Vector

Length field byte order (little or big endian)

Number of bytes representing the field length

Number of bytes in the header before the length field

Maximum frame length

The CSV Serializer Options.

Options for the JsonSerializer.

The user configuration to choose the metric tag strategy.

The URI has the format of amqp://<user>:<password>@<host>:<port>/<vhost>?timeout=<seconds>.

The default vhost can be specified by using a value of %2f.

To connect over TLS, a scheme of amqps can be specified instead. For example, amqps://.... Additional TLS settings, such as client certificate verification, can be configured under the tls section.

Custom endpoint for use with AWS-compatible services.

Configures how events are encoded into raw bytes.

Framing configuration.

List of fields that are excluded from the encoded event.

List of fields that are included in the encoded event.

Format used for timestamp fields.

The name of the transform to insert the input event to.

Only relevant when type is log.

Only relevant when type is metric.

Only relevant when type is vrl.

Can be either raw, vrl, log, or `metric.

Use this only when the input event should be a raw event (i.e. unprocessed/undecoded log event) and when the input type is set to raw.

They are added to the node as provided

Name of the test that this sink is being used for.

List of names of the transform/branch associated with this sink.

File-specific settings.

This is used to coerce log fields from strings into their proper types. The available types are listed in the Types list below.

Timestamp coercions need to be prefaced with timestamp|, for example "timestamp|%F". Timestamp specifiers can use either of the following:

1. One of the built-in-formats listed in the Timestamp Formats table below.
2. The time format specifiers from Rust’s chrono library.

Types

• bool
• string
• float
• integer
• date
• timestamp (see the table below for formats)

Timestamp Formats

Other databases, such as the country database, are not supported. mmdb enrichment table can be used for other databases.

MaxMind includes localized versions of some of the fields within their database, such as country name. This setting can control which of those localized versions are returned by the transform.

More information on which portions of the geolocation data are localized, and what languages are available, can be found here.

Either an API key or a path to a service account credentials JSON file can be specified.

If both are unset, the GOOGLE_APPLICATION_CREDENTIALS environment variable is checked for a filename. If no filename is named, an attempt is made to fetch an instance service account for the compute instance the program is running on. If this is not on a GCE instance, then you must define it with an API key or service account credentials JSON file.

Either an API key or a path to a service account credentials JSON file can be specified.

If both are unset, the GOOGLE_APPLICATION_CREDENTIALS environment variable is checked for a filename. If no filename is named, an attempt is made to fetch an instance service account for the compute instance the program is running on. If this is not on a GCE instance, then you must define it with an API key or service account credentials JSON file.

Skip all authentication handling. For use with integration tests only.

A value of 0.1 means that the actual duration will be between 90% and 110% of the specified maximum duration.

Only applies to HTTP/0.9, HTTP/1.0, and HTTP/1.1 requests.

A random jitter configured by max_connection_age_jitter_factor is added to the specified duration to spread out connection storms.

This is useful for distinguishing between different files while monitoring. However, the tag's cardinality is unbounded.

Configuration for SASL authentication when interacting with Kafka.

A file path.

Remove trailing whitespace from file contents.

The path to the script or binary must be the first argument.

The timeout, in seconds, to wait for the command to complete.

A file path.

Fixed value to replace all secrets with.

Wrapper for sensitive strings containing credentials

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

Event batching behavior.

All compression algorithms use the default compression level unless otherwise specified.

Transformations to prepare an event for serialization.

The URI for the AppSignal API to send data to.

Various settings can be configured, such as concurrency and rate limits, timeouts, retry behavior, etc.

Note that the retry backoff policy follows the Fibonacci sequence.

Configures how events are encoded into raw bytes.

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

Configuration of the authentication strategy for interacting with AWS services.

This value is a template which should result in a unique string for each event. See the AWS documentation for more about how AWS does message deduplication.

Can be applied only to FIFO queues.

Various settings can be configured, such as concurrency and rate limits, timeouts, retry behavior, etc.

