Telescope is one of the best things about developing in Laravel and one of the worst things you can leave running in production, and the gap between those two facts catches a lot of teams out. The short version: it's a debugger, not a monitor. The longer version is worth understanding so you know exactly where the line sits and what to do if you've already crossed it.
What Telescope is designed for
Telescope is Laravel's official development debugger — a first-party package for inspecting requests, queries, jobs, cache events, and more during development and in staging. It's excellent at that job.
Production is a different problem. You don't need a per-request inspector with full payloads; you need aggregated views across thousands of requests per minute, long-term trending, grouped exceptions, and alerts when things regress.
Why it hurts in production
- Synchronous DB writes — every request writes ~10-30 rows to telescope_entries before returning. 10-50ms added to each request.
- Storage explosion — 1,000 req/min at 20 entries each = 28.8 million rows/day. Telescope's prune command helps but your primary DB shouldn't be a telemetry store.
- No aggregation — no p95 per route, no fingerprint-grouped exceptions, no failure-rate trending. You inspect individual requests, not patterns.
- No alerting — Telescope shows errors but won't page you.
- No retention policy — besides manual pruning.
- No auth by default —
/telescopeis open unless you add middleware. Easy to forget.
If you're going to run it in production anyway
Low-volume apps (under ~100 req/min) sometimes get away with it. Minimum protections:
app/Providers/TelescopeServiceProvider.php
public function register(): void
{
parent::register();
// Sample — record 10% of requests in production
Telescope::filter(function (IncomingEntry $entry) {
if ($this->app->environment('local')) return true;
if ($entry->isReportableException()) return true;
if ($entry->isFailedRequest()) return true;
if ($entry->isFailedJob()) return true;
return rand(1, 100) <= 10;
});
// Redact any sensitive request fields
Telescope::hideRequestParameters(['password', 'password_confirmation', 'credit_card']);
Telescope::hideRequestHeaders(['authorization', 'cookie', 'x-api-key']);
}
Lock /telescope behind auth middleware. Schedule telescope:prune --hours=48 hourly. Move telescope_entries tables to a separate database connection if you can. These mitigations make it tolerable, not good.
The alternatives
- Laravel Nightwatch Cloud — official first-party, free under 300K events/month, usage-based above.
- NightOwl — BYOD PostgreSQL dashboard on the same Nightwatch instrumentation, from $5/month flat.
- Sentry, Inspector.dev, Scout APM — generic or Laravel-aware APMs, various pricing models.
Most teams land on: Telescope locally and in staging (brilliant for that) + a dedicated APM in production.
RELATED
- NightOwl vs Laravel Telescope — detailed comparison
- What is APM?
- Guide — monitor Laravel in production