
+            < 256
+          - set(log.cache["substr"], Substring(log.body.string, 0, 256)) where
+            Len(log.body.string) >= 256
+          - set(log.cache, ExtractPatterns(log.cache["substr"],
+            "(?i)(?P<0>(alert|crit|emerg|fatal|error|err|warn|notice|debug|dbug|trace))"))
+          # Infer: detect FATAL
+          - set(log.severity_number, SEVERITY_NUMBER_FATAL) where
+            IsMatch(log.cache["0"], "(?i)(alert|crit|emerg|fatal)")
+          - set(log.severity_text, "fatal") where log.severity_number ==
+            SEVERITY_NUMBER_FATAL
+          # Infer: detect ERROR
+          - set(log.severity_number, SEVERITY_NUMBER_ERROR) where
+            IsMatch(log.cache["0"], "(?i)(error|err)")
+          - set(log.severity_text, "error") where log.severity_number ==
+            SEVERITY_NUMBER_ERROR
+          # Infer: detect WARN
+          - set(log.severity_number, SEVERITY_NUMBER_WARN) where
+            IsMatch(log.cache["0"], "(?i)(warn|notice)")
+          - set(log.severity_text, "warn") where log.severity_number ==
+            SEVERITY_NUMBER_WARN
+          # Infer: detect DEBUG
+          - set(log.severity_number, SEVERITY_NUMBER_DEBUG) where
+            IsMatch(log.cache["0"], "(?i)(debug|dbug)")
+          - set(log.severity_text, "debug") where log.severity_number ==
+            SEVERITY_NUMBER_DEBUG
+          # Infer: detect TRACE
+          - set(log.severity_number, SEVERITY_NUMBER_TRACE) where
+            IsMatch(log.cache["0"], "(?i)(trace)")
+          - set(log.severity_text, "trace") where log.severity_number ==
+            SEVERITY_NUMBER_TRACE
+          # Infer: else
+          - set(log.severity_text, "info") where log.severity_number == 0
+          - set(log.severity_number, SEVERITY_NUMBER_INFO) where log.severity_number == 0
+      - context: log
+        error_mode: ignore
+        statements:
+          # Normalize the severity_text case
+          - set(log.severity_text, ConvertCase(log.severity_text, "lower"))
+  resourcedetection:
+    detectors:
+      - env
+      - system
+      - docker
+    timeout: 5s
+    override: false
+  batch:
+  memory_limiter:
+    # 80% of maximum memory up to 2G, adjust for low memory environments
+    limit_mib: 1500
+    # 25% of limit up to 2G, adjust for low memory environments
+    spike_limit_mib: 512
+    check_interval: 5s
+connectors:
+  routing/logs:
+    default_pipelines: [logs/out-default]
+    error_mode: ignore
+    table:
+      - context: log
+        statement: route() where IsMatch(attributes["rr-web.event"], ".*")
+        pipelines: [logs/out-rrweb]
+exporters:
+  debug:
+    verbosity: detailed
+    sampling_initial: 5
+    sampling_thereafter: 200
+  clickhouse/rrweb:
+    database: ${env:CLICKHOUSE_DATABASE}
+    endpoint: ${env:CLICKHOUSE_ENDPOINT}
+    password: ${env:CLICKHOUSE_PASSWORD}
+    username: ${env:CLICKHOUSE_USER}
+    ttl: 720h
+    logs_table_name: hyperdx_sessions
+    timeout: 5s
+    retry_on_failure:
+      enabled: true
+      initial_interval: 5s
+      max_interval: 30s
+      max_elapsed_time: 300s
+  clickhouse:
+    database: ${env:CLICKHOUSE_DATABASE}
+    endpoint: ${env:CLICKHOUSE_ENDPOINT}
+    password: ${env:CLICKHOUSE_PASSWORD}
+    username: ${env:CLICKHOUSE_USER}
+    ttl: 720h
+    timeout: 5s
+    retry_on_failure:
+      enabled: true
+      initial_interval: 5s
+      max_interval: 30s
+      max_elapsed_time: 300s
+extensions:
+  health_check:
+    endpoint: :13133
+service:
+  pipelines:
+    traces:
+      receivers: [otlp/hyperdx]
+      processors: [memory_limiter, batch]
+      exporters: [clickhouse]
+    metrics:
+      receivers: [otlp/hyperdx]
+      processors: [memory_limiter, batch]
+      exporters: [clickhouse]
+    logs/in:
+      receivers: [otlp/hyperdx]
+      exporters: [routing/logs]
+    logs/out-default:
+      receivers: [routing/logs]
+      processors: [memory_limiter, transform, batch]
+      exporters: [clickhouse]
+    logs/out-rrweb:
+      receivers: [routing/logs]
+      processors: [memory_limiter, batch]
+      exporters: [clickhouse/rrweb]
@@ -59,157 +59,17 @@ This step ensures tables are created with an Open Telemetry (OTel) schema, which
 The following instructions use the standard distribution of the OTel collector, rather than the ClickStack distribution. The latter requires an OpAMP server for configuration. This is currently not supported in private preview. The configuration below replicates the version used by the ClickStack distribution of the collector, providing an OTLP endpoint to which events can be sent.