Note that the retry backoff policy follows the Fibonacci sequence.

The Axiom dataset to write to.

Wrapper for sensitive strings containing credentials

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

The batch settings for the sink.

All compression algorithms use the default compression level unless otherwise specified.

Only required when using personal tokens.

Outbound HTTP request settings.

Optional, constrains TLS settings for this sink.

Only required if not using Axiom Cloud.

Can only contain letters, numbers, and underscores (_), and may not exceed 100 characters.

Wrapper for sensitive strings containing credentials

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

Event batching behavior.

Transformations to prepare an event for serialization.

Various settings can be configured, such as concurrency and rate limits, timeouts, retry behavior, etc.

Note that the retry backoff policy follows the Fibonacci sequence.

The setting of log_schema.timestamp_key, usually timestamp, is used here by default. This field should be used in rare cases where TimeGenerated should point to a specific log field. For example, use this field to set the log field source_timestamp as holding the value that should be used as TimeGenerated on the Azure side.

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

A span of time, in whole seconds.

By default, there is no limit.

In many cases, components can be configured so that part of the component's functionality can be customized on a per-event basis. For example, you have a sink that writes events to a file and you want to specify which file an event should go to by using an event field as part of the input to the filename used.

By using Template, users can specify either fixed strings or templated strings. Templated strings use a common syntax to refer to fields in an event that is used as the input data when rendering the template. An example of a fixed string is my-file.log. An example of a template string is my-file-{{key}}.log, where {{key}} is the key's value when the template is rendered into a string.

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

Event batching behavior.

All compression algorithms use the default compression level unless otherwise specified.

The database that contains the table that data is inserted into.

Sets date_time_input_format to best_effort, allowing ClickHouse to properly parse RFC3339/ISO 8601.

Transformations to prepare an event for serialization.

The format to parse input data.

Sets insert_distributed_one_random_shard, allowing ClickHouse to insert data into a random shard when using Distributed Table Engine.

Various settings can be configured, such as concurrency and rate limits, timeouts, retry behavior, etc.

Note that the retry backoff policy follows the Fibonacci sequence.

If left unspecified, use the default provided by the ClickHouse server.

The table that data is inserted into.

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

The username and password to authenticate with. Overrides the username and password in DSN.

Event batching behavior.

Compression configuration.

The database that contains the table that data is inserted into. Overrides the database in DSN.

Configures how events are encoded into raw bytes.

Defines how missing fields are handled for NDJson. Refer to https://docs.databend.com/sql/sql-reference/file-format-options#null_field_as

Various settings can be configured, such as concurrency and rate limits, timeouts, retry behavior, etc.

Note that the retry backoff policy follows the Fibonacci sequence.

The TLS configuration to use when connecting to the Databend server.

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

If an event has a Datadog API key set explicitly in its metadata, it takes precedence over this setting.

This value can also be set by specifying the DD_API_KEY environment variable. The value specified here takes precedence over the environment variable.

The endpoint must contain an HTTP scheme, and may specify a hostname or IP address and port. The API path should NOT be specified as this is handled by the sink.

If set, overrides the site option.

This value can also be set by specifying the DD_SITE environment variable. The value specified here takes precedence over the environment variable.

If not specified by the environment variable, a default value of datadoghq.com is taken.

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

Amazon OpenSearch Serverless requires this option to be set to auto (the default).

Elasticsearch Authentication strategies.

Event batching behavior.

Elasticsearch bulk mode configuration.

All compression algorithms use the default compression level unless otherwise specified.

Elasticsearch data stream mode configuration.

Options for determining the health of an endpoint.

This is only relevant for Elasticsearch <= 6.X. If you are using >= 7.0 you do not need to set this option since Elasticsearch has removed it.

Transformations to prepare an event for serialization.

The endpoint must contain an HTTP scheme, and may specify a hostname or IP address and port.

The endpoint must contain an HTTP scheme, and may specify a hostname or IP address and port.

