Vector

Configuration file for Vector, an observability data pipeline agent and aggregator

Type object
File match vector.json vector.toml vector.yaml
Schema URL https://catalog.lintel.tools/schemas/schemastore/vector/latest.json
Source https://www.schemastore.org/vector.json

Validate with Lintel

npx @lintel/lintel check
Type: object

A complete Vector configuration.

All of

1. object object
api object

API options.

Default:
{
  "enabled": false,
  "address": "127.0.0.1:8686",
  "playground": true
}
4 nested properties
address null | string

The network address to which the API should bind. If you're running Vector in a Docker container, bind to 0.0.0.0. Otherwise the API will not be exposed outside the container.

Default: "127.0.0.1:8686"
enabled boolean

Whether the GraphQL API is enabled for this Vector instance.

Default: false
graphql boolean

Whether the endpoint for receiving and processing GraphQL queries is enabled for the API. The endpoint is accessible via the /graphql endpoint of the address set using the bind parameter.

Default: true
playground boolean

Whether the GraphQL Playground is enabled for the API. The Playground is accessible via the /playground endpoint of the address set using the bind parameter. Note that the playground endpoint will only be enabled if the graphql endpoint is also enabled.

Default: true
enrichment_tables Record<string, any>

All configured enrichment tables.

Default:
{}
healthchecks object

Healthcheck options.

Default:
{
  "enabled": true,
  "require_healthy": false
}
2 nested properties
enabled boolean

Can be overridden on a per-sink basis.

require_healthy boolean

When enabled and a sink reports not being healthy, Vector will exit during start-up.

Can be alternatively set, and overridden by, the --require-healthy command-line flag.

provider null

Configuration providers allow sourcing configuration information from a source other than the typical configuration files that must be passed to Vector.

schema object

Note: The enabled and validation options are experimental and should only be enabled if you understand the limitations. While the infrastructure exists for schema tracking and validation, the full vision of automatic semantic field mapping and comprehensive schema enforcement was never fully realized.

If you encounter issues with these features, please report them here.

Default:
{
  "enabled": false,
  "validation": false,
  "log_namespace": null
}
3 nested properties
enabled boolean

When enabled, Vector tracks the schema (field types and structure) of events as they flow from sources through transforms to sinks. This allows Vector to understand what data each component receives and produces.

Default: false
log_namespace boolean | null

When set to false (legacy mode), metadata fields like host, timestamp, and source_type are stored as top-level fields alongside your log data.

When set to true (Vector namespace mode), metadata is stored in a separate metadata namespace, keeping it distinct from your actual log data.

See the Log Namespacing guide for detailed information about when to use Vector namespace mode and how to migrate from legacy mode.

validation boolean

This helps catch pipeline configuration errors early, before runtime.

Default: false
secret Record<string, any>

All configured secrets backends.

Default:
{}
sinks Record<string, vector::config::sink::SinkOuter%3Calloc::string::String%3E>

All configured sinks.

Default:
{}
sources Record<string, vector::config::source::SourceOuter>

All configured sources.

Default:
{}
tests object[]

All configured unit tests.

Default:
[]
transforms Record<string, vector::config::transform::TransformOuter%3Calloc::string::String%3E>

All configured transforms.

Default:
{}
2. object object

Global configuration options.

acknowledgements object

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

When enabled for a sink, any source that supports end-to-end acknowledgements that is connected to that sink waits for events to be acknowledged by all connected sinks before acknowledging them at the source.

Enabling or disabling acknowledgements at the sink level takes precedence over any global acknowledgements configuration.

buffer_utilization_ewma_half_life_seconds number | null

This controls how quickly the *_buffer_utilization_mean gauges respond to new observations. Longer half-lives retain more of the previous value, leading to slower adjustments.

  • Lower values (< 1): Metrics update quickly but may be volatile
  • Default (5): Balanced between responsiveness and stability
  • Higher values (> 5): Smooth, stable metrics that update slowly

Adjust based on whether you need fast detection of buffer issues (lower) or want to see sustained trends without noise (higher).

Must be greater than 0.

min=0.0max=9007199254740990.0
data_dir core::option::Option%3Cstd::path::PathBuf%3E

This is the directory where Vector will store any state data, such as disk buffers, file checkpoints, and more.

Vector must have write permissions to this directory.

Default: "/var/lib/vector/"
expire_metrics null | object

Deprecated: use expire_metrics_secs instead

Default: null
expire_metrics_per_metric_set array | null

This allows configuring different expiration intervals for different metric sets. By default this is empty and any metric not matched by one of these sets will use the global default value, defined using expire_metrics_secs.

expire_metrics_secs number | null

Set this to a value larger than your internal_metrics scrape interval (default 5 minutes) so metrics live long enough to be emitted and captured.

min=-9007199254740990.0max=9007199254740990.0
latency_ewma_alpha number | null

This controls how quickly the component_latency_mean_seconds gauge responds to new observations. Values closer to 1.0 retain more of the previous value, leading to slower adjustments. The default value of 0.9 is equivalent to a "half life" of 6-7 measurements.

Must be between 0 and 1 exclusively (0 < alpha < 1).

Default: null
min=0.0max=1.0
log_schema object

This is used if a component does not have its own specific log schema. All events use a log schema, whether or not the default is used, to assign event fields on incoming events.

Default:
{
  "message_key": ".message",
  "timestamp_key": ".timestamp",
  "host_key": ".host",
  "source_type_key": ".source_type",
  "metadata_key": ".metadata"
}
5 nested properties
host_key string

An optional path that deserializes an empty string to None.

message_key string

An optional path that deserializes an empty string to None.

metadata_key string

An optional path that deserializes an empty string to None.

source_type_key string

An optional path that deserializes an empty string to None.

timestamp_key string

An optional path that deserializes an empty string to None.

metrics_storage_refresh_period number | null

Higher values lead to stale metric values from get_vector_metric, find_vector_metrics, and aggregate_vector_metrics functions.

Default: null
min=-9007199254740990.0max=9007199254740990.0
proxy object

Configure to proxy traffic through an HTTP(S) proxy when making external requests.

Similar to common proxy configuration convention, you can set different proxies to use based on the type of traffic being proxied. You can also set specific hosts that should not be proxied.

4 nested properties
enabled boolean

Enables proxying support.

Default: true
http string | null

Must be a valid URI string.

Default: null
format=uri
https string | null

Must be a valid URI string.

Default: null
format=uri
no_proxy string[]

Multiple patterns are allowed:

PatternExample match
Domain namesexample.com matches requests to example.com
Wildcard domains.example.com matches requests to example.com and its subdomains
IP addresses127.0.0.1 matches requests to 127.0.0.1
CIDR blocks192.168.0.0/16 matches requests to any IP addresses in this range
Splat* matches all hosts
Default:
[]
telemetry object

Determines whether source and service tags should be emitted with the component_sent_* and component_received_* events.

Default:
{
  "tags": {
    "emit_service": false,
    "emit_source": false
  }
}
1 nested properties
tags object

Configures whether to emit certain tags

Default:
{
  "emit_service": false,
  "emit_source": false
}
2 nested properties
emit_service boolean

True if the service tag should be emitted in the component_received_* and component_sent_* telemetry.

emit_source boolean

True if the source tag should be emitted in the component_received_* and component_sent_* telemetry.

timezone core::option::Option%3Cvrl::compiler::datetime::TimeZone%3E

The time zone name may be any name in the TZ database or local to indicate system local time.

Note that in Vector/VRL all timestamps are represented in UTC.

Default: null
wildcard_matching null | const: "strict" | const: "relaxed"

Setting this to "relaxed" allows configurations with wildcards that do not match any inputs to be accepted without causing an error.

Definitions

codecs::MetricTagValues const: "single" | const: "full"

The user configuration to choose the metric tag strategy.

codecs::common::length_delimited::LengthDelimitedCoderOptions object

Options for building a LengthDelimitedDecoder or LengthDelimitedEncoder.

length_field_is_big_endian boolean

Length field byte order (little or big endian)

Default: true
length_field_length integer

Number of bytes representing the field length

Default: 4
min=0.0max=9007199254740990.0
length_field_offset integer

Number of bytes in the header before the length field

Default: 0
min=0.0max=9007199254740990.0
max_frame_length integer

Maximum frame length

Default: 8388608
min=0.0max=9007199254740990.0
codecs::decoding::DeserializerConfig object | object | object

Configures how events are decoded from raw bytes. Note some decoders can also determine the event output type (log, metric, trace).

codecs::decoding::FramingConfig object

Framing handles how events are separated when encoded in a raw byte form, where each event is a frame that must be prefixed, or delimited, in a way that marks where an event begins and ends within the byte stream.

codecs::decoding::format::avro::AvroDeserializerOptions object

Apache Avro serializer options.

schema string required

The Avro schema definition. Note: The following [apache_avro::types::Value] variants are not supported:

  • Date
  • Decimal
  • Duration
  • Fixed
  • TimeMillis
strip_schema_id_prefix boolean required

For Avro datum encoded in Kafka messages, the bytes are prefixed with the schema ID. Set this to true to strip the schema ID prefix. According to Confluent Kafka's document.

codecs::decoding::format::gelf::GelfDeserializerConfig object

Config used to build a GelfDeserializer.

gelf object

GELF-specific decoding options.

2 nested properties
lossy boolean

When true, invalid UTF-8 sequences are replaced with the U+FFFD REPLACEMENT CHARACTER.

Default: true
validation const: "strict" | const: "relaxed"

Configures the decoding validation mode.

codecs::decoding::format::gelf::GelfDeserializerOptions object

GELF-specific decoding options.

lossy boolean

When true, invalid UTF-8 sequences are replaced with the U+FFFD REPLACEMENT CHARACTER.

Default: true
validation const: "strict" | const: "relaxed"

Configures the decoding validation mode.

codecs::decoding::format::gelf::ValidationMode const: "strict" | const: "relaxed"

Configures the decoding validation mode.

codecs::decoding::format::influxdb::InfluxdbDeserializerConfig object

Config used to build a InfluxdbDeserializer.

influxdb object

Influxdb-specific decoding options.

1 nested properties
lossy boolean

When true, invalid UTF-8 sequences are replaced with the U+FFFD REPLACEMENT CHARACTER.

Default: true
codecs::decoding::format::influxdb::InfluxdbDeserializerOptions object

Influxdb-specific decoding options.

lossy boolean

When true, invalid UTF-8 sequences are replaced with the U+FFFD REPLACEMENT CHARACTER.

Default: true
codecs::decoding::format::json::JsonDeserializerConfig object

Config used to build a JsonDeserializer.

json object

JSON-specific decoding options.

1 nested properties
lossy boolean

When true, invalid UTF-8 sequences are replaced with the U+FFFD REPLACEMENT CHARACTER.

Default: true
codecs::decoding::format::json::JsonDeserializerOptions object

JSON-specific decoding options.

lossy boolean

When true, invalid UTF-8 sequences are replaced with the U+FFFD REPLACEMENT CHARACTER.

Default: true
codecs::decoding::format::native_json::NativeJsonDeserializerConfig object

Config used to build a NativeJsonDeserializer.

native_json object

Vector's native JSON-specific decoding options.

1 nested properties
lossy boolean

When true, invalid UTF-8 sequences are replaced with the U+FFFD REPLACEMENT CHARACTER.

Default: true
codecs::decoding::format::native_json::NativeJsonDeserializerOptions object

Vector's native JSON-specific decoding options.

lossy boolean

When true, invalid UTF-8 sequences are replaced with the U+FFFD REPLACEMENT CHARACTER.

Default: true
codecs::decoding::format::otlp::OtlpDeserializerConfig object

Config used to build an OtlpDeserializer.

signal_types codecs::decoding::format::otlp::OtlpSignalType[]

The deserializer will try parsing in the order specified. This allows you to optimize performance when you know the expected signal types. For example, if you only receive traces, set this to ["traces"] to avoid attempting to parse as logs or metrics first.

If not specified, defaults to trying all types in order: logs, metrics, traces. Duplicate signal types are automatically removed while preserving order.

Default:
[
  "logs",
  "metrics",
  "traces"
]
uniqueItems=true
codecs::decoding::format::otlp::OtlpSignalType const: "logs" | const: "metrics" | const: "traces"

OTLP signal type for prioritized parsing.

codecs::decoding::format::protobuf::ProtobufDeserializerConfig object

Config used to build a ProtobufDeserializer.

protobuf object

Protobuf-specific decoding options.

3 nested properties
desc_file string required

A file path.

pattern=(\/.*|[a-zA-Z]:\\(?:([^<>:"\/\\|?*]*[^<>:"\/\\|?*.]\\|..\\)*([^<>:"\/\\|?*]*[^<>:"\/\\|?*.]\\?|..\\))?)
message_type string required

The name of the message type to use for serializing.

use_json_names boolean

When enabled, the deserializer will output fields using their JSON names as defined in the .proto file (e.g., jobDescription instead of job_description).

This is useful when working with data that needs to be converted to JSON or when interfacing with systems that use JSON naming conventions.

Default: false
codecs::decoding::format::protobuf::ProtobufDeserializerOptions object

Protobuf-specific decoding options.

desc_file string required

A file path.

pattern=(\/.*|[a-zA-Z]:\\(?:([^<>:"\/\\|?*]*[^<>:"\/\\|?*.]\\|..\\)*([^<>:"\/\\|?*]*[^<>:"\/\\|?*.]\\?|..\\))?)
message_type string required

The name of the message type to use for serializing.

use_json_names boolean

When enabled, the deserializer will output fields using their JSON names as defined in the .proto file (e.g., jobDescription instead of job_description).

This is useful when working with data that needs to be converted to JSON or when interfacing with systems that use JSON naming conventions.

Default: false
codecs::decoding::format::syslog::SyslogDeserializerConfig object

Config used to build a SyslogDeserializer.

syslog object

Syslog-specific decoding options.

1 nested properties
lossy boolean

When true, invalid UTF-8 sequences are replaced with the U+FFFD REPLACEMENT CHARACTER.

Default: true
codecs::decoding::format::syslog::SyslogDeserializerOptions object

Syslog-specific decoding options.

lossy boolean

When true, invalid UTF-8 sequences are replaced with the U+FFFD REPLACEMENT CHARACTER.

Default: true
codecs::decoding::format::vrl::VrlDeserializerConfig object

Config used to build a VrlDeserializer.

vrl object required

VRL-specific decoding options.

2 nested properties
source string required
timezone core::option::Option%3Cvrl::compiler::datetime::TimeZone%3E

If not set, local is used.

Default: null
codecs::decoding::format::vrl::VrlDeserializerOptions object

VRL-specific decoding options.

source string required
timezone core::option::Option%3Cvrl::compiler::datetime::TimeZone%3E

If not set, local is used.

Default: null
codecs::decoding::framing::character_delimited::CharacterDelimitedDecoderConfig object

Config used to build a CharacterDelimitedDecoder.

character_delimited object required

Options for building a CharacterDelimitedDecoder.

2 nested properties
delimiter integer required

The character that delimits byte sequences.

min=0.0max=255.0
max_length integer | null

This length does not include the trailing delimiter.

By default, there is no maximum length enforced. If events are malformed, this can lead to additional resource usage as events continue to be buffered in memory, and can potentially lead to memory exhaustion in extreme cases.

If there is a risk of processing malformed data, such as logs with user-controlled input, consider setting the maximum length to a reasonably large value as a safety net. This ensures that processing is not actually unbounded.

min=0.0max=9007199254740990.0
codecs::decoding::framing::character_delimited::CharacterDelimitedDecoderOptions object

Options for building a CharacterDelimitedDecoder.

delimiter integer required

The character that delimits byte sequences.

min=0.0max=255.0
max_length integer | null

This length does not include the trailing delimiter.

By default, there is no maximum length enforced. If events are malformed, this can lead to additional resource usage as events continue to be buffered in memory, and can potentially lead to memory exhaustion in extreme cases.

If there is a risk of processing malformed data, such as logs with user-controlled input, consider setting the maximum length to a reasonably large value as a safety net. This ensures that processing is not actually unbounded.

min=0.0max=9007199254740990.0
codecs::decoding::framing::chunked_gelf::ChunkedGelfDecoderConfig object

Config used to build a ChunkedGelfDecoder.

chunked_gelf object

Options for building a ChunkedGelfDecoder.

4 nested properties
decompression const: "Auto" | const: "Gzip" | const: "Zlib" | const: "None"

Decompression options for ChunkedGelfDecoder.

max_length integer | null

Note: A message can be composed of multiple chunks and this limit is applied to the whole message, not to individual chunks.

This limit takes only into account the message's payload and the GELF header bytes are excluded from the calculation. The message's payload is the concatenation of all the chunks' payloads.

Default: null
min=0.0max=9007199254740990.0
pending_messages_limit integer | null

The maximum number of pending incomplete messages. If this limit is reached, the decoder starts dropping chunks of new messages, ensuring the memory usage of the decoder's state is bounded. If this option is not set, the decoder does not limit the number of pending messages and the memory usage of its messages buffer can grow unbounded. This matches Graylog Server's behavior.

Default: null
min=0.0max=9007199254740990.0
timeout_secs number

The timeout, in seconds, for a message to be fully received. If the timeout is reached, the decoder drops all the received chunks of the timed out message.

Default: 5.0
min=-9007199254740990.0max=9007199254740990.0
codecs::decoding::framing::chunked_gelf::ChunkedGelfDecoderOptions object

Options for building a ChunkedGelfDecoder.

decompression const: "Auto" | const: "Gzip" | const: "Zlib" | const: "None"

Decompression options for ChunkedGelfDecoder.

max_length integer | null

Note: A message can be composed of multiple chunks and this limit is applied to the whole message, not to individual chunks.

This limit takes only into account the message's payload and the GELF header bytes are excluded from the calculation. The message's payload is the concatenation of all the chunks' payloads.

