@db2jlu_twitter I'm not super familiar with Clickhouse, but there is an open issue for metrics support: timberio/vector#3435 . It may just not be implemented yet.
Looking at that though, are you sure that's the reason? It seems like it might be a mismatch in the schema or datatypes in clickhouse or, possibly, that vector is sending invalid JSON
I just posted a blog about Vector: https://www.splunk.com/en_us/blog/it/meet-the-fastest-forwarder-on-the-net.html
huh...Splunk pulled the article?
transforms:
"liran-demo-logs":
type: filter
inputs: ["kubernetes_logs"]
rawConfig: |
[transforms.liran-demo-logs.condition]
"kubernetes.pod_labels.component.eq" = "app=liran-demo"
"stream.eq" = "stdout"
sinks:
console:
type: "console"
inputs: ["liran-demo-logs"]
taget: "stdout"
rawConfig: |
# Encoding
encoding.codec = "json" # required
hello
I have a lot of spam messages after installing helm chart "vector-0.11.0-nightly-2020-08-24":
Aug 25 13:34:06.533 WARN source{name=kubernetes_logs type=kubernetes_logs}: vector::internal_events::kubernetes_logs: failed to annotate event with pod metadata event=Log(LogEvent { fields: {"file": Bytes(b"/var/log/pods/vector_cluster-logs-chf8d_290b7ab5-9752-49f1-81d7-cc9a51483c4d/vector/2.log"), "message": Bytes(b"{\"log\":\"Aug 25 13:19:17.029 INFO source{name=kubernetes type=kubernetes}:file_server: file_source::file_server: More than one file has same fingerprint. path=\\\"/var/log/pods/jaeger_jaeger-cassandra-2_3d357498-7fd7-448e-a0d7-54b8922b0050/jaeger-cassandra/6.log\\\" old_path=\\\"/var/log/pods/jaeger_jaeger-cassandra-2_3d357498-7fd7-448e-a0d7-54b8922b0050/jaeger-cassandra/5.log\\\"\\n\",\"stream\":\"stdout\",\"time\":\"2020-08-25T13:19:17.02974474Z\"}"), "source_type": Bytes(b"kubernetes_logs"), "timestamp": Timestamp(2020-08-25T13:34:06.533091773Z)} })
config:
kubernetesLogsSource:
enabled: true
sourceId: kubernetes_logs
env:
- name: LOGGLY_TOKEN
value: ****-****-****-****-****
sinks:
# console:
# type: console
# inputs: ["kubernetes_logs"]
# rawConfig: |
# encoding.codec = "json"
loggly:
type: http
inputs: ["kubernetes_logs"]
rawConfig: |
uri = "https://logs-01.loggly.com/bulk/${LOGGLY_TOKEN}/tag/olly,dev,k8s/"
batch.max_size = 50000
encoding.codec = "ndjson"
should I create an issue or it's already known and/or fixed? thanks
[sources.access-raw]
# General
type = "file"
ignore_older = 300
include = ["/var/log/od/access_*.log"]
start_at_beginning = false
oldest_first = true
fingerprinting.strategy = "checksum"
fingerprinting.ignored_header_bytes = 2048
fingerprinting.fingerprint_bytes = 4096
Aug 25 14:39:14 vm8857 vector: Aug 25 14:39:14.117 ERROR source{name=access-raw type=file}:file_server: file_source::file_server: Error reading file for fingerprinting err=Too many open files (os error 24) file="/var/log/od/access_2020-02-24_13-53-24_pid_2074.log"
I could change max_open_files, which is limited to 1024 for the vector user, but it seems odd to have to do such a thing when only one log file at a time is being written.