By default, the _id field is not set, which allows Elasticsearch to set this automatically. Setting your own Elasticsearch IDs can hinder performance.

Configuration for the metric_to_log transform.

Elasticsearch Indexing mode.

Amazon OpenSearch service type

The name of the pipeline to apply.

Custom parameters to add to the query string for each HTTP request sent to Elasticsearch.

Outbound HTTP request settings.

To avoid duplicates in Elasticsearch, please use option id_key.

The type field was deprecated in Elasticsearch 7.x and removed in Elasticsearch 8.x.

If enabled, the doc_type option is ignored.

The endpoint of the GreptimeDB server.

In many cases, components can be configured so that part of the component's functionality can be customized on a per-event basis. For example, you have a sink that writes events to a file and you want to specify which file an event should go to by using an event field as part of the input to the filename used.

By using Template, users can specify either fixed strings or templated strings. Templated strings use a common syntax to refer to fields in an event that is used as the input data when rendering the template. An example of a fixed string is my-file.log. An example of a template string is my-file-{{key}}.log, where {{key}} is the key's value when the template is rendered into a string.

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

Event batching behavior.

All compression algorithms use the default compression level unless otherwise specified.

In many cases, components can be configured so that part of the component's functionality can be customized on a per-event basis. For example, you have a sink that writes events to a file and you want to specify which file an event should go to by using an event field as part of the input to the filename used.

By using Template, users can specify either fixed strings or templated strings. Templated strings use a common syntax to refer to fields in an event that is used as the input data when rendering the template. An example of a fixed string is my-file.log. An example of a template string is my-file-{{key}}.log, where {{key}} is the key's value when the template is rendered into a string.

Transformations to prepare an event for serialization.

Custom parameters to add to the query string for each HTTP request sent to GreptimeDB.

This is required if your instance has authentication enabled.

In many cases, components can be configured so that part of the component's functionality can be customized on a per-event basis. For example, you have a sink that writes events to a file and you want to specify which file an event should go to by using an event field as part of the input to the filename used.

By using Template, users can specify either fixed strings or templated strings. Templated strings use a common syntax to refer to fields in an event that is used as the input data when rendering the template. An example of a fixed string is my-file.log. An example of a template string is my-file-{{key}}.log, where {{key}} is the key's value when the template is rendered into a string.

Pipeline version to be used for the logs.

Various settings can be configured, such as concurrency and rate limits, timeouts, retry behavior, etc.

Note that the retry backoff policy follows the Fibonacci sequence.

This is required if your instance has authentication enabled.

This sink uses GreptimeDB's gRPC interface for data ingestion. By default, GreptimeDB listens to port 4001 for gRPC protocol.

The address must include a port.

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

Event batching behavior.

Default to public, the default database of GreptimeDB.

Database can be created via create database statement on GreptimeDB. If you are using GreptimeCloud, use dbname from the connection information of your instance.

Set gRPC compression encoding for the request Default to none, gzip or zstd is supported.

This is to keep consistency with GreptimeDB's naming pattern. By default, this sink will use val for value column name, and ts for time index name. When turned on, greptime_value and greptime_timestamp will be used for these names.

If you are using this Vector sink together with other data ingestion sources of GreptimeDB, like Prometheus Remote Write and Influxdb Line Protocol, it is highly recommended to turn on this.

Also if there is a tag name conflict from your data source, for example, you have a tag named as val or ts, you need to turn on this option to avoid the conflict.

Default to false for compatibility.

This is required if your instance has authentication enabled.

Various settings can be configured, such as concurrency and rate limits, timeouts, retry behavior, etc.

Note that the retry backoff policy follows the Fibonacci sequence.

This is required if your instance has authentication enabled.

This sink uses GreptimeDB's gRPC interface for data ingestion. By default, GreptimeDB listens to port 4001 for gRPC protocol.

The address must include a port.

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

Event batching behavior.

Default to public, the default database of GreptimeDB.