Default: null
min=0.0max=9007199254740990.0
pending_messages_limit integer | null

The maximum number of pending incomplete messages. If this limit is reached, the decoder starts dropping chunks of new messages, ensuring the memory usage of the decoder's state is bounded. If this option is not set, the decoder does not limit the number of pending messages and the memory usage of its messages buffer can grow unbounded. This matches Graylog Server's behavior.

Default: null
min=0.0max=9007199254740990.0
timeout_secs number

The timeout, in seconds, for a message to be fully received. If the timeout is reached, the decoder drops all the received chunks of the timed out message.

Default: 5.0
min=-9007199254740990.0max=9007199254740990.0
codecs::decoding::framing::chunked_gelf::ChunkedGelfDecompressionConfig const: "Auto" | const: "Gzip" | const: "Zlib" | const: "None"

Decompression options for ChunkedGelfDecoder.

codecs::decoding::framing::length_delimited::LengthDelimitedDecoderConfig object

Config used to build a LengthDelimitedDecoder.

length_delimited object required

Options for building a LengthDelimitedDecoder or LengthDelimitedEncoder.

4 nested properties
length_field_is_big_endian boolean

Length field byte order (little or big endian)

Default: true
length_field_length integer

Number of bytes representing the field length

Default: 4
min=0.0max=9007199254740990.0
length_field_offset integer

Number of bytes in the header before the length field

Default: 0
min=0.0max=9007199254740990.0
max_frame_length integer

Maximum frame length

Default: 8388608
min=0.0max=9007199254740990.0
codecs::decoding::framing::newline_delimited::NewlineDelimitedDecoderConfig object

Config used to build a NewlineDelimitedDecoder.

newline_delimited object

Options for building a NewlineDelimitedDecoder.

1 nested properties
max_length integer | null

This length does not include the trailing delimiter.

By default, there is no maximum length enforced. If events are malformed, this can lead to additional resource usage as events continue to be buffered in memory, and can potentially lead to memory exhaustion in extreme cases.

If there is a risk of processing malformed data, such as logs with user-controlled input, consider setting the maximum length to a reasonably large value as a safety net. This ensures that processing is not actually unbounded.

min=0.0max=9007199254740990.0
codecs::decoding::framing::newline_delimited::NewlineDelimitedDecoderOptions object

Options for building a NewlineDelimitedDecoder.

max_length integer | null

This length does not include the trailing delimiter.

By default, there is no maximum length enforced. If events are malformed, this can lead to additional resource usage as events continue to be buffered in memory, and can potentially lead to memory exhaustion in extreme cases.

If there is a risk of processing malformed data, such as logs with user-controlled input, consider setting the maximum length to a reasonably large value as a safety net. This ensures that processing is not actually unbounded.

min=0.0max=9007199254740990.0
codecs::decoding::framing::octet_counting::OctetCountingDecoderConfig object

Config used to build a OctetCountingDecoder.

octet_counting object

Options for building a OctetCountingDecoder.

1 nested properties
max_length integer | null

The maximum length of the byte buffer.

min=0.0max=9007199254740990.0
codecs::decoding::framing::octet_counting::OctetCountingDecoderOptions object

Options for building a OctetCountingDecoder.

max_length integer | null

The maximum length of the byte buffer.

min=0.0max=9007199254740990.0
codecs::decoding::framing::varint_length_delimited::VarintLengthDelimitedDecoderConfig object

Config used to build a VarintLengthDelimitedDecoder.

max_frame_length integer

Maximum frame length

Default: 8388608
min=0.0max=9007199254740990.0
codecs::encoding::config::EncodingConfig

Encoding configuration. Configures how events are encoded into raw bytes. The selected encoding also determines which input types (logs, metrics, traces) are supported.

codecs::encoding::config::EncodingConfigWithFraming object

Encoding configuration.

encoding required

Encoding configuration. Configures how events are encoded into raw bytes. The selected encoding also determines which input types (logs, metrics, traces) are supported.

All of: codecs::encoding::serializer::SerializerConfig object | object | object | object | object | object, object object
framing core::option::Option%3Ccodecs::encoding::framing::framer::FramingConfig%3E
codecs::encoding::format::avro::AvroSerializerOptions object

Apache Avro serializer options.

schema string required

The Avro schema.

codecs::encoding::format::cef::CefSerializerConfig object

Config used to build a CefSerializer.

cef object required

Config used to build a CefSerializer.

8 nested properties
device_event_class_id string required

Unique identifier for each event type. Identifies the type of event reported. The value length must be less than or equal to 1023.

device_product string required

Identifies the product of a vendor. The part of a unique device identifier. No two products can use the same combination of device vendor and device product. The value length must be less than or equal to 63.

device_vendor string required

Identifies the vendor of the product. The part of a unique device identifier. No two products can use the same combination of device vendor and device product. The value length must be less than or equal to 63.

device_version string required

Identifies the version of the problem. The combination of the device product, vendor, and this value make up the unique id of the device that sends messages. The value length must be less than or equal to 31.

name string required

A wrapper around OwnedTargetPath that allows it to be used in Vector config with prefix default to PathPrefix::Event

severity string required

A wrapper around OwnedTargetPath that allows it to be used in Vector config with prefix default to PathPrefix::Event

version const: "V0" | const: "V1" required

CEF version.

extensions Record<string, string>

The collection of key-value pairs. Keys are the keys of the extensions, and values are paths that point to the extension values of a log event. The event can have any number of key-value pairs in any order.

codecs::encoding::format::cef::CefSerializerOptions object

Config used to build a CefSerializer.

device_event_class_id string required

Unique identifier for each event type. Identifies the type of event reported. The value length must be less than or equal to 1023.

device_product string required

Identifies the product of a vendor. The part of a unique device identifier. No two products can use the same combination of device vendor and device product. The value length must be less than or equal to 63.

device_vendor string required

Identifies the vendor of the product. The part of a unique device identifier. No two products can use the same combination of device vendor and device product. The value length must be less than or equal to 63.

device_version string required

Identifies the version of the problem. The combination of the device product, vendor, and this value make up the unique id of the device that sends messages. The value length must be less than or equal to 31.

name string required

A wrapper around OwnedTargetPath that allows it to be used in Vector config with prefix default to PathPrefix::Event

severity string required

A wrapper around OwnedTargetPath that allows it to be used in Vector config with prefix default to PathPrefix::Event

version const: "V0" | const: "V1" required

CEF version.

extensions Record<string, string>

The collection of key-value pairs. Keys are the keys of the extensions, and values are paths that point to the extension values of a log event. The event can have any number of key-value pairs in any order.

codecs::encoding::format::cef::Version const: "V0" | const: "V1"

CEF version.

codecs::encoding::format::csv::CsvSerializerConfig object

Config used to build a CsvSerializer.

csv object required

Config used to build a CsvSerializer.

7 nested properties
fields vector_lookup::lookup_v2::ConfigTargetPath[] required

If a field is not present in the event, the output for that field is an empty string.

Values of type Array, Object, and Regex are not supported, and the output for any of these types is an empty string.

capacity integer

Sets the capacity (in bytes) of the internal buffer used in the CSV writer. This defaults to 8192 bytes (8KB).

Default: 8192
min=0.0max=9007199254740990.0
delimiter integer

The field delimiter to use when writing CSV.

Default: 44
min=0.0max=255.0
double_quote boolean

This is enabled by default, but you can disable it. When disabled, quotes in field data are escaped instead of doubled.

Default: true
escape integer

In some variants of CSV, quotes are escaped using a special escape character like \ (instead of escaping quotes by doubling them).

To use this, double_quotes needs to be disabled as well; otherwise, this setting is ignored.

Default: 34
min=0.0max=255.0
quote integer

The quote character to use when writing CSV.

Default: 34
min=0.0max=255.0
quote_style const: "always" | const: "necessary" | const: "non_numeric" | const: "never"

The user configuration to choose the metric tag strategy.

codecs::encoding::format::csv::CsvSerializerOptions object

Config used to build a CsvSerializer.

fields vector_lookup::lookup_v2::ConfigTargetPath[] required

If a field is not present in the event, the output for that field is an empty string.

Values of type Array, Object, and Regex are not supported, and the output for any of these types is an empty string.

capacity integer

Sets the capacity (in bytes) of the internal buffer used in the CSV writer. This defaults to 8192 bytes (8KB).

Default: 8192
min=0.0max=9007199254740990.0
delimiter integer

The field delimiter to use when writing CSV.

Default: 44
min=0.0max=255.0
double_quote boolean

This is enabled by default, but you can disable it. When disabled, quotes in field data are escaped instead of doubled.

Default: true
escape integer

In some variants of CSV, quotes are escaped using a special escape character like \ (instead of escaping quotes by doubling them).

To use this, double_quotes needs to be disabled as well; otherwise, this setting is ignored.

Default: 34
min=0.0max=255.0
quote integer

The quote character to use when writing CSV.

Default: 34
min=0.0max=255.0
quote_style const: "always" | const: "necessary" | const: "non_numeric" | const: "never"

The user configuration to choose the metric tag strategy.

codecs::encoding::format::csv::QuoteStyle const: "always" | const: "necessary" | const: "non_numeric" | const: "never"

The user configuration to choose the metric tag strategy.

codecs::encoding::format::gelf::GelfSerializerConfig object

Config used to build a GelfSerializer.

gelf object

Config used to build a GelfSerializer.

1 nested properties
max_chunk_size integer

Maximum size for each GELF chunked datagram (including 12-byte header). Chunking starts when datagrams exceed this size. For Graylog target, keep at or below 8192 bytes; for Vector target (gelf decoding with chunked_gelf framing), up to 65,500 bytes is recommended.

Default: 8192
min=13.0max=9007199254740990.0
codecs::encoding::format::gelf::GelfSerializerOptions object

Config used to build a GelfSerializer.

max_chunk_size integer

Maximum size for each GELF chunked datagram (including 12-byte header). Chunking starts when datagrams exceed this size. For Graylog target, keep at or below 8192 bytes; for Vector target (gelf decoding with chunked_gelf framing), up to 65,500 bytes is recommended.

Default: 8192
min=13.0max=9007199254740990.0
codecs::encoding::format::json::JsonSerializerConfig object

Config used to build a JsonSerializer.

json object

Options for the JsonSerializer.

1 nested properties
pretty boolean

Whether to use pretty JSON formatting.

Default: false
metric_tag_values const: "single" | const: "full"

The user configuration to choose the metric tag strategy.

codecs::encoding::format::json::JsonSerializerOptions object

Options for the JsonSerializer.

pretty boolean

Whether to use pretty JSON formatting.

Default: false
codecs::encoding::format::protobuf::ProtobufSerializerConfig object

Config used to build a ProtobufSerializer.

protobuf object required

Protobuf serializer options.

3 nested properties
desc_file string required

A file path.

pattern=(\/.*|[a-zA-Z]:\\(?:([^<>:"\/\\|?*]*[^<>:"\/\\|?*.]\\|..\\)*([^<>:"\/\\|?*]*[^<>:"\/\\|?*.]\\?|..\\))?)
message_type string required

The name of the message type to use for serializing.

use_json_names boolean

When enabled, the serializer looks for fields using their JSON names as defined in the .proto file (for example jobDescription instead of job_description).

This is useful when working with data that has already been converted from JSON or when interfacing with systems that use JSON naming conventions.

Default: false
codecs::encoding::format::protobuf::ProtobufSerializerOptions object

Protobuf serializer options.

desc_file string required

A file path.

pattern=(\/.*|[a-zA-Z]:\\(?:([^<>:"\/\\|?*]*[^<>:"\/\\|?*.]\\|..\\)*([^<>:"\/\\|?*]*[^<>:"\/\\|?*.]\\?|..\\))?)
message_type string required

The name of the message type to use for serializing.

use_json_names boolean

When enabled, the serializer looks for fields using their JSON names as defined in the .proto file (for example jobDescription instead of job_description).

This is useful when working with data that has already been converted from JSON or when interfacing with systems that use JSON naming conventions.

Default: false
codecs::encoding::format::syslog::SyslogRFC const: "rfc3164" | const: "rfc5424"

The syslog RFC standard to use for formatting.

codecs::encoding::format::syslog::SyslogSerializerConfig object

Config used to build a SyslogSerializer.

syslog object

Syslog serializer options.

Default:
{
  "rfc": "rfc5424",
  "facility": null,
  "severity": null,
  "app_name": null,
  "proc_id": null,
  "msg_id": null
}
6 nested properties
app_name core::option::Option%3Cvector_lookup::lookup_v2::ConfigTargetPath%3E

If not provided, the encoder checks for a semantic "service" field. If that is also missing, it defaults to "vector".

facility core::option::Option%3Cvector_lookup::lookup_v2::ConfigTargetPath%3E

Path to a field in the event to use for the facility. Defaults to "user".

msg_id core::option::Option%3Cvector_lookup::lookup_v2::ConfigTargetPath%3E

Path to a field in the event to use for the msg ID.

proc_id core::option::Option%3Cvector_lookup::lookup_v2::ConfigTargetPath%3E

Path to a field in the event to use for the proc ID.

rfc const: "rfc3164" | const: "rfc5424"

The syslog RFC standard to use for formatting.

severity core::option::Option%3Cvector_lookup::lookup_v2::ConfigTargetPath%3E

Path to a field in the event to use for the severity. Defaults to "informational".

codecs::encoding::format::syslog::SyslogSerializerOptions object

Syslog serializer options.

app_name core::option::Option%3Cvector_lookup::lookup_v2::ConfigTargetPath%3E

If not provided, the encoder checks for a semantic "service" field. If that is also missing, it defaults to "vector".

facility core::option::Option%3Cvector_lookup::lookup_v2::ConfigTargetPath%3E

Path to a field in the event to use for the facility. Defaults to "user".

msg_id core::option::Option%3Cvector_lookup::lookup_v2::ConfigTargetPath%3E

Path to a field in the event to use for the msg ID.

proc_id core::option::Option%3Cvector_lookup::lookup_v2::ConfigTargetPath%3E

Path to a field in the event to use for the proc ID.

rfc const: "rfc3164" | const: "rfc5424"

The syslog RFC standard to use for formatting.

severity core::option::Option%3Cvector_lookup::lookup_v2::ConfigTargetPath%3E

Path to a field in the event to use for the severity. Defaults to "informational".

codecs::encoding::format::text::TextSerializerConfig object

Config used to build a TextSerializer.

metric_tag_values const: "single" | const: "full"

The user configuration to choose the metric tag strategy.

codecs::encoding::framing::character_delimited::CharacterDelimitedEncoderConfig object

Config used to build a CharacterDelimitedEncoder.

character_delimited object required

Configuration for character-delimited framing.

1 nested properties
delimiter integer required

The ASCII (7-bit) character that delimits byte sequences.

min=0.0max=255.0
codecs::encoding::framing::character_delimited::CharacterDelimitedEncoderOptions object

Configuration for character-delimited framing.

delimiter integer required

The ASCII (7-bit) character that delimits byte sequences.

min=0.0max=255.0
codecs::encoding::framing::framer::FramingConfig object | object

Framing configuration.

codecs::encoding::framing::length_delimited::LengthDelimitedEncoderConfig object

Config used to build a LengthDelimitedEncoder.

length_delimited object required

Options for building a LengthDelimitedDecoder or LengthDelimitedEncoder.

4 nested properties
length_field_is_big_endian boolean

Length field byte order (little or big endian)

Default: true
length_field_length integer

Number of bytes representing the field length

Default: 4
min=0.0max=9007199254740990.0
length_field_offset integer

Number of bytes in the header before the length field

Default: 0
min=0.0max=9007199254740990.0
max_frame_length integer

Maximum frame length

Default: 8388608
min=0.0max=9007199254740990.0
codecs::encoding::framing::varint_length_delimited::VarintLengthDelimitedEncoderConfig object

Config used to build a VarintLengthDelimitedEncoder.

max_frame_length integer

Maximum frame length

Default: 8388608
min=0.0max=9007199254740990.0
codecs::encoding::serializer::SerializerConfig object | object | object | object | object | object

Serializer configuration.

codecs::encoding::transformer::TimestampFormat const: "unix" | const: "rfc3339" | const: "unix_ms" | const: "unix_us" | const: "unix_ns" | const: "unix_float"

The format in which a timestamp should be represented.

codecs::encoding::transformer::Transformer object

Transformations to prepare an event for serialization.

except_fields array | null

List of fields that are excluded from the encoded event.

Default: null
only_fields array | null

List of fields that are included in the encoded event.

Default: null
timestamp_format core::option::Option%3Ccodecs::encoding::transformer::TimestampFormat%3E

Format used for timestamp fields.

Default: null
core::option::Option<codecs::decoding::DeserializerConfig> null | object | object | object

Configures how events are decoded from raw bytes. Note some decoders can also determine the event output type (log, metric, trace).

core::option::Option<codecs::decoding::FramingConfig> null | object

Framing handles how events are separated when encoded in a raw byte form, where each event is a frame that must be prefixed, or delimited, in a way that marks where an event begins and ends within the byte stream.

core::option::Option<codecs::encoding::framing::framer::FramingConfig> null | codecs::encoding::framing::framer::FramingConfig

Framing configuration.

core::option::Option<codecs::encoding::transformer::TimestampFormat> null | codecs::encoding::transformer::TimestampFormat

The format in which a timestamp should be represented.

core::option::Option<std::path::PathBuf> null | stdlib::PathBuf

A file path.

core::option::Option<vector::aws::region::RegionOrEndpoint> null | vector::aws::region::RegionOrEndpoint

Configuration of the region/endpoint to use when interacting with an AWS service.

core::option::Option<vector::common::http::server_auth::HttpServerAuthConfig> null | vector::common::http::server_auth::HttpServerAuthConfig

Use the HTTP authentication with HTTPS only. The authentication credentials are passed as an HTTP header without any additional encryption beyond what is provided by the transport itself.

core::option::Option<vector::conditions::AnyCondition> null | string | vector::conditions::ConditionConfig

Many methods exist for matching events, such as using a VRL expression, a Datadog Search query string, or hard-coded matchers like "must be a metric" or "fields A, B, and C must match these constraints".