[sinks.loki]
# General
type = "loki" # required
inputs = ["cleaned_traefik_logs"]
endpoint = "http://loki:3100" # required
healthcheck = true # optional, default
# Encoding
encoding.codec = "json" # optional, default
# Labels
labels.key = "value" # I'm not sure what this does
labels.key = "{{ event_field }}" # nor this
[sources.in]
type = "journald" # required
[sinks.vector]
# General
type = "vector"
inputs = ["in"]
address = "1.2.3.4:5000"
healthcheck = true
buffer.max_size = 504900000
buffer.type = "disk"
buffer.when_full = "block"
[sinks.loki-nginx]
inputs = ["nginx_dev"]
type = "loki"
endpoint = "https://a-endpoint"
auth.strategy = "basic"
auth.user = "username"
auth.password = "some_password"
labels.key = "dev_nginx"
Aug 31 11:24:14 ip-172-31-41-152 vector[1202]: Aug 31 11:24:14.693 ERROR vector::topology::builder: Healthcheck: Failed Reason: A non-successful status returned: 401 Unauthorized
Aug 31 11:24:15 ip-172-31-41-152 vector[1202]: Aug 31 11:24:15.488 WARN sink{name=loki-nginx type=loki}:request{request_id=0}: vector::sinks::util::retries2: request is not retryable;
Can someone help me understand why TLS is failing here? We're using letsencrypt to get certs for the central collector and don't really care about having individual host certs for each client, I just want to transmit the logs securely. It works if I set tls.verify_certificate = false
on the client but I'd prefer not to.
Sep 01 17:29:59.836 ERROR vector::topology::builder: Healthcheck: Failed Reason: Connect error: TLS handshake failed: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1915:
Collector config:
[sources.vector]
type = "vector"
address = "0.0.0.0:9000"
shutdown_timeout_secs = 30
tls.enabled = true
tls.crt_file = "/etc/letsencrypt/fullchain.pem"
tls.ca_file = "/etc/letsencrypt/chain.pem"
tls.key_file = "/etc/letsencrypt/privkey.pem"
Client config:
[sinks.central_collector]
type = "vector"
inputs = ["apache_log"]
address = "${CENTRAL_ENDPOINT}:9000"
healthcheck = true
# Buffer
buffer.max_events = 500
buffer.type = "memory"
buffer.when_full = "block"
# TLS
tls.enabled = true
Hi,
I've started evaluating vector for delivering logs from fluent-bit to s3.
I've followed the examples and created a config like this:
[sources.in]
type = "http" # required
address = "172.31.60.17:8080" # required
encoding = "json" # optional, default
[sinks.out]
bucket = "fluentlogsink" # required
inputs = ["in"] # required
region = "us-east-1" # required, required when endpoint = ""
type = "aws_s3" # required
compression = "gzip"
Hey all!
A quick announcement: we are moving from gitter to discord for our community chat. You can join us here: https://discord.gg/jm97nzy (see channels in the vector
category).
Details:
As the team supporting vector and building its community, we've found a number of issues using gitter for this purpose:
We hope having people come to discord instead will result in more messages being seen and responded to.
We also hope to move more of our general development discussions to discord as well to make it easier for people to follow along and contribute.
For more detailed support issues, Github Issues is still the best place to ensure that the they are seen, triaged, and responded to.
The link on the website and other pointers will be updated shortly.
Hope to see you there! We also welcome any feedback on how we can better support the vector community.
hello
a generic question about periodic health check:
recently, our kafka instance (sink) was down and errors started to appear in the console -> so the service stopped to work but didn't fall
it fell only after restart as "--require-healthy" flag is specified and sink is not healthy
there was a command we could trigger periodically which returned >0 exit code if health didn't pass -> but it was removed in the latest versions
a generic question: is it possible to setup health check (ex.: in kubernetes) somehow, any workarounds? thanks
Hey all,
Does vector support the Web Identity Provider in STS? This feature was merged into Rusoto in Dec '19 (rusoto/rusoto#1577), but I'm struggling to implement.
As far as I'm aware, everything is set up correctly and Web Identity Provider works with our other k8s services (and my set-up confirmed by this guide here: https://dev.to/pnehrer/a-story-of-rusty-containers-queues-and-the-role-of-assumed-identity-kl2) but when I'm trying to put to a CloudWatch log group it won't assume the correct SA.
:
in protocol and the :
and ->
in source_port?