Where communities thrive

  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
  • 20:26
    lukesteensen closed #6634
  • 20:12
    eeyun synchronize #4837
  • 20:03
    eeyun synchronize #4837
  • 19:12
    lucperkins synchronize #6479
  • 19:10
    leebenson edited #6610
  • 18:29
    jszwedko closed #6617
  • 18:28
    lucperkins synchronize #6479
  • 18:27
    lucperkins synchronize #6479
  • 18:25
    lucperkins synchronize #6479
  • 18:02
    eeyun review_requested #6627
  • 18:02
    eeyun ready_for_review #6627
  • 18:02
    eeyun synchronize #4837
  • 17:52
    eeyun synchronize #4837
  • 17:47
    eeyun synchronize #4837
  • 17:31
    lucperkins synchronize #6603
  • 17:21
    eeyun synchronize #6627
  • 17:20
    eeyun synchronize #6627
  • 17:10
    eeyun synchronize #6627
  • 17:00
    eeyun synchronize #6627
  • 16:42
    eeyun synchronize #6627
Binary Logic
We haven’t tested explicitly with Amazon’s Kafka service, so it might be that, but my assumption is that it shouldn’t matter.
Grant Schofield
cool, also I got a strange error regarding humio, there aren't a lot of logs I'm shipping when using the file source but see Feb 15 01:16:26.584 TRACE sink{name=humio type=humio_logs}: tower_limit::rate::service: rate limit exceeded, disabling service
will check back Monday
Oh and the Kafka did work fine with our own kafka connect sink, and kafkacat works...
Binary Logic

Thanks @schofield, we'll see what's going on with MSK. I've opened timberio/vector#1833 to look into it.

Regarding the rate limit error, you just need to raise https://vector.dev/docs/reference/sinks/humio_logs/#rate_limit_num . Let me know if we should raise the default there.

Grant Schofield
thanks, missed that one, will give it a go
Andrey Afoninsky
just noticed:
you've added "loki" sync as a part of the sprint
and it appeared in documentation which is good: https://vector.dev/docs/reference/sinks/loki/
the problem is - there is no information that it's a part of a nightly build, and not a part of latest stable (0.7.2) so it does not work
5 replies
hello, guys! I use vector as tcp > kafka transport.
some short time after the start, sink stucks, nothing happens, no suspicious messages in broker and vector logs (in debug mode too)
for a litte time before stuck, in vector log disappears sink messages (only source messages remains)
Has anyone encountered this problem?
4 replies

Hello, I am routing glog file to elasticsearch.

  type = "lua"
  inputs = ["src"]
  source = """
event['app'] = event['file']:match('/log/(.+)%.INFO')

  type = "elasticsearch"
  inputs = ["add_metadata"]
  host = ""
  index = "proj-{{host}}-{{app}}"

The above snippet does not work. The log shows nothing.


  index = "proj-{{host}}"

works and msgs have correct app field. Why can't I use {{app}} in index?

2 replies
Samuel Cormier-Iijima

Hi all, I'm not able to get the aws_ec2_metadata transform working. It seems to be connecting correctly to the metadata endpoint, but never makes a request. Here's my sample config:

data_dir = "/var/lib/vector"

  type = "stdin"

  type = "aws_ec2_metadata"
  inputs = ["stdin"]

  type = "console"
  inputs = ["add_aws_metadata"]
  encoding = "json"

And the debug logs:

Feb 19 21:59:30.069  INFO vector: Log level "info" is enabled.
Feb 19 21:59:30.069  INFO vector: Loading configs. path=["/etc/vector/vector.toml"]
Feb 19 21:59:30.072  INFO vector: Vector is starting. version="0.8.0" git_version="v0.7.0-168-g841a8f8" released="Wed, 19 Feb 2020 11:14:46 +0000" arch="x86_64"
Feb 19 21:59:30.073 DEBUG trust_dns_resolver::async_resolver::background: trust-dns resolver running
Feb 19 21:59:30.073  INFO vector::topology: Running healthchecks.
Feb 19 21:59:30.073 DEBUG aws_ec2_metadata: worker: hyper::client::connect::http: connecting to
Feb 19 21:59:30.074 DEBUG aws_ec2_metadata: worker: tokio_reactor: adding I/O source: 0
Feb 19 21:59:30.074 DEBUG aws_ec2_metadata: worker: tokio_reactor::registration: scheduling Write for: 0
Feb 19 21:59:30.074  INFO vector::topology: Starting source "stdin"
Feb 19 21:59:30.074 DEBUG aws_ec2_metadata: worker: hyper::client::connect::http: connected to Some(V4(
Feb 19 21:59:30.075  INFO vector::topology::builder: Healthcheck: Passed.
Feb 19 21:59:30.076  INFO vector::topology: Starting transform "add_aws_metadata"
Feb 19 21:59:30.076  INFO source{name=stdin type=stdin}: vector::sources::stdin: Capturing STDIN
Feb 19 21:59:30.076  INFO vector::topology: Starting sink "console"
Feb 19 21:59:30.076 DEBUG tokio_reactor: adding I/O source: 0
Feb 19 21:59:30.076 DEBUG tokio_reactor::registration: scheduling Read for: 0
Feb 19 21:59:30.076 DEBUG tokio_reactor: adding I/O source: 4194305
Feb 19 21:59:30.076 DEBUG tokio_reactor::registration: scheduling Read for: 1
Feb 19 21:59:30.076 DEBUG tokio_reactor: adding I/O source: 8388610
Feb 19 21:59:30.076 DEBUG tokio_reactor::background: starting background reactor
Feb 19 21:59:30.076 DEBUG tokio_reactor::registration: scheduling Read for: 2
Feb 19 21:59:30.076 DEBUG tokio_reactor: adding I/O source: 12582915
Feb 19 21:59:30.076 DEBUG tokio_reactor::registration: scheduling Read for: 3
Feb 19 21:59:30.077 DEBUG tokio_reactor::registration: scheduling Read for: 0
Feb 19 21:59:30.079 DEBUG tokio_reactor::registration: scheduling Read for: 0
Feb 19 21:59:30.079 DEBUG hyper::proto::h1::io: flushed 102 bytes

I'm running inside Docker using the nightly-alpine image. Any help/thoughts appreciated!

Actually, if I wait long enough I see

Feb 19 22:02:17.835 DEBUG hyper::proto::h1::conn: parse error (connection error: Connection reset by peer (os error 104)) with 0 bytes
Feb 19 22:02:17.835 DEBUG hyper::proto::h1::dispatch: read_head error: connection error: Connection reset by peer (os error 104)
Feb 19 22:02:17.835 DEBUG tokio_reactor: dropping I/O source: 0
Feb 19 22:02:17.836 ERROR aws_ec2_metadata: worker: vector::transforms::aws_ec2_metadata: Unable to fetch EC2 metadata; Retrying. error=connection error: Connection reset by peer (os error 104)
Feb 19 22:02:18.840 DEBUG aws_ec2_metadata: worker: hyper::client::connect::http: connecting to
Feb 19 22:02:18.840 DEBUG aws_ec2_metadata: worker: tokio_reactor: adding I/O source: 0
Feb 19 22:02:18.840 DEBUG aws_ec2_metadata: worker: tokio_reactor::registration: scheduling Write for: 0
Feb 19 22:02:18.840 DEBUG aws_ec2_metadata: worker: hyper::client::connect::http: connected to Some(V4(

Maybe there's something else going on - although I'm able to curl the metadata endpoint from inside the container...