As VRL is the most common way to apply conditions to events, this type provides a shortcut to define VRL expressions directly in the configuration by passing the VRL expression as a string:

condition = '.message == "hooray"'

When other condition types are required, they can be specified with an enum-style notation:

condition.type = 'datadog_search'
condition.source = 'NOT "foo"'
core::option::Option<vector::http::Auth> null | vector::http::Auth

HTTP authentication should be used with HTTPS only, as the authentication credentials are passed as an HTTP header without any additional encryption beyond what is provided by the transport itself.

core::option::Option<vector::kafka::KafkaSaslConfig> null | vector::kafka::KafkaSaslConfig

Configuration for SASL authentication when interacting with Kafka.

core::option::Option<vector::nats::NatsAuthConfig> null | vector::nats::NatsAuthConfig

Configuration of the authentication strategy when interacting with NATS.

core::option::Option<vector::sinks::influxdb::InfluxDb1Settings> null | vector::sinks::influxdb::InfluxDb1Settings

Configuration settings for InfluxDB v0.x/v1.x.

core::option::Option<vector::sinks::influxdb::InfluxDb2Settings> null | vector::sinks::influxdb::InfluxDb2Settings

Configuration settings for InfluxDB v2.x.

core::option::Option<vector::sinks::util::buffer::compression::Compression> null | const: "none" | const: "gzip" | const: "zlib" | const: "zstd" | const: "snappy" | object

All compression algorithms use the default compression level unless otherwise specified.

core::option::Option<vector::sinks::util::service::health::HealthConfig> null | vector::sinks::util::service::health::HealthConfig

Options for determining the health of an endpoint.

core::option::Option<vector::sinks::util::uri::UriSerde> null | vector::sinks::util::uri::UriSerde
core::option::Option<vector::sources::util::body_decoding::Encoding> null | vector::sources::util::body_decoding::Encoding

Content encoding.

core::option::Option<vector::sources::util::multiline_config::MultilineConfig> null | vector::sources::util::multiline_config::MultilineConfig

Configuration of multi-line aggregation.

core::option::Option<vector::template::Template> null | vector::template::Template

In many cases, components can be configured so that part of the component's functionality can be customized on a per-event basis. For example, you have a sink that writes events to a file and you want to specify which file an event should go to by using an event field as part of the input to the filename used.

By using Template, users can specify either fixed strings or templated strings. Templated strings use a common syntax to refer to fields in an event that is used as the input data when rendering the template. An example of a fixed string is my-file.log. An example of a template string is my-file-{{key}}.log, where {{key}} is the key's value when the template is rendered into a string.

core::option::Option<vector::template::UnsignedIntTemplate> null | vector::template::UnsignedIntTemplate

Unsigned integer template.

core::option::Option<vector_common::sensitive_string::SensitiveString> null | vector_common::sensitive_string::SensitiveString

Wrapper for sensitive strings containing credentials

core::option::Option<vector_core::event::metric::Metric> null | vector_core::event::metric::Metric

A metric.

core::option::Option<vector_core::event::metric::tags::MetricTags> null | vector_core::event::metric::tags::MetricTags

Tags for a metric series.

core::option::Option<vector_core::ipallowlist::IpAllowlistConfig> null | vector_core::ipallowlist::IpAllowlistConfig

List of allowed origin IP networks. IP addresses must be in CIDR notation.

core::option::Option<vector_core::tcp::TcpKeepaliveConfig> null | vector_core::tcp::TcpKeepaliveConfig

TCP keepalive settings for socket-based components.

core::option::Option<vector_core::tls::settings::TlsConfig> null | vector_core::tls::settings::TlsConfig

TLS configuration.

core::option::Option<vector_core::tls::settings::TlsEnableableConfig> null | vector_core::tls::settings::TlsEnableableConfig

Configures the TLS options for incoming/outgoing connections.

core::option::Option<vector_core::tls::settings::TlsSourceConfig> null | vector_core::tls::settings::TlsSourceConfig

TlsEnableableConfig for sources, adding metadata from the client certificate.

core::option::Option<vector_lookup::lookup_v2::ConfigTargetPath> null | vector_lookup::lookup_v2::ConfigTargetPath

A wrapper around OwnedTargetPath that allows it to be used in Vector config with prefix default to PathPrefix::Event

core::option::Option<vector_lookup::lookup_v2::ConfigValuePath> null | vector_lookup::lookup_v2::ConfigValuePath

A wrapper around OwnedValuePath that allows it to be used in Vector config. This requires a valid path to be used. If you want to allow optional paths, use [optional_path::OptionalValuePath].

core::option::Option<vector_lookup::lookup_v2::optional_path::OptionalTargetPath> null | vector_lookup::lookup_v2::optional_path::OptionalTargetPath

An optional path that deserializes an empty string to None.

core::option::Option<vector_lookup::lookup_v2::optional_path::OptionalValuePath> null | vector_lookup::lookup_v2::optional_path::OptionalValuePath

An optional path that deserializes an empty string to None.

core::option::Option<vrl::compiler::datetime::TimeZone> null | vrl::compiler::datetime::TimeZone

This can refer to any valid timezone as defined in the TZ database, or "local" which refers to the system local timezone. It will default to the globally configured timezone.

file_source_common::ReadFromConfig const: "beginning" | const: "end"

File position to use when reading a new file.

http::StatusCode integer

HTTP response status code

serde_with::DurationFractionalSeconds number

A span of time, in fractional seconds.

serde_with::DurationMilliSeconds integer

A span of time, in whole milliseconds.

serde_with::DurationSeconds integer

A span of time, in whole seconds.

stdlib::PathBuf string

A file path.

stdlib::SocketAddr string

An internet socket address, either IPv4 or IPv6.

vector::amqp::AmqpConfig object

AMQP connection options.

connection_string string required

The URI has the format of amqp://<user>:<password>@<host>:<port>/<vhost>?timeout=<seconds>.

The default vhost can be specified by using a value of %2f.

To connect over TLS, a scheme of amqps can be specified instead. For example, amqps://.... Additional TLS settings, such as client certificate verification, can be configured under the tls section.

tls core::option::Option%3Cvector_core::tls::settings::TlsConfig%3E
vector::aws::auth::AwsAuthentication object | object | object | object

Configuration of the authentication strategy for interacting with AWS services.

vector::aws::auth::ImdsAuthentication object

IMDS Client Configuration for authenticating with AWS.

connect_timeout_seconds integer

A span of time, in whole seconds.

min=0.0max=9007199254740990.0
max_attempts integer

Number of IMDS retries for fetching tokens and metadata.

Default: 4
min=0.0max=4294967295.0
read_timeout_seconds integer

A span of time, in whole seconds.

min=0.0max=9007199254740990.0
vector::aws::region::RegionOrEndpoint object

Configuration of the region/endpoint to use when interacting with an AWS service.

endpoint string | null

Custom endpoint for use with AWS-compatible services.

region string | null
vector::common::http::server_auth::HttpServerAuthConfig object | object

Use the HTTP authentication with HTTPS only. The authentication credentials are passed as an HTTP header without any additional encryption beyond what is provided by the transport itself.

vector::common::mqtt::MqttCommonConfig object

Shared MQTT configuration for sources and sinks.

host string required

MQTT server address (The broker’s domain name or IP address).

client_id string | null

MQTT client ID.

Default: null
keep_alive integer

Connection keep-alive interval.

Default: 60
min=0.0max=65535.0
max_packet_size integer

Maximum packet size

Default: 10240
min=0.0max=9007199254740990.0
password string | null

MQTT password.

Default: null
port integer

TCP port of the MQTT server to connect to.

Default: 1883
min=0.0max=65535.0
tls core::option::Option%3Cvector_core::tls::settings::TlsEnableableConfig%3E

TLS configuration.

user string | null

MQTT username.

Default: null
vector::common::websocket::WebSocketCommonConfig object

Shared websocket configuration for sources and sinks.

uri string required

This should include the protocol and host, but can also include the port, path, and any other valid part of a URI. Note: Using the wss:// protocol requires enabling tls.

auth core::option::Option%3Cvector::http::Auth%3E

HTTP Authentication.

ping_interval integer | null

If this option is not configured, pings are not sent on an interval.

If the ping_timeout is not set, pings are still sent but there is no expectation of pong response times.

min=1.0max=9007199254740990.0
ping_timeout integer | null

If a response is not received within this time, the connection is re-established.

min=1.0max=9007199254740990.0
tls core::option::Option%3Cvector_core::tls::settings::TlsEnableableConfig%3E

TLS configuration.

vector::conditions::AnyCondition string | vector::conditions::ConditionConfig

Many methods exist for matching events, such as using a VRL expression, a Datadog Search query string, or hard-coded matchers like "must be a metric" or "fields A, B, and C must match these constraints".

As VRL is the most common way to apply conditions to events, this type provides a shortcut to define VRL expressions directly in the configuration by passing the VRL expression as a string:

condition = '.message == "hooray"'

When other condition types are required, they can be specified with an enum-style notation:

condition.type = 'datadog_search'
condition.source = 'NOT "foo"'
vector::conditions::ConditionConfig object | object | object

Many methods exist for matching events, such as using a VRL expression, a Datadog Search query string, or hard-coded matchers like "must be a metric" or "fields A, B, and C must match these constraints".

They can specified with an enum-style notation:

condition.type = 'datadog_search'
condition.source = 'NOT "foo"'
vector::conditions::datadog_search::DatadogSearchConfig object

A condition that uses the Datadog Search query syntax against an event.

source string required

The query string.

vector::conditions::vrl::VrlConfig object

A condition that uses the Vector Remap Language (VRL) boolean expression against an event.

source string required

The VRL boolean expression.

runtime string

The runtime to use for executing VRL code.

Default: "ast"
vector::config::TestInput object

An input describes not only the type of event to insert, but also which transform within the configuration to insert it to.

insert_at string required

Component identifier.

log_fields Record<string, any>

Only relevant when type is log.

metric core::option::Option%3Cvector_core::event::metric::Metric%3E

Only relevant when type is metric.

source string | null

Only relevant when type is vrl.

type string

Can be either raw, vrl, log, or `metric.

Default: "raw"
value string | null

Use this only when the input event should be a raw event (i.e. unprocessed/undecoded log event) and when the input type is set to raw.

vector::config::dot_graph::GraphConfig object

Configure output for component when generated with graph command

node_attributes Record<string, string>

They are added to the node as provided

vector::config::sink::SinkOuter<alloc::string::String>

Fully resolved sink component.

vector::config::source::SourceOuter

Fully resolved source component.

vector::config::transform::TransformOuter<alloc::string::String>

Fully resolved transform component.

vector::config::unit_test::unit_test_components::UnitTestSinkConfig object

Configuration for the unit_test sink.

test_name string required

Name of the test that this sink is being used for.

transform_ids string[] required

List of names of the transform/branch associated with this sink.

vector::config::unit_test::unit_test_components::UnitTestSourceConfig object

Configuration for the unit_test source.

vector::config::unit_test::unit_test_components::UnitTestStreamSinkConfig object

Configuration for the unit_test_stream sink.

vector::config::unit_test::unit_test_components::UnitTestStreamSourceConfig object

Configuration for the unit_test_stream source.

vector::enrichment_tables::file::FileConfig object

Configuration for the file enrichment table.

file object required

File-specific settings.

2 nested properties
encoding object required

File encoding configuration.

path string required

A file path.

pattern=(\/.*|[a-zA-Z]:\\(?:([^<>:"\/\\|?*]*[^<>:"\/\\|?*.]\\|..\\)*([^<>:"\/\\|?*]*[^<>:"\/\\|?*.]\\?|..\\))?)
schema Record<string, string>

This is used to coerce log fields from strings into their proper types. The available types are listed in the Types list below.

Timestamp coercions need to be prefaced with timestamp|, for example "timestamp|%F". Timestamp specifiers can use either of the following:

  1. One of the built-in-formats listed in the Timestamp Formats table below.
  2. The time format specifiers from Rust’s chrono library.

Types

  • bool
  • string
  • float
  • integer
  • date
  • timestamp (see the table below for formats)

Timestamp Formats

FormatDescriptionExample
%F %TYYYY-MM-DD HH:MM:SS2020-12-01 02:37:54
%v %TDD-Mmm-YYYY HH:MM:SS01-Dec-2020 02:37:54
%FT%TISO 8601/RFC 3339, without time zone2020-12-01T02:37:54
%FT%TZISO 8601/RFC 3339, UTC2020-12-01T09:37:54Z
%+ISO 8601/RFC 3339, UTC, with time zone2020-12-01T02:37:54-07:00
%a, %d %b %Y %TRFC 822/RFC 2822, without time zoneTue, 01 Dec 2020 02:37:54
%a %b %e %T %Yctime formatTue Dec 1 02:37:54 2020
%sUNIX timestamp1606790274
%a %d %b %T %Ydate command, without time zoneTue 01 Dec 02:37:54 2020
%a %d %b %T %Z %Ydate command, with time zoneTue 01 Dec 02:37:54 PST 2020
%a %d %b %T %z %Ydate command, with numeric time zoneTue 01 Dec 02:37:54 -0700 2020
%a %d %b %T %#z %Ydate command, with numeric time zone (minutes can be missing or present)Tue 01 Dec 02:37:54 -07 2020
Default:
{}
vector::enrichment_tables::geoip::GeoipConfig object

Configuration for the geoip enrichment table.

path string required

A file path.

pattern=(\/.*|[a-zA-Z]:\\(?:([^<>:"\/\\|?*]*[^<>:"\/\\|?*.]\\|..\\)*([^<>:"\/\\|?*]*[^<>:"\/\\|?*.]\\?|..\\))?)
locale string

MaxMind includes localized versions of some of the fields within their database, such as country name. This setting can control which of those localized versions are returned by the transform.

More information on which portions of the geolocation data are localized, and what languages are available, can be found here.

Default: "en"
vector::enrichment_tables::memory::config::MemoryConfig object

Configuration for the memory enrichment table.

flush_interval integer | null

By default, all writes are made visible immediately.

min=0.0max=9007199254740990.0
internal_metrics object

Configuration of internal metrics

Default:
{
  "include_key_tag": false
}
1 nested properties
include_key_tag boolean

This is useful for distinguishing between different keys while monitoring. However, the tag's cardinality is unbounded.

Default: false
log_namespace boolean | null

The namespace to use for logs. This overrides the global setting.

Default: null
max_byte_size integer | null

By default, there is no size limit.

min=0.0max=9007199254740990.0
scan_interval integer

The scan interval used to look for expired records. This is provided as an optimization to ensure that TTL is updated, but without doing too many cache scans.

Default: 30
min=1.0max=9007199254740990.0
source_config null | object

Configuration for source functionality.

ttl integer

TTL (time-to-live in seconds) is used to limit the lifetime of data stored in the cache. When TTL expires, data behind a specific key in the cache is removed. TTL is reset when the key is replaced.

Default: 600
min=0.0max=9007199254740990.0
ttl_field string

An optional path that deserializes an empty string to None.

vector::enrichment_tables::mmdb::MmdbConfig object

Configuration for the mmdb enrichment table.

path string required

A file path.

pattern=(\/.*|[a-zA-Z]:\\(?:([^<>:"\/\\|?*]*[^<>:"\/\\|?*.]\\|..\\)*([^<>:"\/\\|?*]*[^<>:"\/\\|?*.]\\?|..\\))?)
vector::gcp::GcpAuthConfig object

Configuration of the authentication strategy for interacting with GCP services.

api_key core::option::Option%3Cvector_common::sensitive_string::SensitiveString%3E

Either an API key or a path to a service account credentials JSON file can be specified.

If both are unset, the GOOGLE_APPLICATION_CREDENTIALS environment variable is checked for a filename. If no filename is named, an attempt is made to fetch an instance service account for the compute instance the program is running on. If this is not on a GCE instance, then you must define it with an API key or service account credentials JSON file.

credentials_path string | null

Either an API key or a path to a service account credentials JSON file can be specified.

If both are unset, the GOOGLE_APPLICATION_CREDENTIALS environment variable is checked for a filename. If no filename is named, an attempt is made to fetch an instance service account for the compute instance the program is running on. If this is not on a GCE instance, then you must define it with an API key or service account credentials JSON file.

skip_authentication boolean

Skip all authentication handling. For use with integration tests only.

Default: false
vector::http::Auth object | object | object | object

HTTP authentication should be used with HTTPS only, as the authentication credentials are passed as an HTTP header without any additional encryption beyond what is provided by the transport itself.

vector::http::KeepaliveConfig object

Configuration of HTTP server keepalive parameters.

max_connection_age_jitter_factor number

A value of 0.1 means that the actual duration will be between 90% and 110% of the specified maximum duration.

Default: 0.1
min=0.0max=1.0
max_connection_age_secs integer | null

Only applies to HTTP/0.9, HTTP/1.0, and HTTP/1.1 requests.

A random jitter configured by max_connection_age_jitter_factor is added to the specified duration to spread out connection storms.

Default: 300
min=0.0max=9007199254740990.0
vector::http::ParamType const: "string" | const: "vrl"

The type of a query parameter's value, determines if it's treated as a plain string or a VRL expression.

vector::http::ParameterValue string | object

Represents a query parameter value, which can be a simple string or a typed object indicating whether the value is a string or a VRL expression.

vector::http::QueryParameterValue vector::http::ParameterValue | vector::http::ParameterValue[]

Configuration of the query parameter value for HTTP requests.

vector::internal_events::file::FileInternalMetricsConfig object

Configuration of internal metrics for file-based components.

include_file_tag boolean

This is useful for distinguishing between different files while monitoring. However, the tag's cardinality is unbounded.

