June 2026 at Bindplane: Monitor our own AI with Bindplane, Sentinel goes native, and configs get rollbacks

If there was a theme this month, it was making the hard parts of a telemetry pipeline less risky.

For SIEM customers, we shipped an ASIM-native Microsoft Sentinel destination and automatic OCSF mapping in Pipeline Intelligence, two of the most-requested pieces for teams routing security data through Bindplane.

On the platform side, we added config rollback, which turns "I changed something and now it is behaving differently" into a one-click trip back to a known-good version. We also turned the lens on ourselves and wrote up how we monitor our own internal Claude Code usage with Bindplane.

Here is what shipped, what we wrote, and where we are headed next.

Watch the Community Call recording.

What shipped

The headline is the new Microsoft Sentinel ASIM destination. Sentinel's Advanced Security Information Model is the schema that makes Sentinel analytics portable across data sources, and getting data into the right ASIM tables has historically meant a lot of manual shaping. The new destination routes logs into Sentinel's native ASIM tables with a single ARM template deploy, and the new asim_standardization processor validates telemetry against the ASIM schema before it leaves the pipeline. The result is data that is query-ready in Sentinel instead of data you have to clean up once it arrives. You can read the Sentinel ASIM docs and the asim_standardization processor docs for setup.

Config rollback is the change most people will feel day to day. Every edit to a configuration is now versioned, and the full history lives in the configuration detail view. You can roll forward or back to any previous version, so recovering from a change that did not pan out is immediate. For anyone managing pipelines that real production telemetry depends on, that safety net matters more than any single feature. The rollback guide covers how it works.

Another big story we want to tell this month is about Bindplane dogfooding Bindplane to monitor Claude Code usage. We use Claude Code internally, and we wanted real visibility into how the team was using it, so we pointed Claude Code's internal OpenTelemetry signals at Bindplane. Now we monitor our own usage with a pipeline built with Bindplane.

We wrote the whole thing up:

• What we collected
• How we shaped it
• What the data told us

If you are running AI coding tooling across a team and want to understand what is actually happening, here is how we did it.

New features and integrations

Alongside the big three, the team shipped a wide spread of smaller improvements:

• Splunk Migration CLI: A new command that bulk-migrates Splunk Universal Forwarder configs into Bindplane, so moving a fleet is a command rather than a multi-week migration.
• Automatic OCSF mapping: Pipeline Intelligence now proposes OCSF field mappings for you, so getting to a validated OCSF pipeline no longer means hand-writing every field.
• Redis lookups: The Lookup processor now enriches telemetry from CSV and Redis sources.
• Windows Events sources: The new v3, Forwarded Events, and Remote Collection sources now support streaming collection and have graduated out of Alpha, while the older v2 source is now marked Legacy.

What we wrote and where we showed up

Several posts went out this month. Beyond the Claude Code observability write-up above, Ekansh wrote the launch post for native ASIM ingestion for Microsoft Sentinel, which walks through the new Sentinel ASIM destination and how to get query-ready security data into Sentinel's native tables.

On the security side, Brian wrote up multiple API keys, which give you more keys, finer access control, and a cleaner path to key rotation.

We also refreshed our most-read guide, How to Install and Configure an OpenTelemetry Collector, for 2026. The update reflects how much has changed in the project over the past year, including OpenTelemetry's graduation, the maturing of OpAMP, and the OTel Distro Builder. If you onboarded to the collector a while ago, it is worth a re-read.

Finally, Laura wrote up what the community is thinking about coming out of Observability Summit North America 2026, a recap of the themes and conversations that stood out in Minneapolis.

New documentation

The docs kept pace with the releases.

New feature guides:

• Snapshot Recordings
• Google SecOps partner integrations

New how-to guides for running Bindplane in production:

• Deploy a Bindplane gateway
• Self-hosted enterprise deployment
• Reduce telemetry ingestion costs
• Troubleshoot WebSocket connections
• Postgres on-prem playbook
• Run collectors in parallel
• Configure collector queue size
• SecOps pipelines vs the Bindplane gateway

What we're working toward

Summer is coming up. There are no conferences on the calendar for the next few weeks, though KubeCon North America in Salt Lake City (November 9 to 12) is on our radar for later in the year.

In the meantime, take config rollback and the new Sentinel destination for a spin, and if you are migrating off Splunk, the new CLI is the fastest path we have shipped yet. Questions and feedback are always welcome in the community Slack.

Bindplane is a platform for building and deploying OpenTelemetry-based telemetry pipelines at scale. Learn more, here.