Lucio Franco
What type of instance are you on? and what does your curl command look like
Samuel Cormier-Iijima
thanks for the quick response @LucioFranco! it's a standard EC2 instance, m5.xlarge. here's the command I'm running:
admin@ip-172-20-98-28:~$ sudo docker run -it --entrypoint /bin/sh -e LOG=debug --rm --name vector -v $PWD/vector.toml:/etc/vector/vector.toml -v /var/lib/docker:/var/lib/docker -v /var/run/docker.sock:/var/run/docker.sock -v
$PWD/vector:/var/lib/vector -v /var/log/pods:/var/log/pods timberio/vector:nightly-alpine
/ # apk add curl
fetch http://dl-cdn.alpinelinux.org/alpine/v3.10/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.10/community/x86_64/APKINDEX.tar.gz
(1/3) Installing nghttp2-libs (1.39.2-r0)
(2/3) Installing libcurl (7.66.0-r0)
(3/3) Installing curl (7.66.0-r0)
Executing busybox-1.30.1-r3.trigger
OK: 10 MiB in 19 packages
/ # curl
  "accountId" : "------------",
  "architecture" : "x86_64",
  "availabilityZone" : "ca-central-1a",
  "billingProducts" : null,
  "devpayProductCodes" : null,
  "marketplaceProductCodes" : null,
  "imageId" : "ami-0xxxxxx",
  "instanceId" : "i-0xxxxxx",
  "instanceType" : "m5.xlarge",
  "kernelId" : null,
  "pendingTime" : "2020-02-11T15:42:59Z",
  "privateIp" : "",
  "ramdiskId" : null,
  "region" : "ca-central-1",
  "version" : "2017-09-30"
Lucio Franco
ah looks like you're running vector within a container, that may be the reason
Samuel Cormier-Iijima
the curl command is also running from within the container
Lucio Franco
@sciyoshi can you try running the docker command with --net=host?
Samuel Cormier-Iijima
oh yup, that worked!! thank you :) not sure why curl would have been able to connect?
Lucio Franco
I would assume black magic :) glad that worked! let us know if you have any other issues.
Samuel Cormier-Iijima
I have another quick question - the json_parser transform seems to always remove the source field when drop_field is true. This seems inconsistent with the behavior of e.g. grok_parser, which only removes it when the parse succeeds. Is that behavior intentional?
Binary Logic
Hey @sciyoshi , the behavior should be consistent across the two. I've opened timberio/vector#1861 to fix that.
Sebastian YEPES
Small question, Is it currently possible to ingest (receive from UDP, TCP or file) metrics using the line protocol?
2 replies
Samuel Cormier-Iijima
@LucioFranco update on the original issue - I'm not able to use --net=host, but also it seems that it's only the /latest/api/token endpoint that is timing out from within a container. It seems that the API that should be used instead is the IMDS metadata - botocore updated due to this issue and you can see the changes here: boto/botocore#1895
7 replies
Andrey Afoninsky
does vector have loggly support? haven't found any issues about it: https://github.com/timberio/vector/search?q=loggly&unscoped_q=loggly
1 reply
Aleksey Shirokih
Hi! how can i transform something like that "file":"/var/log/mysystem/subsystem-component_name-07.log" to component_name ?
1 reply
Ana Hobden
Glad you got it!
Aleksey Shirokih
as i can see there are type https://vector.dev/docs/about/data-model/metric/#aggregated_summary but how can i get it ? i am interested in prometheus summary of cause. there are some reference to timberio/vector#710 but i can't catch the point
Ana Hobden
@freeseacher if you're taking in logs and want to output metrics please try https://vector.dev/docs/reference/transforms/log_to_metric/
Aleksey Shirokih
yes i am talking about metrics and already found log2metric but it does not help. type must must be one of: "counter" "gauge" "histogram" "set" but not quantile.
Samuel Cormier-Iijima
I am having issues with Docker log rotation using the default json-file logging driver - Vector stops picking up logs after the file is rotated
25 replies
Cédric Da Fonseca
Hi, I'm not sure to understand how the regex transform works.
I'm trying to only parse error log message, so I have a regexp starting with "^ERROR.*", I'm expecting the transform to drop the log that doesn't match. But, the log is parsed and the log content is put in the "message" field.
I tried to play with drop_field and field but it didn't work
What would be the best solution for my use case ?
2 replies
Heinz N. Gies
it worked :D
Ana Hobden
Gitter: It works sometimes! :)

Hello someone has try AWS S3 Sink with ceph ? For me it doesn't work, for example for the healtcheck ceph return a 404 response code for the head method while it return 200 response code when i'm using mc ls, here is the config

  # REQUIRED - General
  type = "aws_s3" # must be: "aws_s3"
  inputs = ["syslog"] # example
  bucket = "vector" # example
  compression = "none" # example, enum
  endpoint = "http://my-ceph.com:9000"