Default: false
vector::kafka::KafkaAuthConfig object

Kafka authentication configuration.

sasl core::option::Option%3Cvector::kafka::KafkaSaslConfig%3E
tls core::option::Option%3Cvector_core::tls::settings::TlsEnableableConfig%3E
vector::kafka::KafkaSaslConfig object

Configuration for SASL authentication when interacting with Kafka.

enabled boolean | null

Only PLAIN- and SCRAM-based mechanisms are supported when configuring SASL authentication using sasl.*. For other mechanisms, librdkafka_options.* must be used directly to configure other librdkafka-specific values. If using sasl.kerberos.* as an example, where * is service.name, principal, kinit.md, etc., then librdkafka_options.* as a result becomes librdkafka_options.sasl.kerberos.service.name, librdkafka_options.sasl.kerberos.principal, etc.

See the librdkafka documentation for details.

SASL authentication is not supported on Windows.

mechanism string | null

The SASL mechanism to use.

password core::option::Option%3Cvector_common::sensitive_string::SensitiveString%3E

The SASL password.

username string | null

The SASL username.

vector::line_agg::Mode const: "continue_through" | const: "continue_past" | const: "halt_before" | const: "halt_with"

Mode of operation of the line aggregator.

vector::nats::NatsAuthConfig object | object | object | object

Configuration of the authentication strategy when interacting with NATS.

vector::nats::NatsAuthCredentialsFile object

Credentials file configuration.

path string required

Path to credentials file.

vector::nats::NatsAuthNKey object

NKeys configuration.

nkey string required

Conceptually, this is equivalent to a public key.

seed string required

Conceptually, this is equivalent to a private key.

vector::nats::NatsAuthToken object

Token configuration.

value string required

Wrapper for sensitive strings containing credentials

vector::nats::NatsAuthUserPassword object

Username and password configuration.

password string required

Wrapper for sensitive strings containing credentials

user string required

Username.

vector::providers::http::HttpConfig

Configuration for the http provider.

vector::secrets::aws_secrets_manager::AwsSecretsManagerBackend

Configuration for the aws_secrets_manager secrets backend.

vector::secrets::directory::DirectoryBackend object

Configuration for the directory secrets backend.

path string required

A file path.

pattern=(\/.*|[a-zA-Z]:\\(?:([^<>:"\/\\|?*]*[^<>:"\/\\|?*.]\\|..\\)*([^<>:"\/\\|?*]*[^<>:"\/\\|?*.]\\?|..\\))?)
remove_trailing_whitespace boolean

Remove trailing whitespace from file contents.

Default: false
vector::secrets::exec::ExecBackend object

Configuration for the exec secrets backend.

command string[] required

The path to the script or binary must be the first argument.

protocol object | object

Configuration for the command that will be execed

timeout integer

The timeout, in seconds, to wait for the command to complete.

Default: 5
min=0.0max=9007199254740990.0
vector::secrets::exec::ExecVersion object | object

Configuration for the command that will be execed

vector::secrets::file::FileBackend object

Configuration for the file secrets backend.

path string required

A file path.

pattern=(\/.*|[a-zA-Z]:\\(?:([^<>:"\/\\|?*]*[^<>:"\/\\|?*.]\\|..\\)*([^<>:"\/\\|?*]*[^<>:"\/\\|?*.]\\?|..\\))?)
vector::secrets::test::TestBackend object

Configuration for the test secrets backend.

replacement string required

Fixed value to replace all secrets with.

vector::serde::OneOrMany<alloc::string::String> string | string[]

A value which can be (de)serialized from one or many instances of T.

vector::sinks::Sinks

Configurable sinks in Vector.

vector::sinks::amqp::config::AmqpSinkConfig

Supports AMQP version 0.9.1

vector::sinks::appsignal::config::AppsignalConfig object

Configuration for the appsignal sink.

push_api_key string required

Wrapper for sensitive strings containing credentials

acknowledgements object

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

When enabled for a sink, any source that supports end-to-end acknowledgements that is connected to that sink waits for events to be acknowledged by all connected sinks before acknowledging them at the source.

Enabling or disabling acknowledgements at the sink level takes precedence over any global acknowledgements configuration.

batch object

Event batching behavior.

Default:
{
  "max_bytes": null,
  "max_events": null,
  "timeout_secs": null
}
3 nested properties
max_bytes integer | null

This is based on the uncompressed size of the batched events, before they are serialized or compressed.

Default: 450000
min=0.0max=9007199254740990.0
max_events integer | null

The maximum size of a batch before it is flushed.

Default: 100
min=0.0max=9007199254740990.0
timeout_secs number | null

The maximum age of a batch before it is flushed.

Default: 1.0
min=-9007199254740990.0max=9007199254740990.0
compression const: "none" | const: "gzip" | const: "zlib" | const: "zstd" | const: "snappy" | object

All compression algorithms use the default compression level unless otherwise specified.

encoding object

Transformations to prepare an event for serialization.

3 nested properties
except_fields array | null

List of fields that are excluded from the encoded event.

Default: null
only_fields array | null

List of fields that are included in the encoded event.

Default: null
timestamp_format core::option::Option%3Ccodecs::encoding::transformer::TimestampFormat%3E

Format used for timestamp fields.

Default: null
endpoint string

The URI for the AppSignal API to send data to.

Default: "https://appsignal-endpoint.net"
format=uri
request object

Various settings can be configured, such as concurrency and rate limits, timeouts, and retry behavior.

Note that the retry backoff policy follows the Fibonacci sequence.

9 nested properties
adaptive_concurrency object

These parameters typically do not require changes from the default, and incorrect values can lead to meta-stable or unstable performance and sink behavior. Proceed with caution.

5 nested properties
decrease_ratio number

Valid values are greater than 0 and less than 1. Smaller values cause the algorithm to scale back rapidly when latency increases.

Note: The new limit is rounded down after applying this ratio.

Default: 0.9
min=0.0max=1.0
ewma_alpha number

Valid values are greater than 0 and less than 1.

ARC uses an exponentially weighted moving average (EWMA) of past RTT measurements as a reference to compare with the current RTT. Smaller values cause this reference to adjust more slowly, which may be useful if a service has unusually high response variability.

Default: 0.4
min=0.0max=1.0
initial_concurrency integer

Datadog recommends setting this value to your service's average limit if you're seeing that it takes a long time to ramp up adaptive concurrency after a restart. You can find this value by looking at the adaptive_concurrency_limit metric.

Default: 1
min=1.0max=9007199254740990.0
max_concurrency_limit integer

The adaptive request concurrency limit does not go above this bound. This is put in place as a safeguard.

Default: 200
min=1.0max=9007199254740990.0
rtt_deviation_scale number

Valid values are greater than or equal to 0, and reasonable values range from 1.0 to 3.0.

When calculating the past RTT average, a secondary “deviation” value is also computed that indicates how variable those values are. That deviation is used when comparing the past RTT average to the current measurements, so we can ignore increases in RTT that are within an expected range. This factor is used to scale up the deviation to an appropriate range. Larger values cause the algorithm to ignore larger increases in the RTT.

Default: 2.5
min=0.0max=9007199254740990.0
concurrency const: "none" | const: "adaptive" | integer

Configuration for outbound request concurrency.

This can be set either to one of the below enum values or to a positive integer, which denotes a fixed concurrency limit.

rate_limit_duration_secs integer

The time window used for the rate_limit_num option.

Default: 1
min=0.0max=9007199254740990.0
rate_limit_num integer

The maximum number of requests allowed within the rate_limit_duration_secs time window.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_attempts integer

The maximum number of retries to make for failed requests.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_initial_backoff_secs integer

After the first retry has failed, the Fibonacci sequence is used to select future backoffs.

Default: 1
min=1.0max=9007199254740990.0
retry_jitter_mode const: "None" | const: "Full"

The jitter mode to use for retry backoff behavior.

retry_max_duration_secs integer

The maximum amount of time to wait between retries.

Default: 30
min=1.0max=9007199254740990.0
timeout_secs integer

Datadog highly recommends that you do not lower this value below the service's internal timeout, as this could create orphaned requests, pile on retries, and result in duplicate data downstream.

Default: 60
min=0.0max=9007199254740990.0
tls core::option::Option%3Cvector_core::tls::settings::TlsEnableableConfig%3E
vector::sinks::aws_cloudwatch_logs::config::CloudwatchLogsSinkConfig

Configuration for the aws_cloudwatch_logs sink.

vector::sinks::aws_cloudwatch_metrics::CloudWatchMetricsSinkConfig

Configuration for the aws_cloudwatch_metrics sink.

vector::sinks::aws_kinesis::config::KinesisSinkBaseConfig

Base configuration for the aws_kinesis_ sinks. The actual specific sink configuration types should either wrap this in a newtype wrapper, or should extend it in a new struct with serde(flatten).

vector::sinks::aws_kinesis::firehose::config::KinesisFirehoseSinkConfig

Configuration for the aws_kinesis_firehose sink.

vector::sinks::aws_kinesis::streams::config::KinesisStreamsSinkConfig

Configuration for the aws_kinesis_streams sink.

vector::sinks::aws_s3::config::S3SinkConfig

Configuration for the aws_s3 sink.

vector::sinks::aws_s_s::config::BaseSSSinkConfig object

Base Configuration aws_s_s for sns and sqs sink.

encoding required

Encoding configuration. Configures how events are encoded into raw bytes. The selected encoding also determines which input types (logs, metrics, traces) are supported.

All of: codecs::encoding::serializer::SerializerConfig object | object | object | object | object | object, object object
acknowledgements object

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

When enabled for a sink, any source that supports end-to-end acknowledgements that is connected to that sink waits for events to be acknowledged by all connected sinks before acknowledging them at the source.

Enabling or disabling acknowledgements at the sink level takes precedence over any global acknowledgements configuration.

assume_role string | null
auth object | object | object | object

Configuration of the authentication strategy for interacting with AWS services.

message_deduplication_id string | null

This value is a template which should result in a unique string for each event. See the AWS documentation for more about how AWS does message deduplication.

message_group_id string | null

Can be applied only to FIFO queues.

request object

Various settings can be configured, such as concurrency and rate limits, timeouts, and retry behavior.

Note that the retry backoff policy follows the Fibonacci sequence.

9 nested properties
adaptive_concurrency object

These parameters typically do not require changes from the default, and incorrect values can lead to meta-stable or unstable performance and sink behavior. Proceed with caution.

5 nested properties
decrease_ratio number

Valid values are greater than 0 and less than 1. Smaller values cause the algorithm to scale back rapidly when latency increases.

Note: The new limit is rounded down after applying this ratio.

Default: 0.9
min=0.0max=1.0
ewma_alpha number

Valid values are greater than 0 and less than 1.

ARC uses an exponentially weighted moving average (EWMA) of past RTT measurements as a reference to compare with the current RTT. Smaller values cause this reference to adjust more slowly, which may be useful if a service has unusually high response variability.

Default: 0.4
min=0.0max=1.0
initial_concurrency integer

Datadog recommends setting this value to your service's average limit if you're seeing that it takes a long time to ramp up adaptive concurrency after a restart. You can find this value by looking at the adaptive_concurrency_limit metric.

Default: 1
min=1.0max=9007199254740990.0
max_concurrency_limit integer

The adaptive request concurrency limit does not go above this bound. This is put in place as a safeguard.

Default: 200
min=1.0max=9007199254740990.0
rtt_deviation_scale number

Valid values are greater than or equal to 0, and reasonable values range from 1.0 to 3.0.

When calculating the past RTT average, a secondary “deviation” value is also computed that indicates how variable those values are. That deviation is used when comparing the past RTT average to the current measurements, so we can ignore increases in RTT that are within an expected range. This factor is used to scale up the deviation to an appropriate range. Larger values cause the algorithm to ignore larger increases in the RTT.

Default: 2.5
min=0.0max=9007199254740990.0
concurrency const: "none" | const: "adaptive" | integer

Configuration for outbound request concurrency.

This can be set either to one of the below enum values or to a positive integer, which denotes a fixed concurrency limit.

rate_limit_duration_secs integer

The time window used for the rate_limit_num option.

Default: 1
min=0.0max=9007199254740990.0
rate_limit_num integer

The maximum number of requests allowed within the rate_limit_duration_secs time window.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_attempts integer

The maximum number of retries to make for failed requests.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_initial_backoff_secs integer

After the first retry has failed, the Fibonacci sequence is used to select future backoffs.

Default: 1
min=1.0max=9007199254740990.0
retry_jitter_mode const: "None" | const: "Full"

The jitter mode to use for retry backoff behavior.

retry_max_duration_secs integer

The maximum amount of time to wait between retries.

Default: 30
min=1.0max=9007199254740990.0
timeout_secs integer

Datadog highly recommends that you do not lower this value below the service's internal timeout, as this could create orphaned requests, pile on retries, and result in duplicate data downstream.

Default: 60
min=0.0max=9007199254740990.0
tls core::option::Option%3Cvector_core::tls::settings::TlsConfig%3E
vector::sinks::aws_s_s::sns::config::SnsSinkConfig

Configuration for the aws_sns sink.

vector::sinks::aws_s_s::sqs::config::SqsSinkConfig

Configuration for the aws_sqs sink.

vector::sinks::axiom::config::AxiomConfig

Configuration for the axiom sink.

vector::sinks::azure_blob::config::AzureBlobSinkConfig

Configuration for the azure_blob sink.

vector::sinks::azure_logs_ingestion::config::AzureLogsIngestionConfig object

Configuration for the azure_logs_ingestion sink.

dcr_immutable_id string required
endpoint string required
stream_name string required
acknowledgements object

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

When enabled for a sink, any source that supports end-to-end acknowledgements that is connected to that sink waits for events to be acknowledged by all connected sinks before acknowledging them at the source.

Enabling or disabling acknowledgements at the sink level takes precedence over any global acknowledgements configuration.

auth object | object | object | object | object

Configuration of the authentication strategy for interacting with Azure services.

Default:
{
  "azure_tenant_id": "",
  "azure_client_id": "",
  "azure_client_secret": ""
}
batch vector::sinks::util::batch::BatchConfig%3Cvector::sinks::util::batch::RealtimeSizeBasedDefaultBatchSettings%3E

Event batching behavior.

Default:
{
  "max_bytes": null,
  "max_events": null,
  "timeout_secs": null
}
encoding object

Transformations to prepare an event for serialization.

3 nested properties
except_fields array | null

List of fields that are excluded from the encoded event.

Default: null
only_fields array | null

List of fields that are included in the encoded event.

Default: null
timestamp_format core::option::Option%3Ccodecs::encoding::transformer::TimestampFormat%3E

Format used for timestamp fields.

Default: null
request object

Various settings can be configured, such as concurrency and rate limits, timeouts, and retry behavior.

Note that the retry backoff policy follows the Fibonacci sequence.

9 nested properties
adaptive_concurrency object

These parameters typically do not require changes from the default, and incorrect values can lead to meta-stable or unstable performance and sink behavior. Proceed with caution.

5 nested properties
decrease_ratio number

Valid values are greater than 0 and less than 1. Smaller values cause the algorithm to scale back rapidly when latency increases.

Note: The new limit is rounded down after applying this ratio.

Default: 0.9
min=0.0max=1.0
ewma_alpha number

Valid values are greater than 0 and less than 1.

ARC uses an exponentially weighted moving average (EWMA) of past RTT measurements as a reference to compare with the current RTT. Smaller values cause this reference to adjust more slowly, which may be useful if a service has unusually high response variability.

Default: 0.4
min=0.0max=1.0
initial_concurrency integer

Datadog recommends setting this value to your service's average limit if you're seeing that it takes a long time to ramp up adaptive concurrency after a restart. You can find this value by looking at the adaptive_concurrency_limit metric.

Default: 1
min=1.0max=9007199254740990.0
max_concurrency_limit integer

The adaptive request concurrency limit does not go above this bound. This is put in place as a safeguard.

Default: 200
min=1.0max=9007199254740990.0
rtt_deviation_scale number

Valid values are greater than or equal to 0, and reasonable values range from 1.0 to 3.0.

When calculating the past RTT average, a secondary “deviation” value is also computed that indicates how variable those values are. That deviation is used when comparing the past RTT average to the current measurements, so we can ignore increases in RTT that are within an expected range. This factor is used to scale up the deviation to an appropriate range. Larger values cause the algorithm to ignore larger increases in the RTT.

Default: 2.5
min=0.0max=9007199254740990.0
concurrency const: "none" | const: "adaptive" | integer

Configuration for outbound request concurrency.

This can be set either to one of the below enum values or to a positive integer, which denotes a fixed concurrency limit.

rate_limit_duration_secs integer

The time window used for the rate_limit_num option.

Default: 1
min=0.0max=9007199254740990.0
rate_limit_num integer

The maximum number of requests allowed within the rate_limit_duration_secs time window.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_attempts integer

The maximum number of retries to make for failed requests.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_initial_backoff_secs integer

After the first retry has failed, the Fibonacci sequence is used to select future backoffs.

Default: 1
min=1.0max=9007199254740990.0
retry_jitter_mode const: "None" | const: "Full"

The jitter mode to use for retry backoff behavior.

retry_max_duration_secs integer

The maximum amount of time to wait between retries.

Default: 30
min=1.0max=9007199254740990.0
timeout_secs integer

Datadog highly recommends that you do not lower this value below the service's internal timeout, as this could create orphaned requests, pile on retries, and result in duplicate data downstream.

Default: 60
min=0.0max=9007199254740990.0
timestamp_field string

The setting of log_schema.timestamp_key, usually timestamp, is used as the source. Most schemas use TimeGenerated, but some use Timestamp (legacy) or EventStartTime (ASIM) std_columns.

Default: "TimeGenerated"
tls core::option::Option%3Cvector_core::tls::settings::TlsConfig%3E
token_scope string
Default: "https://monitor.azure.com/.default"
vector::sinks::azure_monitor_logs::config::AzureMonitorLogsConfig object

Configuration for the azure_monitor_logs sink.

customer_id string required
log_type string required

Can only contain letters, numbers, and underscores (_), and may not exceed 100 characters.

pattern=[a-zA-Z0-9_]{1,100}
shared_key string required

Wrapper for sensitive strings containing credentials

acknowledgements object

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

When enabled for a sink, any source that supports end-to-end acknowledgements that is connected to that sink waits for events to be acknowledged by all connected sinks before acknowledging them at the source.