Database can be created via create database statement on GreptimeDB. If you are using GreptimeCloud, use dbname from the connection information of your instance.

Set gRPC compression encoding for the request Default to none, gzip or zstd is supported.

This is to keep consistency with GreptimeDB's naming pattern. By default, this sink will use val for value column name, and ts for time index name. When turned on, greptime_value and greptime_timestamp will be used for these names.

If you are using this Vector sink together with other data ingestion sources of GreptimeDB, like Prometheus Remote Write and Influxdb Line Protocol, it is highly recommended to turn on this.

Also if there is a tag name conflict from your data source, for example, you have a tag named as val or ts, you need to turn on this option to avoid the conflict.

Default to false for compatibility.

This is required if your instance has authentication enabled.

Various settings can be configured, such as concurrency and rate limits, timeouts, retry behavior, etc.

Note that the retry backoff policy follows the Fibonacci sequence.

This is required if your instance has authentication enabled.

Wrapper for sensitive strings containing credentials

The dataset to which logs are sent.

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

Event batching behavior.

All compression algorithms use the default compression level unless otherwise specified.

Transformations to prepare an event for serialization.

Honeycomb's endpoint to send logs to

Various settings can be configured, such as concurrency and rate limits, timeouts, retry behavior, etc.

Note that the retry backoff policy follows the Fibonacci sequence.

Configures how events are encoded into raw bytes.

Wrapper for sensitive strings containing credentials

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

Event batching behavior.

All compression algorithms use the default compression level unless otherwise specified.

The scheme (http or https) must be specified. No path should be included since the paths defined by the Splunk API are used.

If unset, Humio defaults it to none.

An optional path that deserializes an empty string to None.

In public-facing APIs, this must (if present) be equal to the repository used to create the ingest token used for authentication.

In private cluster setups, Humio can be configured to allow these to be different.

For more information, see Humio’s Format of Data.

Can be used to tag events by specifying fields starting with #.

For more information, see Humio’s Format of Data.

Various settings can be configured, such as concurrency and rate limits, timeouts, retry behavior, etc.

Note that the retry backoff policy follows the Fibonacci sequence.

Typically the filename the logs originated from. Maps to @source in Humio.

An optional path that deserializes an empty string to None.

Overrides the name of the log field used to retrieve the nanosecond-enabled timestamp to send to Humio.

Configures how events are encoded into raw bytes.

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

Event batching behavior.

All compression algorithms use the default compression level unless otherwise specified.

Both keys and values are templateable, which enables you to attach dynamic labels to events.

Valid label keys include *, and prefixes ending with *, to allow for the expansion of objects into multiple labels. See Label expansion for more information.

Note: If the set of labels has high cardinality, this can cause drastic performance issues with Loki. To prevent this from happening, reduce the number of unique label keys and values.

Some sources may generate events with timestamps that aren't in chronological order. Even though the sink sorts the events before sending them to Loki, there is a chance that another event could come in that is out of order with the latest events sent to Loki. Prior to Loki 2.4.0, this was not supported and would result in an error during the push request.

If you're using Loki 2.4.0 or newer, Accept is the preferred action, which lets Loki handle any necessary sorting/reordering. If you're using an earlier version, then you must use Drop or RewriteTimestamp depending on which option makes the most sense for your use case.

The path to use in the URL of the Loki instance.

Whether or not to delete fields from the event when they are used as labels.

Whether or not to delete fields from the event when they are used in structured metadata.

The timestamp is still sent as event metadata for Loki to use for indexing.

Various settings can be configured, such as concurrency and rate limits, timeouts, retry behavior, etc.

Note that the retry backoff policy follows the Fibonacci sequence.

Both keys and values are templateable, which enables you to attach dynamic structured metadata to events.

Valid metadata keys include *, and prefixes ending with *, to allow for the expansion of objects into multiple metadata entries. This follows the same logic as Label expansion.

When running Loki locally, a tenant ID is not required.