  # OPTIONAL - Object Names
  filename_append_uuid = true # default
  filename_extension = "log" # default
  filename_time_format = "%s" # default
  key_prefix = "date=%F/" # default
  # REQUIRED - requests
  encoding = "text" # example, enum

  # OPTIONAL - General
  healthcheck = true# default

i set also the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY . When i try to send a log it returns me
Feb 28 16:40:05.185 ERROR sink{name=ceph type=aws_s3}: vector::sinks::util::retries: encountered non-retriable error. error=<?xml version="1.0" encoding="UTF-8"?><Error><Code>InvalidArgument</Code><BucketName>http://my-ceph.com:9000</BucketName><RequestId>tx00000000000000c51a948-005e594265-430c8a-myhost-1</RequestId><HostId>myhostid</HostId></Error> Feb 28 16:40:05.185 ERROR sink{name=ceph type=aws_s3}: vector::sinks::util: request failed. error=<?xml version="1.0" encoding="UTF-8"?><Error><Code>InvalidArgument</Code><BucketName>http://my-ceph.com:9000</BucketName><RequestId>tx00000000000000c51a948-005e594265-430c8a-myhost-1</RequestId><HostId>myhostid</HostId></Error>
Could you help me with that please ? :-) Have a nice day

Hey everyone, just started playing with vector agent on Windows to collect logs from a legacy application. In my case, when the application starts it writes a very long line into the log file (\u0000 on repeat)... what transform would you suggest to use to drop that one line?
Andrey Afoninsky


Note that timers will be accepted with the ms, h, and d statsd types. The first two are timers and histograms and the d type is for DataDog's "distribution" type. The distribution type is treated identically to timers and histograms.

does vector support DD type? do we need to create issue?

2 replies
Andrey Afoninsky
does it make sense to create an issue with implementation request for prometheus sync?
pros: a better histogram (less cardinality, more accuracy)
cons: VictoriaMetric specific only, maybe it's useful in specific cases only
1 reply
Is there Offical helm chart?
2 replies

Hey - I have a small problem with reloading configurations. If the source is http / logplex / splunk_hec (all of which use Warp) and you change the configuration, but don't change the port, I get a configuration error (address already in use) and the reload fails. Workaround is to just change the port to a new value. After a successful reload you can then change the port back to the original.

It's not a huge issue, but I wanted to see if it was known.

ERROR vector::topology: Configuration error: Source "in": Address already in use (os error 48)
ERROR vector: Reload was not successful.
hello! Is there a correct way to specify multiple targets in elasticsearch sink, as in logstash?
9 replies
Andrey Afoninsky
hello, please fix me if I wrong: "vector" source is a grpc-server and I can send logs/metrics directly using https://github.com/timberio/vector/blob/master/proto/event.proto ?
2 replies
Andrey Afoninsky
another question: what's the best approach to implement log rotation / truncate in https://vector.dev/docs/reference/sinks/file/ and docker image? do you want to have an issue about it or it should be achieved using external tools? for now, I'm launching logrotate docker image as sidecar :)
2 replies
Andrey Afoninsky
please take a look if you have a free time, can't understand is it a bug or my misunderstanding of documentation :) thx
2 replies
Andrey Afoninsky
one more question :) "file sink" does not recreate a file if old one was deleted using "rm" - is it correct behaviour?
7 replies
anyone else seeing behavior like timberio/vector#2080 ?
hi, building vector using make or using docker as stated on https://vector.dev/docs/setup/installation/manual/from-source/ generates a debug mode binary
1 reply
is there any instruction I am missing to generate a release version ?
I found that hotmic is deprecated, https://github.com/timberio/vector/blob/master/lib/tracing-metrics/Cargo.toml#L9 do you plan to replace it with crate metrics ?
6 replies
Serhii M.

Hi, guys! Small question regarding config for kafka sink - I have next piece of config

  type = "kafka"
  inputs = ["json"]
  bootstrap_servers = "kafka-server:9092"
  topic = "vector"
  compression = "none"
  healthcheck = true

  buffer.type = "disk"
  buffer.max_size = 104900000
  buffer.when_full = "block"

  encoding.codec = "json"

And when I try to start vector I get:

unknown variant `codec`, expected `text` or `json` for key `sinks.kafka`

What's wrong with config?