Enabling or disabling acknowledgements at the sink level takes precedence over any global acknowledgements configuration.

azure_resource_id string | null
batch vector::sinks::util::batch::BatchConfig%3Cvector::sinks::util::batch::RealtimeSizeBasedDefaultBatchSettings%3E

Event batching behavior.

Default:
{
  "max_bytes": null,
  "max_events": null,
  "timeout_secs": null
}
encoding object

Transformations to prepare an event for serialization.

3 nested properties
except_fields array | null

List of fields that are excluded from the encoded event.

Default: null
only_fields array | null

List of fields that are included in the encoded event.

Default: null
timestamp_format core::option::Option%3Ccodecs::encoding::transformer::TimestampFormat%3E

Format used for timestamp fields.

Default: null
host string
Default: "ods.opinsights.azure.com"
request object

Various settings can be configured, such as concurrency and rate limits, timeouts, and retry behavior.

Note that the retry backoff policy follows the Fibonacci sequence.

9 nested properties
adaptive_concurrency object

These parameters typically do not require changes from the default, and incorrect values can lead to meta-stable or unstable performance and sink behavior. Proceed with caution.

5 nested properties
decrease_ratio number

Valid values are greater than 0 and less than 1. Smaller values cause the algorithm to scale back rapidly when latency increases.

Note: The new limit is rounded down after applying this ratio.

Default: 0.9
min=0.0max=1.0
ewma_alpha number

Valid values are greater than 0 and less than 1.

ARC uses an exponentially weighted moving average (EWMA) of past RTT measurements as a reference to compare with the current RTT. Smaller values cause this reference to adjust more slowly, which may be useful if a service has unusually high response variability.

Default: 0.4
min=0.0max=1.0
initial_concurrency integer

Datadog recommends setting this value to your service's average limit if you're seeing that it takes a long time to ramp up adaptive concurrency after a restart. You can find this value by looking at the adaptive_concurrency_limit metric.

Default: 1
min=1.0max=9007199254740990.0
max_concurrency_limit integer

The adaptive request concurrency limit does not go above this bound. This is put in place as a safeguard.

Default: 200
min=1.0max=9007199254740990.0
rtt_deviation_scale number

Valid values are greater than or equal to 0, and reasonable values range from 1.0 to 3.0.

When calculating the past RTT average, a secondary “deviation” value is also computed that indicates how variable those values are. That deviation is used when comparing the past RTT average to the current measurements, so we can ignore increases in RTT that are within an expected range. This factor is used to scale up the deviation to an appropriate range. Larger values cause the algorithm to ignore larger increases in the RTT.

Default: 2.5
min=0.0max=9007199254740990.0
concurrency const: "none" | const: "adaptive" | integer

Configuration for outbound request concurrency.

This can be set either to one of the below enum values or to a positive integer, which denotes a fixed concurrency limit.

rate_limit_duration_secs integer

The time window used for the rate_limit_num option.

Default: 1
min=0.0max=9007199254740990.0
rate_limit_num integer

The maximum number of requests allowed within the rate_limit_duration_secs time window.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_attempts integer

The maximum number of retries to make for failed requests.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_initial_backoff_secs integer

After the first retry has failed, the Fibonacci sequence is used to select future backoffs.

Default: 1
min=1.0max=9007199254740990.0
retry_jitter_mode const: "None" | const: "Full"

The jitter mode to use for retry backoff behavior.

retry_max_duration_secs integer

The maximum amount of time to wait between retries.

Default: 30
min=1.0max=9007199254740990.0
timeout_secs integer

Datadog highly recommends that you do not lower this value below the service's internal timeout, as this could create orphaned requests, pile on retries, and result in duplicate data downstream.

Default: 60
min=0.0max=9007199254740990.0
time_generated_key core::option::Option%3Cvector_lookup::lookup_v2::optional_path::OptionalValuePath%3E

The setting of log_schema.timestamp_key, usually timestamp, is used here by default. This field should be used in rare cases where TimeGenerated should point to a specific log field. For example, use this field to set the log field source_timestamp as holding the value that should be used as TimeGenerated on the Azure side.

tls core::option::Option%3Cvector_core::tls::settings::TlsConfig%3E
vector::sinks::blackhole::config::BlackholeConfig object

Configuration for the blackhole sink.

acknowledgements object

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

When enabled for a sink, any source that supports end-to-end acknowledgements that is connected to that sink waits for events to be acknowledged by all connected sinks before acknowledging them at the source.

Enabling or disabling acknowledgements at the sink level takes precedence over any global acknowledgements configuration.

print_interval_secs integer

A span of time, in whole seconds.

min=0.0max=9007199254740990.0
rate integer | null

By default, there is no limit.

min=0.0max=9007199254740990.0
vector::sinks::clickhouse::config::ClickhouseConfig object

Configuration for the clickhouse sink.

endpoint string required
table string required

In many cases, components can be configured so that part of the component's functionality can be customized on a per-event basis. For example, you have a sink that writes events to a file and you want to specify which file an event should go to by using an event field as part of the input to the filename used.

By using Template, users can specify either fixed strings or templated strings. Templated strings use a common syntax to refer to fields in an event that is used as the input data when rendering the template. An example of a fixed string is my-file.log. An example of a template string is my-file-{{key}}.log, where {{key}} is the key's value when the template is rendered into a string.

acknowledgements object

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

When enabled for a sink, any source that supports end-to-end acknowledgements that is connected to that sink waits for events to be acknowledged by all connected sinks before acknowledging them at the source.

Enabling or disabling acknowledgements at the sink level takes precedence over any global acknowledgements configuration.

auth core::option::Option%3Cvector::http::Auth%3E
batch vector::sinks::util::batch::BatchConfig%3Cvector::sinks::util::batch::RealtimeSizeBasedDefaultBatchSettings%3E

Event batching behavior.

Default:
{
  "max_bytes": null,
  "max_events": null,
  "timeout_secs": null
}
batch_encoding null

When specified, events are encoded together as a single batch. This is mutually exclusive with per-event encoding based on the format field.

Default: null
compression const: "none" | const: "gzip" | const: "zlib" | const: "zstd" | const: "snappy" | object

All compression algorithms use the default compression level unless otherwise specified.

database core::option::Option%3Cvector::template::Template%3E

The database that contains the table that data is inserted into.

date_time_best_effort boolean

Sets date_time_input_format to best_effort, allowing ClickHouse to properly parse RFC3339/ISO 8601.

Default: false
encoding object

Transformations to prepare an event for serialization.

3 nested properties
except_fields array | null

List of fields that are excluded from the encoded event.

Default: null
only_fields array | null

List of fields that are included in the encoded event.

Default: null
timestamp_format core::option::Option%3Ccodecs::encoding::transformer::TimestampFormat%3E

Format used for timestamp fields.

Default: null
format const: "json_each_row" | const: "json_as_object" | const: "json_as_string" | const: "arrow_stream"

The format to parse input data.

Default: "json_each_row"
insert_random_shard boolean

Sets insert_distributed_one_random_shard, allowing ClickHouse to insert data into a random shard when using Distributed Table Engine.

Default: false
query_settings object

Query settings for the clickhouse sink.

Default:
{
  "async_insert_settings": {
    "enabled": null,
    "wait_for_processing": null,
    "wait_for_processing_timeout": null,
    "deduplicate": null,
    "max_data_size": null,
    "max_query_number": null
  }
}
1 nested properties
async_insert_settings object

Async insert-related settings.

Default:
{
  "enabled": null,
  "wait_for_processing": null,
  "wait_for_processing_timeout": null,
  "deduplicate": null,
  "max_data_size": null,
  "max_query_number": null
}
6 nested properties
deduplicate boolean | null

If left unspecified, use the default provided by the ClickHouse server.

Default: null
enabled boolean | null

If left unspecified, use the default provided by the ClickHouse server.

Default: null
max_data_size integer | null

If left unspecified, use the default provided by the ClickHouse server.

Default: null
min=0.0max=9007199254740990.0
max_query_number integer | null

If left unspecified, use the default provided by the ClickHouse server.

Default: null
min=0.0max=9007199254740990.0
wait_for_processing boolean | null

If left unspecified, use the default provided by the ClickHouse server.

Default: null
wait_for_processing_timeout integer | null

If left unspecified, use the default provided by the ClickHouse server.

Default: null
min=0.0max=9007199254740990.0
request object

Various settings can be configured, such as concurrency and rate limits, timeouts, and retry behavior.

Note that the retry backoff policy follows the Fibonacci sequence.

9 nested properties
adaptive_concurrency object

These parameters typically do not require changes from the default, and incorrect values can lead to meta-stable or unstable performance and sink behavior. Proceed with caution.

5 nested properties
decrease_ratio number

Valid values are greater than 0 and less than 1. Smaller values cause the algorithm to scale back rapidly when latency increases.

Note: The new limit is rounded down after applying this ratio.

Default: 0.9
min=0.0max=1.0
ewma_alpha number

Valid values are greater than 0 and less than 1.

ARC uses an exponentially weighted moving average (EWMA) of past RTT measurements as a reference to compare with the current RTT. Smaller values cause this reference to adjust more slowly, which may be useful if a service has unusually high response variability.

Default: 0.4
min=0.0max=1.0
initial_concurrency integer

Datadog recommends setting this value to your service's average limit if you're seeing that it takes a long time to ramp up adaptive concurrency after a restart. You can find this value by looking at the adaptive_concurrency_limit metric.

Default: 1
min=1.0max=9007199254740990.0
max_concurrency_limit integer

The adaptive request concurrency limit does not go above this bound. This is put in place as a safeguard.

Default: 200
min=1.0max=9007199254740990.0
rtt_deviation_scale number

Valid values are greater than or equal to 0, and reasonable values range from 1.0 to 3.0.

When calculating the past RTT average, a secondary “deviation” value is also computed that indicates how variable those values are. That deviation is used when comparing the past RTT average to the current measurements, so we can ignore increases in RTT that are within an expected range. This factor is used to scale up the deviation to an appropriate range. Larger values cause the algorithm to ignore larger increases in the RTT.

Default: 2.5
min=0.0max=9007199254740990.0
concurrency const: "none" | const: "adaptive" | integer

Configuration for outbound request concurrency.

This can be set either to one of the below enum values or to a positive integer, which denotes a fixed concurrency limit.

rate_limit_duration_secs integer

The time window used for the rate_limit_num option.

Default: 1
min=0.0max=9007199254740990.0
rate_limit_num integer

The maximum number of requests allowed within the rate_limit_duration_secs time window.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_attempts integer

The maximum number of retries to make for failed requests.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_initial_backoff_secs integer

After the first retry has failed, the Fibonacci sequence is used to select future backoffs.

Default: 1
min=1.0max=9007199254740990.0
retry_jitter_mode const: "None" | const: "Full"

The jitter mode to use for retry backoff behavior.

retry_max_duration_secs integer

The maximum amount of time to wait between retries.

Default: 30
min=1.0max=9007199254740990.0
timeout_secs integer

Datadog highly recommends that you do not lower this value below the service's internal timeout, as this could create orphaned requests, pile on retries, and result in duplicate data downstream.

Default: 60
min=0.0max=9007199254740990.0
skip_unknown_fields boolean | null

If left unspecified, use the default provided by the ClickHouse server.

Default: null
tls core::option::Option%3Cvector_core::tls::settings::TlsConfig%3E
vector::sinks::console::config::ConsoleSinkConfig

Configuration for the console sink.

vector::sinks::databend::config::DatabendConfig object

Configuration for the databend sink.

endpoint string required
table string required

The table that data is inserted into.

acknowledgements object

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

When enabled for a sink, any source that supports end-to-end acknowledgements that is connected to that sink waits for events to be acknowledged by all connected sinks before acknowledging them at the source.

Enabling or disabling acknowledgements at the sink level takes precedence over any global acknowledgements configuration.

auth core::option::Option%3Cvector::http::Auth%3E

The username and password to authenticate with. Overrides the username and password in DSN.

batch vector::sinks::util::batch::BatchConfig%3Cvector::sinks::util::batch::RealtimeSizeBasedDefaultBatchSettings%3E

Event batching behavior.

Default:
{
  "max_bytes": null,
  "max_events": null,
  "timeout_secs": null
}
compression const: "none" | const: "gzip"

Compression configuration.

Default: "none"
database string | null

The database that contains the table that data is inserted into. Overrides the database in DSN.

encoding

Configures how events are encoded into raw bytes.

Default:
{
  "codec": "json",
  "json": {
    "pretty": false
  }
}
All of: variant, object object
missing_field_as const: "ERROR" | const: "NULL" | const: "FIELD_DEFAULT" | const: "TYPE_DEFAULT"

Defines how missing fields are handled for NDJson. Refer to https://docs.databend.com/sql/sql-reference/file-format-options#null_field_as

Default: "NULL"
request object

Various settings can be configured, such as concurrency and rate limits, timeouts, and retry behavior.

Note that the retry backoff policy follows the Fibonacci sequence.

9 nested properties
adaptive_concurrency object

These parameters typically do not require changes from the default, and incorrect values can lead to meta-stable or unstable performance and sink behavior. Proceed with caution.

5 nested properties
decrease_ratio number

Valid values are greater than 0 and less than 1. Smaller values cause the algorithm to scale back rapidly when latency increases.

Note: The new limit is rounded down after applying this ratio.

Default: 0.9
min=0.0max=1.0
ewma_alpha number

Valid values are greater than 0 and less than 1.

ARC uses an exponentially weighted moving average (EWMA) of past RTT measurements as a reference to compare with the current RTT. Smaller values cause this reference to adjust more slowly, which may be useful if a service has unusually high response variability.

Default: 0.4
min=0.0max=1.0
initial_concurrency integer

Datadog recommends setting this value to your service's average limit if you're seeing that it takes a long time to ramp up adaptive concurrency after a restart. You can find this value by looking at the adaptive_concurrency_limit metric.

Default: 1
min=1.0max=9007199254740990.0
max_concurrency_limit integer

The adaptive request concurrency limit does not go above this bound. This is put in place as a safeguard.

Default: 200
min=1.0max=9007199254740990.0
rtt_deviation_scale number

Valid values are greater than or equal to 0, and reasonable values range from 1.0 to 3.0.

When calculating the past RTT average, a secondary “deviation” value is also computed that indicates how variable those values are. That deviation is used when comparing the past RTT average to the current measurements, so we can ignore increases in RTT that are within an expected range. This factor is used to scale up the deviation to an appropriate range. Larger values cause the algorithm to ignore larger increases in the RTT.

Default: 2.5
min=0.0max=9007199254740990.0
concurrency const: "none" | const: "adaptive" | integer

Configuration for outbound request concurrency.

This can be set either to one of the below enum values or to a positive integer, which denotes a fixed concurrency limit.

rate_limit_duration_secs integer

The time window used for the rate_limit_num option.

Default: 1
min=0.0max=9007199254740990.0
rate_limit_num integer

The maximum number of requests allowed within the rate_limit_duration_secs time window.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_attempts integer

The maximum number of retries to make for failed requests.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_initial_backoff_secs integer

After the first retry has failed, the Fibonacci sequence is used to select future backoffs.

Default: 1
min=1.0max=9007199254740990.0
retry_jitter_mode const: "None" | const: "Full"

The jitter mode to use for retry backoff behavior.

retry_max_duration_secs integer

The maximum amount of time to wait between retries.

Default: 30
min=1.0max=9007199254740990.0
timeout_secs integer

Datadog highly recommends that you do not lower this value below the service's internal timeout, as this could create orphaned requests, pile on retries, and result in duplicate data downstream.

Default: 60
min=0.0max=9007199254740990.0
tls core::option::Option%3Cvector_core::tls::settings::TlsConfig%3E

The TLS configuration to use when connecting to the Databend server.

vector::sinks::datadog::LocalDatadogCommonConfig object

Shared configuration for Datadog sinks. Contains the maximum set of common settings that applies to all DD sink components.

acknowledgements object

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

When enabled for a sink, any source that supports end-to-end acknowledgements that is connected to that sink waits for events to be acknowledged by all connected sinks before acknowledging them at the source.

Enabling or disabling acknowledgements at the sink level takes precedence over any global acknowledgements configuration.

default_api_key core::option::Option%3Cvector_common::sensitive_string::SensitiveString%3E

If an event has a Datadog API key set explicitly in its metadata, it takes precedence over this setting.

This value can also be set by specifying the DD_API_KEY environment variable. The value specified here takes precedence over the environment variable.

endpoint string | null

The endpoint must contain an HTTP scheme, and may specify a hostname or IP address and port. The API path should NOT be specified as this is handled by the sink.

If set, overrides the site option.

Default: null
site string | null

This value can also be set by specifying the DD_SITE environment variable. The value specified here takes precedence over the environment variable.

If not specified by the environment variable, a default value of datadoghq.com is taken.

tls core::option::Option%3Cvector_core::tls::settings::TlsEnableableConfig%3E
Default: null
vector::sinks::datadog::events::config::DatadogEventsConfig

Configuration for the datadog_events sink.

vector::sinks::datadog::logs::config::DatadogLogsConfig

Configuration for the datadog_logs sink.

vector::sinks::datadog::metrics::config::DatadogMetricsConfig

Configuration for the datadog_metrics sink.

vector::sinks::datadog::traces::config::DatadogTracesConfig

Configuration for the datadog_traces sink.

vector::sinks::doris::config::DorisConfig

Configuration for the doris sink.

vector::sinks::elasticsearch::config::ElasticsearchConfig object

Configuration for the elasticsearch sink.

acknowledgements object

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

When enabled for a sink, any source that supports end-to-end acknowledgements that is connected to that sink waits for events to be acknowledged by all connected sinks before acknowledging them at the source.

Enabling or disabling acknowledgements at the sink level takes precedence over any global acknowledgements configuration.

api_version const: "auto" | const: "v6" | const: "v7" | const: "v8"

Amazon OpenSearch Serverless requires this option to be set to auto (the default).