Wrapper for sensitive strings containing credentials

In many cases, components can be configured so that part of the component's functionality can be customized on a per-event basis. For example, you have a sink that writes events to a file and you want to specify which file an event should go to by using an event field as part of the input to the filename used.

By using Template, users can specify either fixed strings or templated strings. Templated strings use a common syntax to refer to fields in an event that is used as the input data when rendering the template. An example of a fixed string is my-file.log. An example of a template string is my-file-{{key}}.log, where {{key}} is the key's value when the template is rendered into a string.

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

Event batching behavior.

The default app that is set for events that do not contain a file or app field.

The default environment that is set for events that do not contain an env field.

Transformations to prepare an event for serialization.

The IP address that is attached to each batch of events.

The MAC address that is attached to each batch of events.

Various settings can be configured, such as concurrency and rate limits, timeouts, retry behavior, etc.

Note that the retry backoff policy follows the Fibonacci sequence.

The tags that are attached to each batch of events.

Wrapper for sensitive strings containing credentials

In many cases, components can be configured so that part of the component's functionality can be customized on a per-event basis. For example, you have a sink that writes events to a file and you want to specify which file an event should go to by using an event field as part of the input to the filename used.

By using Template, users can specify either fixed strings or templated strings. Templated strings use a common syntax to refer to fields in an event that is used as the input data when rendering the template. An example of a fixed string is my-file.log. An example of a template string is my-file-{{key}}.log, where {{key}} is the key's value when the template is rendered into a string.

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

Event batching behavior.

The default app that is set for events that do not contain a file or app field.

The default environment that is set for events that do not contain an env field.

Transformations to prepare an event for serialization.

The IP address that is attached to each batch of events.

The MAC address that is attached to each batch of events.

Various settings can be configured, such as concurrency and rate limits, timeouts, retry behavior, etc.

Note that the retry backoff policy follows the Fibonacci sequence.

The tags that are attached to each batch of events.

Configures how events are encoded into raw bytes.

MQTT server address (The broker’s domain name or IP address).

In many cases, components can be configured so that part of the component's functionality can be customized on a per-event basis. For example, you have a sink that writes events to a file and you want to specify which file an event should go to by using an event field as part of the input to the filename used.

By using Template, users can specify either fixed strings or templated strings. Templated strings use a common syntax to refer to fields in an event that is used as the input data when rendering the template. An example of a fixed string is my-file.log. An example of a template string is my-file-{{key}}.log, where {{key}} is the key's value when the template is rendered into a string.

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

If set to true, the MQTT session is cleaned on login.

MQTT client ID.

Connection keep-alive interval.

MQTT password.

TCP port of the MQTT server to connect to.

Supported Quality of Service types for MQTT.

Whether the messages should be retained by the server

MQTT username.

Configures how events are encoded into raw bytes.

In many cases, components can be configured so that part of the component's functionality can be customized on a per-event basis. For example, you have a sink that writes events to a file and you want to specify which file an event should go to by using an event field as part of the input to the filename used.

By using Template, users can specify either fixed strings or templated strings. Templated strings use a common syntax to refer to fields in an event that is used as the input data when rendering the template. An example of a fixed string is my-file.log. An example of a template string is my-file-{{key}}.log, where {{key}} is the key's value when the template is rendered into a string.

The URL must take the form of nats://server:port. If the port is not specified it defaults to 4222.

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

If set, the subject must belong to an existing JetStream stream.

Various settings can be configured, such as concurrency and rate limits, timeouts, retry behavior, etc.

Note that the retry backoff policy follows the Fibonacci sequence.

Wrapper for sensitive strings containing credentials

New Relic API endpoint.

Wrapper for sensitive strings containing credentials

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

Event batching behavior.

All compression algorithms use the default compression level unless otherwise specified.

Transformations to prepare an event for serialization.

New Relic region.

Various settings can be configured, such as concurrency and rate limits, timeouts, retry behavior, etc.

