Skip to main content
Honeycomb stores your distributed traces and the events behind them. Investigations query it to follow a request through your services around the time of an incident — where it slowed down, where it errored, and which service was responsible.
You connect Honeycomb directly, with a Honeycomb API key and the API endpoint for your region. It isn’t fronted by another provider.

What we support

Investigations query Honeycomb’s event data in three ways:
  • Traces — pull back a full trace by its ID and reconstruct the span tree, so an investigation can see the path a request took across services, the timing of each span, and where errors appeared.
  • Span search — find spans matching a set of conditions, for example every errored span on a service, or the slow requests above a latency threshold, without already knowing a trace ID.
  • Metrics — for environments that send metrics to Honeycomb, query a metric over the incident window — a request rate, an error count, a latency aggregation — grouped by attributes such as the service that emitted it.

Filtering on any column, including high-cardinality ones

Honeycomb stores wide events, and the value of that breadth shows up at query time. Investigations filter on any column you send — resource attributes, span attributes, and the intrinsic fields Honeycomb adds to every event — not a fixed set of indexed dimensions. That includes high-cardinality fields like a request ID, a status code, a customer or tenant, or an endpoint, so an investigation can narrow to the exact slice of traffic that failed rather than approximating it from coarse labels. When a search comes back empty, an investigation can check the columns it filtered on to see which condition excluded everything, then adjust and try again rather than reporting nothing found. Investigations learn this structure — your environment’s datasets, services, and the columns that actually carry data — automatically. How that works is covered in How telemetry works.

Connecting Honeycomb

Connect Honeycomb directly with its API key and region endpoint. What you’ll need:
  • A Honeycomb API key with permission to run queries and read columns. We recommend a key scoped to read-only query access — investigations only ever read from Honeycomb.
  • The API endpoint for your region: https://api.honeycomb.io for US, or https://api.eu1.honeycomb.io for EU.
  1. From the Investigations settings, add a telemetry data source and choose Honeycomb.
  2. Enter your API key and select your region’s API endpoint, then test the connection.
  3. Once connected, investigations read the team and environment the key belongs to, so traces and searches run against the right data.
Once connected, Honeycomb is available to investigations straight away. You can disable it at any time if you’d prefer investigations didn’t query it.
A Honeycomb key needs both query and column permissions to look up traces. If a key has one but not the other, the connection test can still pass while queries fail, so grant both.

Best practice

  • Use a read-only key scoped to the environment you want investigations to query, rather than a broad key with write access.
  • Pick the API endpoint that matches your Honeycomb region — the US and EU instances are separate, and a key from one won’t work against the other.

Telemetry overview

How providers and data sources fit together.

How telemetry works

How investigations query your traces.