Default: "auto"
auth null | object

Elasticsearch Authentication strategies.

aws core::option::Option%3Cvector::aws::region::RegionOrEndpoint%3E
Default: null
batch vector::sinks::util::batch::BatchConfig%3Cvector::sinks::util::batch::RealtimeSizeBasedDefaultBatchSettings%3E

Event batching behavior.

Default:
{
  "max_bytes": null,
  "max_events": null,
  "timeout_secs": null
}
bulk object

Elasticsearch bulk mode configuration.

Default:
{
  "action": "index",
  "index": "vector-%Y.%m.%d",
  "template_fallback_index": null,
  "version": null,
  "version_type": "internal"
}
5 nested properties
action string

In many cases, components can be configured so that part of the component's functionality can be customized on a per-event basis. For example, you have a sink that writes events to a file and you want to specify which file an event should go to by using an event field as part of the input to the filename used.

By using Template, users can specify either fixed strings or templated strings. Templated strings use a common syntax to refer to fields in an event that is used as the input data when rendering the template. An example of a fixed string is my-file.log. An example of a template string is my-file-{{key}}.log, where {{key}} is the key's value when the template is rendered into a string.

index string

In many cases, components can be configured so that part of the component's functionality can be customized on a per-event basis. For example, you have a sink that writes events to a file and you want to specify which file an event should go to by using an event field as part of the input to the filename used.

By using Template, users can specify either fixed strings or templated strings. Templated strings use a common syntax to refer to fields in an event that is used as the input data when rendering the template. An example of a fixed string is my-file.log. An example of a template string is my-file-{{key}}.log, where {{key}} is the key's value when the template is rendered into a string.

template_fallback_index string | null

The default index to write events to if the template in bulk.index cannot be resolved

version core::option::Option%3Cvector::template::Template%3E

Version field value.

version_type const: "internal" | const: "external" | const: "external_gte"

Possible values are internal, external or external_gt and external_gte.

Default: "internal"
compression const: "none" | const: "gzip" | const: "zlib" | const: "zstd" | const: "snappy" | object

All compression algorithms use the default compression level unless otherwise specified.

data_stream null | object

Elasticsearch data stream mode configuration.

Default: null
distribution core::option::Option%3Cvector::sinks::util::service::health::HealthConfig%3E
Default: null
doc_type string

This is only relevant for Elasticsearch <= 6.X. If you are using >= 7.0 you do not need to set this option since Elasticsearch has removed it.

Default: "_doc"
encoding object

Transformations to prepare an event for serialization.

3 nested properties
except_fields array | null

List of fields that are excluded from the encoded event.

Default: null
only_fields array | null

List of fields that are included in the encoded event.

Default: null
timestamp_format core::option::Option%3Ccodecs::encoding::transformer::TimestampFormat%3E

Format used for timestamp fields.

Default: null
endpoint string | null

The endpoint must contain an HTTP scheme, and may specify a hostname or IP address and port.

Default: null
endpoints string[]

The endpoint must contain an HTTP scheme, and may specify a hostname or IP address and port. The endpoint may include basic authentication credentials, e.g., <https://user:[email protected]>. If credentials are provided in the endpoint, they will be used to authenticate against Elasticsearch.

If auth is specified and the endpoint contains credentials, a configuration error will be raised.

Default:
[]
id_key core::option::Option%3Cvector_lookup::lookup_v2::ConfigValuePath%3E

By default, the _id field is not set, which allows Elasticsearch to set this automatically. Setting your own Elasticsearch IDs can hinder performance.

Default: null
metrics null | vector::transforms::metric_to_log::MetricToLogConfig

Configuration for the metric_to_log transform.

Default: null
mode const: "bulk" | const: "data_stream"

Elasticsearch Indexing mode.

Default: "bulk"
opensearch_service_type const: "managed" | const: "serverless"

Amazon OpenSearch service type

Default: "managed"
pipeline string | null

The name of the pipeline to apply.

Default: null
query Record<string, vector::http::ParameterValue | vector::http::ParameterValue[]>

Custom parameters to add to the query string for each HTTP request sent to Elasticsearch.

Default: null
request

Outbound HTTP request settings.

All of: object object, Middleware settings for outbound requests. object
request_retry_partial boolean

To avoid duplicates in Elasticsearch, please use option id_key.

Default: false
suppress_type_name boolean

The type field was deprecated in Elasticsearch 7.x and removed in Elasticsearch 8.x.

If enabled, the doc_type option is ignored.

Default: false
tls core::option::Option%3Cvector_core::tls::settings::TlsConfig%3E
Default: null
vector::sinks::file::FileSinkConfig

Configuration for the file sink.

vector::sinks::gcp::cloud_storage::GcsSinkConfig

Configuration for the gcp_cloud_storage sink.

vector::sinks::gcp::pubsub::PubsubConfig

Configuration for the gcp_pubsub sink.

vector::sinks::gcp::stackdriver::logs::config::StackdriverConfig

Configuration for the gcp_stackdriver_logs sink.

vector::sinks::gcp::stackdriver::metrics::config::StackdriverConfig

Configuration for the gcp_stackdriver_metrics sink.

vector::sinks::gcp_chronicle::chronicle_unstructured::ChronicleUnstructuredConfig

Configuration for the gcp_chronicle_unstructured sink.

vector::sinks::greptimedb::logs::config::GreptimeDBLogsConfig object

Configuration for the greptimedb_logs sink.

endpoint string required

The endpoint of the GreptimeDB server.

table string required

In many cases, components can be configured so that part of the component's functionality can be customized on a per-event basis. For example, you have a sink that writes events to a file and you want to specify which file an event should go to by using an event field as part of the input to the filename used.

By using Template, users can specify either fixed strings or templated strings. Templated strings use a common syntax to refer to fields in an event that is used as the input data when rendering the template. An example of a fixed string is my-file.log. An example of a template string is my-file-{{key}}.log, where {{key}} is the key's value when the template is rendered into a string.

acknowledgements object

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

When enabled for a sink, any source that supports end-to-end acknowledgements that is connected to that sink waits for events to be acknowledged by all connected sinks before acknowledging them at the source.

Enabling or disabling acknowledgements at the sink level takes precedence over any global acknowledgements configuration.

batch vector::sinks::util::batch::BatchConfig%3Cvector::sinks::greptimedb::GreptimeDBDefaultBatchSettings%3E

Event batching behavior.

Default:
{
  "max_bytes": null,
  "max_events": null,
  "timeout_secs": null
}
compression const: "none" | const: "gzip" | const: "zlib" | const: "zstd" | const: "snappy" | object

All compression algorithms use the default compression level unless otherwise specified.

dbname string

In many cases, components can be configured so that part of the component's functionality can be customized on a per-event basis. For example, you have a sink that writes events to a file and you want to specify which file an event should go to by using an event field as part of the input to the filename used.

By using Template, users can specify either fixed strings or templated strings. Templated strings use a common syntax to refer to fields in an event that is used as the input data when rendering the template. An example of a fixed string is my-file.log. An example of a template string is my-file-{{key}}.log, where {{key}} is the key's value when the template is rendered into a string.

encoding object

Transformations to prepare an event for serialization.

3 nested properties
except_fields array | null

List of fields that are excluded from the encoded event.

Default: null
only_fields array | null

List of fields that are included in the encoded event.

Default: null
timestamp_format core::option::Option%3Ccodecs::encoding::transformer::TimestampFormat%3E

Format used for timestamp fields.

Default: null
extra_headers Record<string, string>

Custom headers to add to the HTTP request sent to GreptimeDB. Note that these headers will override the existing headers.

Default: null
extra_params Record<string, string>

Custom parameters to add to the query string for each HTTP request sent to GreptimeDB.

Default: null
password core::option::Option%3Cvector_common::sensitive_string::SensitiveString%3E

This is required if your instance has authentication enabled.

Default: null
pipeline_name string

In many cases, components can be configured so that part of the component's functionality can be customized on a per-event basis. For example, you have a sink that writes events to a file and you want to specify which file an event should go to by using an event field as part of the input to the filename used.

By using Template, users can specify either fixed strings or templated strings. Templated strings use a common syntax to refer to fields in an event that is used as the input data when rendering the template. An example of a fixed string is my-file.log. An example of a template string is my-file-{{key}}.log, where {{key}} is the key's value when the template is rendered into a string.

pipeline_version core::option::Option%3Cvector::template::Template%3E

Pipeline version to be used for the logs.

request object

Various settings can be configured, such as concurrency and rate limits, timeouts, and retry behavior.

Note that the retry backoff policy follows the Fibonacci sequence.

9 nested properties
adaptive_concurrency object

These parameters typically do not require changes from the default, and incorrect values can lead to meta-stable or unstable performance and sink behavior. Proceed with caution.

5 nested properties
decrease_ratio number

Valid values are greater than 0 and less than 1. Smaller values cause the algorithm to scale back rapidly when latency increases.

Note: The new limit is rounded down after applying this ratio.

Default: 0.9
min=0.0max=1.0
ewma_alpha number

Valid values are greater than 0 and less than 1.

ARC uses an exponentially weighted moving average (EWMA) of past RTT measurements as a reference to compare with the current RTT. Smaller values cause this reference to adjust more slowly, which may be useful if a service has unusually high response variability.

Default: 0.4
min=0.0max=1.0
initial_concurrency integer

Datadog recommends setting this value to your service's average limit if you're seeing that it takes a long time to ramp up adaptive concurrency after a restart. You can find this value by looking at the adaptive_concurrency_limit metric.

Default: 1
min=1.0max=9007199254740990.0
max_concurrency_limit integer

The adaptive request concurrency limit does not go above this bound. This is put in place as a safeguard.

Default: 200
min=1.0max=9007199254740990.0
rtt_deviation_scale number

Valid values are greater than or equal to 0, and reasonable values range from 1.0 to 3.0.

When calculating the past RTT average, a secondary “deviation” value is also computed that indicates how variable those values are. That deviation is used when comparing the past RTT average to the current measurements, so we can ignore increases in RTT that are within an expected range. This factor is used to scale up the deviation to an appropriate range. Larger values cause the algorithm to ignore larger increases in the RTT.

Default: 2.5
min=0.0max=9007199254740990.0
concurrency const: "none" | const: "adaptive" | integer

Configuration for outbound request concurrency.

This can be set either to one of the below enum values or to a positive integer, which denotes a fixed concurrency limit.

rate_limit_duration_secs integer

The time window used for the rate_limit_num option.

Default: 1
min=0.0max=9007199254740990.0
rate_limit_num integer

The maximum number of requests allowed within the rate_limit_duration_secs time window.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_attempts integer

The maximum number of retries to make for failed requests.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_initial_backoff_secs integer

After the first retry has failed, the Fibonacci sequence is used to select future backoffs.

Default: 1
min=1.0max=9007199254740990.0
retry_jitter_mode const: "None" | const: "Full"

The jitter mode to use for retry backoff behavior.

retry_max_duration_secs integer

The maximum amount of time to wait between retries.

Default: 30
min=1.0max=9007199254740990.0
timeout_secs integer

Datadog highly recommends that you do not lower this value below the service's internal timeout, as this could create orphaned requests, pile on retries, and result in duplicate data downstream.

Default: 60
min=0.0max=9007199254740990.0
tls core::option::Option%3Cvector_core::tls::settings::TlsConfig%3E
username string | null

This is required if your instance has authentication enabled.

Default: null
vector::sinks::greptimedb::metrics::config::GreptimeDBConfig object

Configuration items for GreptimeDB

endpoint string required

This sink uses GreptimeDB's gRPC interface for data ingestion. By default, GreptimeDB listens to port 4001 for gRPC protocol.

The address must include a port.

acknowledgements object

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

When enabled for a sink, any source that supports end-to-end acknowledgements that is connected to that sink waits for events to be acknowledged by all connected sinks before acknowledging them at the source.

Enabling or disabling acknowledgements at the sink level takes precedence over any global acknowledgements configuration.

batch vector::sinks::util::batch::BatchConfig%3Cvector::sinks::greptimedb::GreptimeDBDefaultBatchSettings%3E

Event batching behavior.

Default:
{
  "max_bytes": null,
  "max_events": null,
  "timeout_secs": null
}
dbname string

Default to public, the default database of GreptimeDB.

Database can be created via create database statement on GreptimeDB. If you are using GreptimeCloud, use dbname from the connection information of your instance.

Default: "public"
grpc_compression string | null

Set gRPC compression encoding for the request Default to none, gzip or zstd is supported.

Default: null
new_naming boolean | null

This is to keep consistency with GreptimeDB's naming pattern. By default, this sink will use val for value column name, and ts for time index name. When turned on, greptime_value and greptime_timestamp will be used for these names.

If you are using this Vector sink together with other data ingestion sources of GreptimeDB, like Prometheus Remote Write and Influxdb Line Protocol, it is highly recommended to turn on this.

Also if there is a tag name conflict from your data source, for example, you have a tag named as val or ts, you need to turn on this option to avoid the conflict.

Default to false for compatibility.

password core::option::Option%3Cvector_common::sensitive_string::SensitiveString%3E

This is required if your instance has authentication enabled.

Default: null
request object

Various settings can be configured, such as concurrency and rate limits, timeouts, and retry behavior.

Note that the retry backoff policy follows the Fibonacci sequence.

9 nested properties
adaptive_concurrency object

These parameters typically do not require changes from the default, and incorrect values can lead to meta-stable or unstable performance and sink behavior. Proceed with caution.

5 nested properties
decrease_ratio number

Valid values are greater than 0 and less than 1. Smaller values cause the algorithm to scale back rapidly when latency increases.

Note: The new limit is rounded down after applying this ratio.

Default: 0.9
min=0.0max=1.0
ewma_alpha number

Valid values are greater than 0 and less than 1.

ARC uses an exponentially weighted moving average (EWMA) of past RTT measurements as a reference to compare with the current RTT. Smaller values cause this reference to adjust more slowly, which may be useful if a service has unusually high response variability.

Default: 0.4
min=0.0max=1.0
initial_concurrency integer

Datadog recommends setting this value to your service's average limit if you're seeing that it takes a long time to ramp up adaptive concurrency after a restart. You can find this value by looking at the adaptive_concurrency_limit metric.

Default: 1
min=1.0max=9007199254740990.0
max_concurrency_limit integer

The adaptive request concurrency limit does not go above this bound. This is put in place as a safeguard.

Default: 200
min=1.0max=9007199254740990.0
rtt_deviation_scale number

Valid values are greater than or equal to 0, and reasonable values range from 1.0 to 3.0.

When calculating the past RTT average, a secondary “deviation” value is also computed that indicates how variable those values are. That deviation is used when comparing the past RTT average to the current measurements, so we can ignore increases in RTT that are within an expected range. This factor is used to scale up the deviation to an appropriate range. Larger values cause the algorithm to ignore larger increases in the RTT.

Default: 2.5
min=0.0max=9007199254740990.0
concurrency const: "none" | const: "adaptive" | integer

Configuration for outbound request concurrency.

This can be set either to one of the below enum values or to a positive integer, which denotes a fixed concurrency limit.

rate_limit_duration_secs integer

The time window used for the rate_limit_num option.

Default: 1
min=0.0max=9007199254740990.0
rate_limit_num integer

The maximum number of requests allowed within the rate_limit_duration_secs time window.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_attempts integer

The maximum number of retries to make for failed requests.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_initial_backoff_secs integer

After the first retry has failed, the Fibonacci sequence is used to select future backoffs.

Default: 1
min=1.0max=9007199254740990.0
retry_jitter_mode const: "None" | const: "Full"

The jitter mode to use for retry backoff behavior.

retry_max_duration_secs integer

The maximum amount of time to wait between retries.

Default: 30
min=1.0max=9007199254740990.0
timeout_secs integer

Datadog highly recommends that you do not lower this value below the service's internal timeout, as this could create orphaned requests, pile on retries, and result in duplicate data downstream.

Default: 60
min=0.0max=9007199254740990.0
tls core::option::Option%3Cvector_core::tls::settings::TlsConfig%3E
username string | null

This is required if your instance has authentication enabled.

Default: null
vector::sinks::greptimedb::metrics::config::GreptimeDBMetricsConfig object

Configuration items for GreptimeDB

endpoint string required

This sink uses GreptimeDB's gRPC interface for data ingestion. By default, GreptimeDB listens to port 4001 for gRPC protocol.

The address must include a port.

acknowledgements object

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

When enabled for a sink, any source that supports end-to-end acknowledgements that is connected to that sink waits for events to be acknowledged by all connected sinks before acknowledging them at the source.

Enabling or disabling acknowledgements at the sink level takes precedence over any global acknowledgements configuration.

batch vector::sinks::util::batch::BatchConfig%3Cvector::sinks::greptimedb::GreptimeDBDefaultBatchSettings%3E

Event batching behavior.

Default:
{
  "max_bytes": null,
  "max_events": null,
  "timeout_secs": null
}
dbname string

Default to public, the default database of GreptimeDB.

Database can be created via create database statement on GreptimeDB. If you are using GreptimeCloud, use dbname from the connection information of your instance.

Default: "public"
grpc_compression string | null

Set gRPC compression encoding for the request Default to none, gzip or zstd is supported.

Default: null
new_naming boolean | null

This is to keep consistency with GreptimeDB's naming pattern. By default, this sink will use val for value column name, and ts for time index name. When turned on, greptime_value and greptime_timestamp will be used for these names.

If you are using this Vector sink together with other data ingestion sources of GreptimeDB, like Prometheus Remote Write and Influxdb Line Protocol, it is highly recommended to turn on this.

Also if there is a tag name conflict from your data source, for example, you have a tag named as val or ts, you need to turn on this option to avoid the conflict.

Default to false for compatibility.

password core::option::Option%3Cvector_common::sensitive_string::SensitiveString%3E

This is required if your instance has authentication enabled.

Default: null
request object

Various settings can be configured, such as concurrency and rate limits, timeouts, and retry behavior.

Note that the retry backoff policy follows the Fibonacci sequence.

