Log Sources
Add, edit, test, and delete log source connections for a project
The Log Sources page is where you connect the log aggregators SigSentry queries during analyses. For platform-specific setup walkthroughs, see Log Sources.
What's on the page
A list of all log sources configured for this project, each with:
| Column | Notes |
|---|---|
| Type | Platform icon (CloudWatch, Datadog, Loki, Splunk, Elastic, GCP) |
| Name | Your descriptive label |
| Status | Green (connected) / red (error) / grey (inactive) |
| Sources count | How many log groups / indexes / selectors are configured |
| Last tested | Timestamp of the last connection test |
| Actions | Test, Edit, Toggle active, Delete |
Adding a log source
Click Add log source to open the create form. The form fields are platform-specific — see the per-platform pages under Log Sources.
Both Test connection and Load sources are inline buttons in the form, so you can validate before saving.
Editing
Click Edit on any row. The form pre-fills with current values. You can change name, sources, severity behavior, and toggle active / inactive. Credentials are not pre-filled — leave them blank to keep the existing ones, or paste new ones to update.
Testing
Each row has an inline Test button that runs a test query against a small recent window of logs. The result shows connected/failed status and (when successful) a few sample log lines you can inspect.
Required role
| Action | Required permission |
|---|---|
| View list | config:read |
| Add / edit / delete | config:write |
| Test connection | config:read |
Quotas
Each plan limits log sources per project:
| Plan | Sources per project |
|---|---|
| Starter | 2 |
| Pro | 5 |
| Business | 10 |
| Enterprise | Unlimited |
When you're at the limit, the Add log source button is disabled with a tooltip explaining why.