 :::
 
-Create a `otel-file-collector.yaml` file with the following content:
-
-```yaml
-receivers:
-  otlp/hyperdx:
-    protocols:
-      grpc:
-        include_metadata: true
-        endpoint: '0.0.0.0:4317'
-      http:
-        cors:
-          allowed_origins: ['*']
-          allowed_headers: ['*']
-        include_metadata: true
-        endpoint: '0.0.0.0:4318'
-processors:
-  transform:
-    log_statements:
-      - context: log
-        error_mode: ignore
-        statements:
-          # JSON parsing: Extends log attributes with the fields from structured log body content, either as an OTEL map or
-          # as a string containing JSON content.
-          - set(log.cache, ExtractPatterns(log.body, "(?P<0>(\\{.*\\}))")) where
-            IsString(log.body)
-          - merge_maps(log.attributes, ParseJSON(log.cache["0"]), "upsert")
-            where IsMap(log.cache)
-          - flatten(log.attributes) where IsMap(log.cache)
-          - merge_maps(log.attributes, log.body, "upsert") where IsMap(log.body)
-      - context: log
-        error_mode: ignore
-        conditions:
-          - severity_number == 0 and severity_text == ""
-        statements:
-          # Infer: extract the first log level keyword from the first 256 characters of the body
-          - set(log.cache["substr"], log.body.string) where Len(log.body.string)
-            < 256
-          - set(log.cache["substr"], Substring(log.body.string, 0, 256)) where
-            Len(log.body.string) >= 256
-          - set(log.cache, ExtractPatterns(log.cache["substr"],
-            "(?i)(?P<0>(alert|crit|emerg|fatal|error|err|warn|notice|debug|dbug|trace))"))
-          # Infer: detect FATAL
-          - set(log.severity_number, SEVERITY_NUMBER_FATAL) where
-            IsMatch(log.cache["0"], "(?i)(alert|crit|emerg|fatal)")
-          - set(log.severity_text, "fatal") where log.severity_number ==
-            SEVERITY_NUMBER_FATAL
-          # Infer: detect ERROR
-          - set(log.severity_number, SEVERITY_NUMBER_ERROR) where
-            IsMatch(log.cache["0"], "(?i)(error|err)")
-          - set(log.severity_text, "error") where log.severity_number ==
-            SEVERITY_NUMBER_ERROR
-          # Infer: detect WARN
-          - set(log.severity_number, SEVERITY_NUMBER_WARN) where
-            IsMatch(log.cache["0"], "(?i)(warn|notice)")
-          - set(log.severity_text, "warn") where log.severity_number ==
-            SEVERITY_NUMBER_WARN
-          # Infer: detect DEBUG
-          - set(log.severity_number, SEVERITY_NUMBER_DEBUG) where
-            IsMatch(log.cache["0"], "(?i)(debug|dbug)")
-          - set(log.severity_text, "debug") where log.severity_number ==
-            SEVERITY_NUMBER_DEBUG
-          # Infer: detect TRACE
-          - set(log.severity_number, SEVERITY_NUMBER_TRACE) where
-            IsMatch(log.cache["0"], "(?i)(trace)")
-          - set(log.severity_text, "trace") where log.severity_number ==
-            SEVERITY_NUMBER_TRACE
-          # Infer: else
-          - set(log.severity_text, "info") where log.severity_number == 0
-          - set(log.severity_number, SEVERITY_NUMBER_INFO) where log.severity_number == 0
-      - context: log
-        error_mode: ignore
-        statements:
-          # Normalize the severity_text case
-          - set(log.severity_text, ConvertCase(log.severity_text, "lower"))
-  resourcedetection:
-    detectors:
-      - env
-      - system
-      - docker
-    timeout: 5s
-    override: false
-  batch:
-  memory_limiter:
-    # 80% of maximum memory up to 2G, adjust for low memory environments
-    limit_mib: 1500