9 nested properties
adaptive_concurrency object

These parameters typically do not require changes from the default, and incorrect values can lead to meta-stable or unstable performance and sink behavior. Proceed with caution.

5 nested properties
decrease_ratio number

Valid values are greater than 0 and less than 1. Smaller values cause the algorithm to scale back rapidly when latency increases.

Note: The new limit is rounded down after applying this ratio.

Default: 0.9
min=0.0max=1.0
ewma_alpha number

Valid values are greater than 0 and less than 1.

ARC uses an exponentially weighted moving average (EWMA) of past RTT measurements as a reference to compare with the current RTT. Smaller values cause this reference to adjust more slowly, which may be useful if a service has unusually high response variability.

Default: 0.4
min=0.0max=1.0
initial_concurrency integer

Datadog recommends setting this value to your service's average limit if you're seeing that it takes a long time to ramp up adaptive concurrency after a restart. You can find this value by looking at the adaptive_concurrency_limit metric.

Default: 1
min=1.0max=9007199254740990.0
max_concurrency_limit integer

The adaptive request concurrency limit does not go above this bound. This is put in place as a safeguard.

Default: 200
min=1.0max=9007199254740990.0
rtt_deviation_scale number

Valid values are greater than or equal to 0, and reasonable values range from 1.0 to 3.0.

When calculating the past RTT average, a secondary “deviation” value is also computed that indicates how variable those values are. That deviation is used when comparing the past RTT average to the current measurements, so we can ignore increases in RTT that are within an expected range. This factor is used to scale up the deviation to an appropriate range. Larger values cause the algorithm to ignore larger increases in the RTT.

Default: 2.5
min=0.0max=9007199254740990.0
concurrency const: "none" | const: "adaptive" | integer

Configuration for outbound request concurrency.

This can be set either to one of the below enum values or to a positive integer, which denotes a fixed concurrency limit.

rate_limit_duration_secs integer

The time window used for the rate_limit_num option.

Default: 1
min=0.0max=9007199254740990.0
rate_limit_num integer

The maximum number of requests allowed within the rate_limit_duration_secs time window.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_attempts integer

The maximum number of retries to make for failed requests.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_initial_backoff_secs integer

After the first retry has failed, the Fibonacci sequence is used to select future backoffs.

Default: 1
min=1.0max=9007199254740990.0
retry_jitter_mode const: "None" | const: "Full"

The jitter mode to use for retry backoff behavior.

retry_max_duration_secs integer

The maximum amount of time to wait between retries.

Default: 30
min=1.0max=9007199254740990.0
timeout_secs integer

Datadog highly recommends that you do not lower this value below the service's internal timeout, as this could create orphaned requests, pile on retries, and result in duplicate data downstream.

Default: 60
min=0.0max=9007199254740990.0
tls core::option::Option%3Cvector_core::tls::settings::TlsConfig%3E
username string | null

This is required if your instance has authentication enabled.

Default: null
vector::sinks::honeycomb::config::HoneycombConfig object

Configuration for the honeycomb sink.

api_key string required

Wrapper for sensitive strings containing credentials

dataset string required

The dataset to which logs are sent.

acknowledgements object

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

When enabled for a sink, any source that supports end-to-end acknowledgements that is connected to that sink waits for events to be acknowledged by all connected sinks before acknowledging them at the source.

Enabling or disabling acknowledgements at the sink level takes precedence over any global acknowledgements configuration.

batch object

Event batching behavior.

Default:
{
  "max_bytes": null,
  "max_events": null,
  "timeout_secs": null
}
3 nested properties
max_bytes integer | null

This is based on the uncompressed size of the batched events, before they are serialized or compressed.

Default: 100000
min=0.0max=9007199254740990.0
max_events integer | null

The maximum size of a batch before it is flushed.

Default: null
min=0.0max=9007199254740990.0
timeout_secs number | null

The maximum age of a batch before it is flushed.

Default: 1.0
min=-9007199254740990.0max=9007199254740990.0
compression const: "none" | const: "gzip" | const: "zlib" | const: "zstd" | const: "snappy" | object

All compression algorithms use the default compression level unless otherwise specified.

encoding object

Transformations to prepare an event for serialization.

3 nested properties
except_fields array | null

List of fields that are excluded from the encoded event.

Default: null
only_fields array | null

List of fields that are included in the encoded event.

Default: null
timestamp_format core::option::Option%3Ccodecs::encoding::transformer::TimestampFormat%3E

Format used for timestamp fields.

Default: null
endpoint string

Honeycomb's endpoint to send logs to

Default: "https://api.honeycomb.io"
format=uri
request object

Various settings can be configured, such as concurrency and rate limits, timeouts, and retry behavior.

Note that the retry backoff policy follows the Fibonacci sequence.

9 nested properties
adaptive_concurrency object

These parameters typically do not require changes from the default, and incorrect values can lead to meta-stable or unstable performance and sink behavior. Proceed with caution.

5 nested properties
decrease_ratio number

Valid values are greater than 0 and less than 1. Smaller values cause the algorithm to scale back rapidly when latency increases.

Note: The new limit is rounded down after applying this ratio.

Default: 0.9
min=0.0max=1.0
ewma_alpha number

Valid values are greater than 0 and less than 1.

ARC uses an exponentially weighted moving average (EWMA) of past RTT measurements as a reference to compare with the current RTT. Smaller values cause this reference to adjust more slowly, which may be useful if a service has unusually high response variability.

Default: 0.4
min=0.0max=1.0
initial_concurrency integer

Datadog recommends setting this value to your service's average limit if you're seeing that it takes a long time to ramp up adaptive concurrency after a restart. You can find this value by looking at the adaptive_concurrency_limit metric.

Default: 1
min=1.0max=9007199254740990.0
max_concurrency_limit integer

The adaptive request concurrency limit does not go above this bound. This is put in place as a safeguard.

Default: 200
min=1.0max=9007199254740990.0
rtt_deviation_scale number

Valid values are greater than or equal to 0, and reasonable values range from 1.0 to 3.0.

When calculating the past RTT average, a secondary “deviation” value is also computed that indicates how variable those values are. That deviation is used when comparing the past RTT average to the current measurements, so we can ignore increases in RTT that are within an expected range. This factor is used to scale up the deviation to an appropriate range. Larger values cause the algorithm to ignore larger increases in the RTT.

Default: 2.5
min=0.0max=9007199254740990.0
concurrency const: "none" | const: "adaptive" | integer

Configuration for outbound request concurrency.

This can be set either to one of the below enum values or to a positive integer, which denotes a fixed concurrency limit.

rate_limit_duration_secs integer

The time window used for the rate_limit_num option.

Default: 1
min=0.0max=9007199254740990.0
rate_limit_num integer

The maximum number of requests allowed within the rate_limit_duration_secs time window.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_attempts integer

The maximum number of retries to make for failed requests.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_initial_backoff_secs integer

After the first retry has failed, the Fibonacci sequence is used to select future backoffs.

Default: 1
min=1.0max=9007199254740990.0
retry_jitter_mode const: "None" | const: "Full"

The jitter mode to use for retry backoff behavior.

retry_max_duration_secs integer

The maximum amount of time to wait between retries.

Default: 30
min=1.0max=9007199254740990.0
timeout_secs integer

Datadog highly recommends that you do not lower this value below the service's internal timeout, as this could create orphaned requests, pile on retries, and result in duplicate data downstream.

Default: 60
min=0.0max=9007199254740990.0
vector::sinks::http::config::HttpMethod const: "get" | const: "head" | const: "post" | const: "put" | const: "delete" | const: "options" | const: "trace" | const: "patch"

A subset of the HTTP methods described in RFC 9110, section 9.1 are supported.

vector::sinks::http::config::HttpSinkConfig

Configuration for the http sink.

vector::sinks::humio::logs::HumioLogsConfig object

Configuration for the humio_logs sink.

encoding required

Encoding configuration. Configures how events are encoded into raw bytes. The selected encoding also determines which input types (logs, metrics, traces) are supported.

All of: codecs::encoding::serializer::SerializerConfig object | object | object | object | object | object, object object
token string required

Wrapper for sensitive strings containing credentials

acknowledgements object

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

When enabled for a sink, any source that supports end-to-end acknowledgements that is connected to that sink waits for events to be acknowledged by all connected sinks before acknowledging them at the source.

Enabling or disabling acknowledgements at the sink level takes precedence over any global acknowledgements configuration.

batch vector::sinks::util::batch::BatchConfig%3Cvector::sinks::splunk_hec::common::util::SplunkHecDefaultBatchSettings%3E

Event batching behavior.

Default:
{
  "max_bytes": null,
  "max_events": null,
  "timeout_secs": null
}
compression const: "none" | const: "gzip" | const: "zlib" | const: "zstd" | const: "snappy" | object

All compression algorithms use the default compression level unless otherwise specified.

endpoint string

The scheme (http or https) must be specified. No path should be included since the paths defined by the Splunk API are used.

Default: "https://cloud.humio.com"
event_type core::option::Option%3Cvector::template::Template%3E

If unset, Humio defaults it to none.

host_key string

An optional path that deserializes an empty string to None.

index core::option::Option%3Cvector::template::Template%3E

In public-facing APIs, this must (if present) be equal to the repository used to create the ingest token used for authentication.

In private cluster setups, Humio can be configured to allow these to be different.

For more information, see Humio’s Format of Data.

Default: null
indexed_fields vector_lookup::lookup_v2::ConfigValuePath[]

Can be used to tag events by specifying fields starting with #.

For more information, see Humio’s Format of Data.

Default:
[]
request object

Various settings can be configured, such as concurrency and rate limits, timeouts, and retry behavior.

Note that the retry backoff policy follows the Fibonacci sequence.

9 nested properties
adaptive_concurrency object

These parameters typically do not require changes from the default, and incorrect values can lead to meta-stable or unstable performance and sink behavior. Proceed with caution.

5 nested properties
decrease_ratio number

Valid values are greater than 0 and less than 1. Smaller values cause the algorithm to scale back rapidly when latency increases.

Note: The new limit is rounded down after applying this ratio.

Default: 0.9
min=0.0max=1.0
ewma_alpha number

Valid values are greater than 0 and less than 1.

ARC uses an exponentially weighted moving average (EWMA) of past RTT measurements as a reference to compare with the current RTT. Smaller values cause this reference to adjust more slowly, which may be useful if a service has unusually high response variability.

Default: 0.4
min=0.0max=1.0
initial_concurrency integer

Datadog recommends setting this value to your service's average limit if you're seeing that it takes a long time to ramp up adaptive concurrency after a restart. You can find this value by looking at the adaptive_concurrency_limit metric.

Default: 1
min=1.0max=9007199254740990.0
max_concurrency_limit integer

The adaptive request concurrency limit does not go above this bound. This is put in place as a safeguard.

Default: 200
min=1.0max=9007199254740990.0
rtt_deviation_scale number

Valid values are greater than or equal to 0, and reasonable values range from 1.0 to 3.0.

When calculating the past RTT average, a secondary “deviation” value is also computed that indicates how variable those values are. That deviation is used when comparing the past RTT average to the current measurements, so we can ignore increases in RTT that are within an expected range. This factor is used to scale up the deviation to an appropriate range. Larger values cause the algorithm to ignore larger increases in the RTT.

Default: 2.5
min=0.0max=9007199254740990.0
concurrency const: "none" | const: "adaptive" | integer

Configuration for outbound request concurrency.

This can be set either to one of the below enum values or to a positive integer, which denotes a fixed concurrency limit.

rate_limit_duration_secs integer

The time window used for the rate_limit_num option.

Default: 1
min=0.0max=9007199254740990.0
rate_limit_num integer

The maximum number of requests allowed within the rate_limit_duration_secs time window.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_attempts integer

The maximum number of retries to make for failed requests.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_initial_backoff_secs integer

After the first retry has failed, the Fibonacci sequence is used to select future backoffs.

Default: 1
min=1.0max=9007199254740990.0
retry_jitter_mode const: "None" | const: "Full"

The jitter mode to use for retry backoff behavior.

retry_max_duration_secs integer

The maximum amount of time to wait between retries.

Default: 30
min=1.0max=9007199254740990.0
timeout_secs integer

Datadog highly recommends that you do not lower this value below the service's internal timeout, as this could create orphaned requests, pile on retries, and result in duplicate data downstream.

Default: 60
min=0.0max=9007199254740990.0
source core::option::Option%3Cvector::template::Template%3E

Typically the filename the logs originated from. Maps to @source in Humio.

timestamp_key string

An optional path that deserializes an empty string to None.

timestamp_nanos_key string | null

Overrides the name of the log field used to retrieve the nanosecond-enabled timestamp to send to Humio.

Default: "@timestamp.nanos"
tls core::option::Option%3Cvector_core::tls::settings::TlsConfig%3E
vector::sinks::humio::metrics::HumioMetricsConfig

Configuration for the humio_metrics sink.

vector::sinks::influxdb::InfluxDb1Settings object

Configuration settings for InfluxDB v0.x/v1.x.

database string required

Only relevant when using InfluxDB v0.x/v1.x.

consistency string | null

Only relevant when using InfluxDB v0.x/v1.x.

password core::option::Option%3Cvector_common::sensitive_string::SensitiveString%3E

Only relevant when using InfluxDB v0.x/v1.x.

retention_policy_name string | null

Only relevant when using InfluxDB v0.x/v1.x.

username string | null

Only relevant when using InfluxDB v0.x/v1.x.

vector::sinks::influxdb::InfluxDb2Settings object

Configuration settings for InfluxDB v2.x.

bucket string required

Only relevant when using InfluxDB v2.x and above.

org string required

Only relevant when using InfluxDB v2.x and above.

token string required

Wrapper for sensitive strings containing credentials

vector::sinks::influxdb::logs::InfluxDbLogsConfig

Configuration for the influxdb_logs sink.

vector::sinks::influxdb::metrics::InfluxDbConfig

Configuration for the influxdb_metrics sink.

vector::sinks::kafka::config::KafkaSinkConfig

Configuration for the kafka sink.

vector::sinks::keep::config::KeepConfig object

Configuration for the keep sink.

api_key string required

Wrapper for sensitive strings containing credentials

acknowledgements object

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

When enabled for a sink, any source that supports end-to-end acknowledgements that is connected to that sink waits for events to be acknowledged by all connected sinks before acknowledging them at the source.

Enabling or disabling acknowledgements at the sink level takes precedence over any global acknowledgements configuration.

batch object

Event batching behavior.

Default:
{
  "max_bytes": null,
  "max_events": null,
  "timeout_secs": null
}
3 nested properties
max_bytes integer | null

This is based on the uncompressed size of the batched events, before they are serialized or compressed.

Default: 100000
min=0.0max=9007199254740990.0
max_events integer | null

The maximum size of a batch before it is flushed.

Default: null
min=0.0max=9007199254740990.0
timeout_secs number | null

The maximum age of a batch before it is flushed.

Default: 1.0
min=-9007199254740990.0max=9007199254740990.0
encoding object

Transformations to prepare an event for serialization.

3 nested properties
except_fields array | null

List of fields that are excluded from the encoded event.

Default: null
only_fields array | null

List of fields that are included in the encoded event.

Default: null
timestamp_format core::option::Option%3Ccodecs::encoding::transformer::TimestampFormat%3E

Format used for timestamp fields.

Default: null
endpoint string

Keeps endpoint to send logs to

Default: "http://localhost:8080/alerts/event/vectordev?provider_id=test"
format=uri
request object

Various settings can be configured, such as concurrency and rate limits, timeouts, and retry behavior.

Note that the retry backoff policy follows the Fibonacci sequence.

9 nested properties
adaptive_concurrency object

These parameters typically do not require changes from the default, and incorrect values can lead to meta-stable or unstable performance and sink behavior. Proceed with caution.

5 nested properties
decrease_ratio number

Valid values are greater than 0 and less than 1. Smaller values cause the algorithm to scale back rapidly when latency increases.

Note: The new limit is rounded down after applying this ratio.

Default: 0.9
min=0.0max=1.0
ewma_alpha number

Valid values are greater than 0 and less than 1.

ARC uses an exponentially weighted moving average (EWMA) of past RTT measurements as a reference to compare with the current RTT. Smaller values cause this reference to adjust more slowly, which may be useful if a service has unusually high response variability.

Default: 0.4
min=0.0max=1.0
initial_concurrency integer

Datadog recommends setting this value to your service's average limit if you're seeing that it takes a long time to ramp up adaptive concurrency after a restart. You can find this value by looking at the adaptive_concurrency_limit metric.

Default: 1
min=1.0max=9007199254740990.0
max_concurrency_limit integer

The adaptive request concurrency limit does not go above this bound. This is put in place as a safeguard.

Default: 200
min=1.0max=9007199254740990.0
rtt_deviation_scale number

Valid values are greater than or equal to 0, and reasonable values range from 1.0 to 3.0.

When calculating the past RTT average, a secondary “deviation” value is also computed that indicates how variable those values are. That deviation is used when comparing the past RTT average to the current measurements, so we can ignore increases in RTT that are within an expected range. This factor is used to scale up the deviation to an appropriate range. Larger values cause the algorithm to ignore larger increases in the RTT.

Default: 2.5
min=0.0max=9007199254740990.0
concurrency const: "none" | const: "adaptive" | integer

Configuration for outbound request concurrency.

This can be set either to one of the below enum values or to a positive integer, which denotes a fixed concurrency limit.

rate_limit_duration_secs integer

The time window used for the rate_limit_num option.

Default: 1
min=0.0max=9007199254740990.0
rate_limit_num integer

The maximum number of requests allowed within the rate_limit_duration_secs time window.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_attempts integer

The maximum number of retries to make for failed requests.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_initial_backoff_secs integer

After the first retry has failed, the Fibonacci sequence is used to select future backoffs.

Default: 1
min=1.0max=9007199254740990.0
retry_jitter_mode const: "None" | const: "Full"

The jitter mode to use for retry backoff behavior.

retry_max_duration_secs integer

The maximum amount of time to wait between retries.

