Log Ingestion
Igris ingests logs from external AI observability providers and normalizes them into a unifiedaudit_events table. This gives you a single audit trail that combines proxy-intercepted tool calls with logs from your existing AI infrastructure.
How It Works
- Configure your provider to send webhooks to the Igris ingestion endpoint
- Igris normalizes the provider-specific payload into a standard event format
- Events are stored in the
audit_eventstable alongside proxy-captured events - Dashboard and compliance features use the unified data
Supported Providers
| Provider | Endpoint | Status |
|---|---|---|
| Portkey AI Gateway | /api/v1/ingest/portkey | Supported |
| Helicone | /api/v1/ingest/helicone | Supported |
| Cloudflare AI Gateway | /api/v1/ingest/cloudflare | Supported |
| CloudWatch + Datadog | /api/v1/ingest/cloudwatch, /api/v1/ingest/datadog | Supported |
| Raw JSON | /api/v1/ingest/raw | Supported |
Authentication
All ingestion endpoints require an API key in theAuthorization header:
Normalized Event Format
Regardless of source, all ingested events are stored with these fields:| Field | Description |
|---|---|
id | Unique event ID |
orgId | Organization ID (derived from API key) |
source | Provider name (portkey, helicone, cloudflare, cloudwatch, datadog, raw, proxy) |
type | Event type (tool_call, completion, embedding, anomaly) |
toolName | Tool or model name |
action | What happened (allow, deny, alert, log) |
metadata | Provider-specific data preserved as JSON |
timestamp | When the event occurred |
Plan Limits
Ingestion volume is gated by plan:| Plan | Events/month |
|---|---|
| Free | 1,000 |
| Govern ($49) | 50,000 |
| Comply ($199) | 500,000 |
| Enterprise ($499) | Unlimited |
429 Too Many Requests response.