I’m trying to set up fly-log-shipper to forward logs from my Elixir app to Better Stack (formerly LogTail), but I’m getting persistent 401 Unauthorized errors despite following all
documentation and having confirmed working authentication.
My Setup
App: big-xxx (Elixir/Phoenix)Log Shipper: logshipper-cool-morning-9939Better Stack Source Token: [REDACTED - 26 character alphanumeric token]Better Stack Source
ID: fly_io_xx_xx
Configuration Tried
I’ve followed both the official Better Stack documentation and the Fly.io blog post. Current secrets:
ORG=personal
ACCESS_TOKEN=[readonly token created with fly tokens create]
BETTER_STACK_SOURCE_TOKEN=[my-source-token]
I’ve also tried:
- Legacy LOGTAIL_TOKEN variable name
- Both standard (in.logs.betterstack.com) and custom endpoints (s[NUMBER].eu-nbg-2.betterstackdata.com)
- Multiple token regenerations
- Fresh log shipper deployment with exact documentation steps
The Error
Consistent 401 Unauthorized responses from Better Stack:
ERROR sink{component_kind=“sink” component_id=better_stack component_type=http component_name=better_stack}:request{request_id=X}: vector::sinks::util::sink: Response failed.
response=Response { status: 401, version: HTTP/1.1, headers: {“content-type”: “application/json”, “access-control-allow-origin”: “", “access-control-allow-methods”: “GET, POST,
OPTIONS, HEAD”, “access-control-allow-headers”: "”, “content-length”: “25”, “date”: “Wed, 27 Aug 2025 15:47:04 GMT”}, body: b"{“error”: “Unauthorized”}" }
What Works vs What Doesn’t
Working:
- NATS connection to Fly.io logs (no auth errors)
- Direct Better Stack API calls work perfectly:
curl -X POST https://[my-endpoint].betterstackdata.com
-H “Authorization: Bearer [my-token]”
-H “Content-Type: application/json”
-d ‘{“message”: “Test message”, “level”: “info”}’
This successfully appears in Better Stack logs.
Not Working:
- fly-log-shipper → Better Stack authentication
- Same 401 errors with both legacy and new variable names
Suspected Root Cause
The issue appears to be that fly-log-shipper generates Vector HTTP sink configuration that doesn’t properly format the Bearer authentication for Better Stack’s API.
Better Stack expects:
auth:
strategy: “bearer”
token: “$SOURCE_TOKEN”
But fly-log-shipper seems to generate a different authentication format that Better Stack rejects.
Questions
- Has anyone successfully got fly-log-shipper working with Better Stack in 2024?
- Is there a Vector configuration override or custom sink configuration option?
- Are there known authentication format issues between fly-log-shipper and Better Stack?
- Should I use a different log aggregation service that’s better supported?
Any help would be appreciated! I just need to get 7+ days of log retention for my production Elixir app.