-    # 25% of limit up to 2G, adjust for low memory environments
-    spike_limit_mib: 512
-    check_interval: 5s
-connectors:
-  routing/logs:
-    default_pipelines: [logs/out-default]
-    error_mode: ignore
-    table:
-      - context: log
-        statement: route() where IsMatch(attributes["rr-web.event"], ".*")
-        pipelines: [logs/out-rrweb]
-exporters:
-  debug:
-    verbosity: detailed
-    sampling_initial: 5
-    sampling_thereafter: 200
-  clickhouse/rrweb:
-    database: ${env:CLICKHOUSE_DATABASE}
-    endpoint: ${env:CLICKHOUSE_ENDPOINT}
-    password: ${env:CLICKHOUSE_PASSWORD}
-    username: ${env:CLICKHOUSE_USER}
-    ttl: 720h
-    logs_table_name: hyperdx_sessions
-    timeout: 5s
-    retry_on_failure:
-      enabled: true
-      initial_interval: 5s
-      max_interval: 30s
-      max_elapsed_time: 300s
-  clickhouse:
-    database: ${env:CLICKHOUSE_DATABASE}
-    endpoint: ${env:CLICKHOUSE_ENDPOINT}
-    password: ${env:CLICKHOUSE_PASSWORD}
-    username: ${env:CLICKHOUSE_USER}
-    ttl: 720h
-    timeout: 5s
-    retry_on_failure:
-      enabled: true
-      initial_interval: 5s
-      max_interval: 30s
-      max_elapsed_time: 300s
-extensions:
-  health_check:
-    endpoint: :13133
-service:
-  pipelines:
-    traces:
-      receivers: [otlp/hyperdx]
-      processors: [memory_limiter, batch]
-      exporters: [clickhouse]
-    metrics:
-      receivers: [otlp/hyperdx]
-      processors: [memory_limiter, batch]
-      exporters: [clickhouse]
-    logs/in:
-      receivers: [otlp/hyperdx]
-      exporters: [routing/logs]
-    logs/out-default:
-      receivers: [routing/logs]
-      processors: [memory_limiter, transform, batch]
-      exporters: [clickhouse]
-    logs/out-rrweb:
-      receivers: [routing/logs]
-      processors: [memory_limiter, batch]
-      exporters: [clickhouse/rrweb]
+Download the configuration for the OTel collector:
+
+```bash
+curl -O https://raw.githubusercontent.com/ClickHouse/clickhouse-docs/refs/heads/main/docs/use-cases/observability/clickstack/deployment/_snippets/otel-cloud-collector.yaml
+```
+
+<details>
+<summary>otel-cloud-collector.yaml</summary>
+```yaml file=docs/use-cases/observability/clickstack/deployment/_snippets/otel-cloud-config.yaml
 ```
+</details>
 
 Deploy the collector using the following Docker command, setting the respective environment variables to the connection settings recorded earlier and using the appropriate command below based on your operating system.
 
@@ -228,7 +88,7 @@ docker run --rm -it \
   -e CLICKHOUSE_PASSWORD=${CLICKHOUSE_PASSWORD} \
   -e CLICKHOUSE_DATABASE=${CLICKHOUSE_DATABASE} \
   --user 0:0 \
-  -v "$(pwd)/otel-file-collector.yaml":/etc/otel/config.yaml \
+  -v "$(pwd)/otel-cloud-collector.yaml":/etc/otel/config.yaml \
   -v /var/log:/var/log:ro \
   -v /private/var/log:/private/var/log:ro \
   otel/opentelemetry-collector-contrib:latest \
@@ -242,7 +102,7 @@ docker run --rm -it \
 #   -e CLICKHOUSE_PASSWORD=${CLICKHOUSE_PASSWORD} \
 #   -e CLICKHOUSE_DATABASE=${CLICKHOUSE_DATABASE} \
 #   --user 0:0 \
-#   -v "$(pwd)/otel-file-collector.yaml":/etc/otel/config.yaml \
+#   -v "$(pwd)/otel-cloud-collector.yaml":/etc/otel/config.yaml \
 #   -v /var/log:/var/log:ro \
 #   -v /private/var/log:/private/var/log:ro \
 #   otel/opentelemetry-collector-contrib:latest \
 
@@ -34,7 +34,7 @@ Similar to the [all-in-one image](/use-cases/observability/clickstack/deployment
 
 ### Deploy with Docker {#deploy-with-docker}
 
-Local mode deploys the HyperDX UI only, accessible on port 8080.
+Local mode deploys the HyperDX UI on port 8080.
 
 ```shell
 docker run -p 8080:8080 docker.hyperdx.io/hyperdx/hyperdx-local