Note that the retry backoff policy follows the Fibonacci sequence.

Protocol configuration

Configures how events are encoded into raw bytes.

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

In many cases, components can be configured so that part of the component's functionality can be customized on a per-event basis. For example, you have a sink that writes events to a file and you want to specify which file an event should go to by using an event field as part of the input to the filename used.

By using Template, users can specify either fixed strings or templated strings. Templated strings use a common syntax to refer to fields in an event that is used as the input data when rendering the template. An example of a fixed string is my-file.log. An example of a template string is my-file-{{key}}.log, where {{key}} is the key's value when the template is rendered into a string.

Configures the send buffer size using the SO_SNDBUF option on the socket.

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

An internet socket address, either IPv4 or IPv6.

This namespace is only used if a metric has no existing namespace. When a namespace is present, it is used as a prefix to the metric name, and separated with an underscore (_).

It should follow the Prometheus naming conventions.

While distributions as a lossless way to represent a set of samples for a metric is supported, Prometheus clients (the application being scraped, which is this sink) must aggregate locally into either an aggregated histogram or aggregated summary.

A span of time, in whole seconds.

This can sometimes be useful when the source of metrics leads to their timestamps being too far in the past for Prometheus to allow them, such as when aggregating metrics over long time periods, or when replaying old metrics from a disk buffer.

The endpoint should include the scheme and the path to write to.

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

Authentication strategies.

The batch config for remote write.

All compression algorithms use the default compression level unless otherwise specified.

This namespace is only used if a metric has no existing namespace. When a namespace is present, it is used as a prefix to the metric name, and separated with an underscore (_).

It should follow the Prometheus naming conventions.

Various settings can be configured, such as concurrency and rate limits, timeouts, retry behavior, etc.

Note that the retry backoff policy follows the Fibonacci sequence.

If set, a header named X-Scope-OrgID is added to outgoing requests with the value of this setting.

This may be used by Cortex or other remote services to identify the tenant making the request.

Configures how events are encoded into raw bytes.

The endpoint should specify the pulsar protocol and port.

In many cases, components can be configured so that part of the component's functionality can be customized on a per-event basis. For example, you have a sink that writes events to a file and you want to specify which file an event should go to by using an event field as part of the input to the filename used.

By using Template, users can specify either fixed strings or templated strings. Templated strings use a common syntax to refer to fields in an event that is used as the input data when rendering the template. An example of a fixed string is my-file.log. An example of a template string is my-file-{{key}}.log, where {{key}} is the key's value when the template is rendered into a string.

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

Authentication configuration.

Event batching behavior.

Supported compression types for Pulsar.

Custom connection retry options configuration for the Pulsar client.

If the field does not exist in the log event or metric tags, a blank value will be used.

If omitted, the key is not sent.

Pulsar uses a hash of the key to choose the topic-partition or uses round-robin if the record has no key.

The name of the producer. If not specified, the default name assigned by Pulsar is used.

If omitted, no properties will be written.

Configures how events are encoded into raw bytes.

The URL must take the form of protocol://server:port/db where the protocol can either be redis or rediss for connections secured via TLS.

In many cases, components can be configured so that part of the component's functionality can be customized on a per-event basis. For example, you have a sink that writes events to a file and you want to specify which file an event should go to by using an event field as part of the input to the filename used.

By using Template, users can specify either fixed strings or templated strings. Templated strings use a common syntax to refer to fields in an event that is used as the input data when rendering the template. An example of a fixed string is my-file.log. An example of a template string is my-file-{{key}}.log, where {{key}} is the key's value when the template is rendered into a string.

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

Event batching behavior.

Redis data type to store messages in.

List-specific options.

Various settings can be configured, such as concurrency and rate limits, timeouts, retry behavior, etc.

Note that the retry backoff policy follows the Fibonacci sequence.

Wrapper for sensitive strings containing credentials

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

Event batching behavior.

Transformations to prepare an event for serialization.