Default: 30
min=1.0max=9007199254740990.0
timeout_secs integer

Datadog highly recommends that you do not lower this value below the service's internal timeout, as this could create orphaned requests, pile on retries, and result in duplicate data downstream.

Default: 60
min=0.0max=9007199254740990.0
vector::sinks::loki::config::LokiConfig object

Configuration for the loki sink.

encoding required

Encoding configuration. Configures how events are encoded into raw bytes. The selected encoding also determines which input types (logs, metrics, traces) are supported.

All of: codecs::encoding::serializer::SerializerConfig object | object | object | object | object | object, object object
endpoint string required
acknowledgements object

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

When enabled for a sink, any source that supports end-to-end acknowledgements that is connected to that sink waits for events to be acknowledged by all connected sinks before acknowledging them at the source.

Enabling or disabling acknowledgements at the sink level takes precedence over any global acknowledgements configuration.

auth core::option::Option%3Cvector::http::Auth%3E
batch object

Event batching behavior.

Default:
{
  "max_bytes": null,
  "max_events": null,
  "timeout_secs": null
}
3 nested properties
max_bytes integer | null

This is based on the uncompressed size of the batched events, before they are serialized or compressed.

Default: 1000000
min=0.0max=9007199254740990.0
max_events integer | null

The maximum size of a batch before it is flushed.

Default: 100000
min=0.0max=9007199254740990.0
timeout_secs number | null

The maximum age of a batch before it is flushed.

Default: 1.0
min=-9007199254740990.0max=9007199254740990.0
compression const: "none" | const: "gzip" | const: "zlib" | const: "zstd" | const: "snappy" | object

All compression algorithms use the default compression level unless otherwise specified.

labels Record<string, string>

Both keys and values are templateable, which enables you to attach dynamic labels to events.

Valid label keys include *, and prefixes ending with *, to allow for the expansion of objects into multiple labels. See Label expansion for more information.

Note: If the set of labels has high cardinality, this can cause drastic performance issues with Loki. To prevent this from happening, reduce the number of unique label keys and values.

out_of_order_action const: "accept" | const: "rewrite_timestamp" | const: "drop"

Some sources may generate events with timestamps that aren't in chronological order. Even though the sink sorts the events before sending them to Loki, there is a chance that another event could come in that is out of order with the latest events sent to Loki. Prior to Loki 2.4.0, this was not supported and would result in an error during the push request.

If you're using Loki 2.4.0 or newer, Accept is the preferred action, which lets Loki handle any necessary sorting/reordering. If you're using an earlier version, then you must use Drop or RewriteTimestamp depending on which option makes the most sense for your use case.

Default: "accept"
path string

The path to use in the URL of the Loki instance.

Default: "/loki/api/v1/push"
remove_label_fields boolean

Whether or not to delete fields from the event when they are used as labels.

Default: false
remove_structured_metadata_fields boolean

Whether or not to delete fields from the event when they are used in structured metadata.

Default: false
remove_timestamp boolean

The timestamp is still sent as event metadata for Loki to use for indexing.

Default: true
request object

Various settings can be configured, such as concurrency and rate limits, timeouts, and retry behavior.

Note that the retry backoff policy follows the Fibonacci sequence.

9 nested properties
adaptive_concurrency object

These parameters typically do not require changes from the default, and incorrect values can lead to meta-stable or unstable performance and sink behavior. Proceed with caution.

5 nested properties
decrease_ratio number

Valid values are greater than 0 and less than 1. Smaller values cause the algorithm to scale back rapidly when latency increases.

Note: The new limit is rounded down after applying this ratio.

Default: 0.9
min=0.0max=1.0
ewma_alpha number

Valid values are greater than 0 and less than 1.

ARC uses an exponentially weighted moving average (EWMA) of past RTT measurements as a reference to compare with the current RTT. Smaller values cause this reference to adjust more slowly, which may be useful if a service has unusually high response variability.

Default: 0.4
min=0.0max=1.0
initial_concurrency integer

Datadog recommends setting this value to your service's average limit if you're seeing that it takes a long time to ramp up adaptive concurrency after a restart. You can find this value by looking at the adaptive_concurrency_limit metric.

Default: 1
min=1.0max=9007199254740990.0
max_concurrency_limit integer

The adaptive request concurrency limit does not go above this bound. This is put in place as a safeguard.

Default: 200
min=1.0max=9007199254740990.0
rtt_deviation_scale number

Valid values are greater than or equal to 0, and reasonable values range from 1.0 to 3.0.

When calculating the past RTT average, a secondary “deviation” value is also computed that indicates how variable those values are. That deviation is used when comparing the past RTT average to the current measurements, so we can ignore increases in RTT that are within an expected range. This factor is used to scale up the deviation to an appropriate range. Larger values cause the algorithm to ignore larger increases in the RTT.

Default: 2.5
min=0.0max=9007199254740990.0
concurrency const: "none" | const: "adaptive" | integer

Configuration for outbound request concurrency.

This can be set either to one of the below enum values or to a positive integer, which denotes a fixed concurrency limit.

rate_limit_duration_secs integer

The time window used for the rate_limit_num option.

Default: 1
min=0.0max=9007199254740990.0
rate_limit_num integer

The maximum number of requests allowed within the rate_limit_duration_secs time window.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_attempts integer

The maximum number of retries to make for failed requests.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_initial_backoff_secs integer

After the first retry has failed, the Fibonacci sequence is used to select future backoffs.

Default: 1
min=1.0max=9007199254740990.0
retry_jitter_mode const: "None" | const: "Full"

The jitter mode to use for retry backoff behavior.

retry_max_duration_secs integer

The maximum amount of time to wait between retries.

Default: 30
min=1.0max=9007199254740990.0
timeout_secs integer

Datadog highly recommends that you do not lower this value below the service's internal timeout, as this could create orphaned requests, pile on retries, and result in duplicate data downstream.

Default: 60
min=0.0max=9007199254740990.0
structured_metadata Record<string, string>

Both keys and values are templateable, which enables you to attach dynamic structured metadata to events.

Valid metadata keys include *, and prefixes ending with *, to allow for the expansion of objects into multiple metadata entries. This follows the same logic as Label expansion.

Default:
{}
tenant_id core::option::Option%3Cvector::template::Template%3E

When running Loki locally, a tenant ID is not required.

tls core::option::Option%3Cvector_core::tls::settings::TlsConfig%3E
vector::sinks::mezmo::LogdnaConfig object

Configuration for the mezmo (formerly logdna) sink.

api_key string required

Wrapper for sensitive strings containing credentials

hostname string required

In many cases, components can be configured so that part of the component's functionality can be customized on a per-event basis. For example, you have a sink that writes events to a file and you want to specify which file an event should go to by using an event field as part of the input to the filename used.

By using Template, users can specify either fixed strings or templated strings. Templated strings use a common syntax to refer to fields in an event that is used as the input data when rendering the template. An example of a fixed string is my-file.log. An example of a template string is my-file-{{key}}.log, where {{key}} is the key's value when the template is rendered into a string.

acknowledgements object

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

When enabled for a sink, any source that supports end-to-end acknowledgements that is connected to that sink waits for events to be acknowledged by all connected sinks before acknowledging them at the source.

Enabling or disabling acknowledgements at the sink level takes precedence over any global acknowledgements configuration.

batch vector::sinks::util::batch::BatchConfig%3Cvector::sinks::util::batch::RealtimeSizeBasedDefaultBatchSettings%3E

Event batching behavior.

Default:
{
  "max_bytes": null,
  "max_events": null,
  "timeout_secs": null
}
default_app string

The default app that is set for events that do not contain a file or app field.

Default: "vector"
default_env string

The default environment that is set for events that do not contain an env field.

Default: "production"
encoding object

Transformations to prepare an event for serialization.

3 nested properties
except_fields array | null

List of fields that are excluded from the encoded event.

Default: null
only_fields array | null

List of fields that are included in the encoded event.

Default: null
timestamp_format core::option::Option%3Ccodecs::encoding::transformer::TimestampFormat%3E

Format used for timestamp fields.

Default: null
endpoint string
ip string | null

The IP address that is attached to each batch of events.

mac string | null

The MAC address that is attached to each batch of events.

request object

Various settings can be configured, such as concurrency and rate limits, timeouts, and retry behavior.

Note that the retry backoff policy follows the Fibonacci sequence.

9 nested properties
adaptive_concurrency object

These parameters typically do not require changes from the default, and incorrect values can lead to meta-stable or unstable performance and sink behavior. Proceed with caution.

5 nested properties
decrease_ratio number

Valid values are greater than 0 and less than 1. Smaller values cause the algorithm to scale back rapidly when latency increases.

Note: The new limit is rounded down after applying this ratio.

Default: 0.9
min=0.0max=1.0
ewma_alpha number

Valid values are greater than 0 and less than 1.

ARC uses an exponentially weighted moving average (EWMA) of past RTT measurements as a reference to compare with the current RTT. Smaller values cause this reference to adjust more slowly, which may be useful if a service has unusually high response variability.

Default: 0.4
min=0.0max=1.0
initial_concurrency integer

Datadog recommends setting this value to your service's average limit if you're seeing that it takes a long time to ramp up adaptive concurrency after a restart. You can find this value by looking at the adaptive_concurrency_limit metric.

Default: 1
min=1.0max=9007199254740990.0
max_concurrency_limit integer

The adaptive request concurrency limit does not go above this bound. This is put in place as a safeguard.

Default: 200
min=1.0max=9007199254740990.0
rtt_deviation_scale number

Valid values are greater than or equal to 0, and reasonable values range from 1.0 to 3.0.

When calculating the past RTT average, a secondary “deviation” value is also computed that indicates how variable those values are. That deviation is used when comparing the past RTT average to the current measurements, so we can ignore increases in RTT that are within an expected range. This factor is used to scale up the deviation to an appropriate range. Larger values cause the algorithm to ignore larger increases in the RTT.

Default: 2.5
min=0.0max=9007199254740990.0
concurrency const: "none" | const: "adaptive" | integer

Configuration for outbound request concurrency.

This can be set either to one of the below enum values or to a positive integer, which denotes a fixed concurrency limit.

rate_limit_duration_secs integer

The time window used for the rate_limit_num option.

Default: 1
min=0.0max=9007199254740990.0
rate_limit_num integer

The maximum number of requests allowed within the rate_limit_duration_secs time window.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_attempts integer

The maximum number of retries to make for failed requests.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_initial_backoff_secs integer

After the first retry has failed, the Fibonacci sequence is used to select future backoffs.

Default: 1
min=1.0max=9007199254740990.0
retry_jitter_mode const: "None" | const: "Full"

The jitter mode to use for retry backoff behavior.

retry_max_duration_secs integer

The maximum amount of time to wait between retries.

Default: 30
min=1.0max=9007199254740990.0
timeout_secs integer

Datadog highly recommends that you do not lower this value below the service's internal timeout, as this could create orphaned requests, pile on retries, and result in duplicate data downstream.

Default: 60
min=0.0max=9007199254740990.0
tags array | null

The tags that are attached to each batch of events.

vector::sinks::mezmo::MezmoConfig object

Configuration for the mezmo (formerly logdna) sink.

api_key string required

Wrapper for sensitive strings containing credentials

hostname string required

In many cases, components can be configured so that part of the component's functionality can be customized on a per-event basis. For example, you have a sink that writes events to a file and you want to specify which file an event should go to by using an event field as part of the input to the filename used.

By using Template, users can specify either fixed strings or templated strings. Templated strings use a common syntax to refer to fields in an event that is used as the input data when rendering the template. An example of a fixed string is my-file.log. An example of a template string is my-file-{{key}}.log, where {{key}} is the key's value when the template is rendered into a string.

acknowledgements object

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

When enabled for a sink, any source that supports end-to-end acknowledgements that is connected to that sink waits for events to be acknowledged by all connected sinks before acknowledging them at the source.

Enabling or disabling acknowledgements at the sink level takes precedence over any global acknowledgements configuration.

batch vector::sinks::util::batch::BatchConfig%3Cvector::sinks::util::batch::RealtimeSizeBasedDefaultBatchSettings%3E

Event batching behavior.

Default:
{
  "max_bytes": null,
  "max_events": null,
  "timeout_secs": null
}
default_app string

The default app that is set for events that do not contain a file or app field.

Default: "vector"
default_env string

The default environment that is set for events that do not contain an env field.

Default: "production"
encoding object

Transformations to prepare an event for serialization.

3 nested properties
except_fields array | null

List of fields that are excluded from the encoded event.

Default: null
only_fields array | null

List of fields that are included in the encoded event.

Default: null
timestamp_format core::option::Option%3Ccodecs::encoding::transformer::TimestampFormat%3E

Format used for timestamp fields.

Default: null
endpoint string
ip string | null

The IP address that is attached to each batch of events.

mac string | null

The MAC address that is attached to each batch of events.

request object

Various settings can be configured, such as concurrency and rate limits, timeouts, and retry behavior.

Note that the retry backoff policy follows the Fibonacci sequence.

9 nested properties
adaptive_concurrency object

These parameters typically do not require changes from the default, and incorrect values can lead to meta-stable or unstable performance and sink behavior. Proceed with caution.

5 nested properties
decrease_ratio number

Valid values are greater than 0 and less than 1. Smaller values cause the algorithm to scale back rapidly when latency increases.

Note: The new limit is rounded down after applying this ratio.

Default: 0.9
min=0.0max=1.0
ewma_alpha number

Valid values are greater than 0 and less than 1.

ARC uses an exponentially weighted moving average (EWMA) of past RTT measurements as a reference to compare with the current RTT. Smaller values cause this reference to adjust more slowly, which may be useful if a service has unusually high response variability.

Default: 0.4
min=0.0max=1.0
initial_concurrency integer

Datadog recommends setting this value to your service's average limit if you're seeing that it takes a long time to ramp up adaptive concurrency after a restart. You can find this value by looking at the adaptive_concurrency_limit metric.

Default: 1
min=1.0max=9007199254740990.0
max_concurrency_limit integer

The adaptive request concurrency limit does not go above this bound. This is put in place as a safeguard.

Default: 200
min=1.0max=9007199254740990.0
rtt_deviation_scale number

Valid values are greater than or equal to 0, and reasonable values range from 1.0 to 3.0.

When calculating the past RTT average, a secondary “deviation” value is also computed that indicates how variable those values are. That deviation is used when comparing the past RTT average to the current measurements, so we can ignore increases in RTT that are within an expected range. This factor is used to scale up the deviation to an appropriate range. Larger values cause the algorithm to ignore larger increases in the RTT.

Default: 2.5
min=0.0max=9007199254740990.0
concurrency const: "none" | const: "adaptive" | integer

Configuration for outbound request concurrency.

This can be set either to one of the below enum values or to a positive integer, which denotes a fixed concurrency limit.

rate_limit_duration_secs integer

The time window used for the rate_limit_num option.

Default: 1
min=0.0max=9007199254740990.0
rate_limit_num integer

The maximum number of requests allowed within the rate_limit_duration_secs time window.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_attempts integer

The maximum number of retries to make for failed requests.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_initial_backoff_secs integer

After the first retry has failed, the Fibonacci sequence is used to select future backoffs.

Default: 1
min=1.0max=9007199254740990.0
retry_jitter_mode const: "None" | const: "Full"

The jitter mode to use for retry backoff behavior.

retry_max_duration_secs integer

The maximum amount of time to wait between retries.

Default: 30
min=1.0max=9007199254740990.0
timeout_secs integer

Datadog highly recommends that you do not lower this value below the service's internal timeout, as this could create orphaned requests, pile on retries, and result in duplicate data downstream.

Default: 60
min=0.0max=9007199254740990.0
tags array | null

The tags that are attached to each batch of events.

vector::sinks::mqtt::config::MqttSinkConfig

Configuration for the mqtt sink

vector::sinks::nats::config::NatsSinkConfig object

Configuration for the nats sink.

encoding required

Encoding configuration. Configures how events are encoded into raw bytes. The selected encoding also determines which input types (logs, metrics, traces) are supported.

All of: codecs::encoding::serializer::SerializerConfig object | object | object | object | object | object, object object
subject string required

In many cases, components can be configured so that part of the component's functionality can be customized on a per-event basis. For example, you have a sink that writes events to a file and you want to specify which file an event should go to by using an event field as part of the input to the filename used.

By using Template, users can specify either fixed strings or templated strings. Templated strings use a common syntax to refer to fields in an event that is used as the input data when rendering the template. An example of a fixed string is my-file.log. An example of a template string is my-file-{{key}}.log, where {{key}} is the key's value when the template is rendered into a string.

url string required

The URL must take the form of nats://server:port. If the port is not specified it defaults to 4222.

acknowledgements object

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

When enabled for a sink, any source that supports end-to-end acknowledgements that is connected to that sink waits for events to be acknowledged by all connected sinks before acknowledging them at the source.

Enabling or disabling acknowledgements at the sink level takes precedence over any global acknowledgements configuration.

auth core::option::Option%3Cvector::nats::NatsAuthConfig%3E
connection_name string
Default: "vector"
jetstream object

If set, the subject must belong to an existing JetStream stream.

Default:
{
  "enabled": false,
  "headers": null
}
2 nested properties
enabled boolean

Whether to enable Jetstream.

Default: false
headers null | object

A map of NATS headers to be included in each message.

Default: null
request object

Various settings can be configured, such as concurrency and rate limits, timeouts, and retry behavior.

Note that the retry backoff policy follows the Fibonacci sequence.

Default:
{
  "timeout_secs": 60,
  "rate_limit_duration_secs": 1,
  "rate_limit_num": 9223372036854775807,
  "retry_attempts": 9223372036854775807,
  "retry_max_duration_secs": 30,
  "retry_initial_backoff_secs": 1,
  "retry_jitter_mode": "Full",
  "adaptive_concurrency": {
    "initial_concurrency": 1,
    "decrease_ratio": 0.9,
    "ewma_alpha": 0.4,
    "rtt_deviation_scale": 2.5,
    "max_concurrency_limit": 200
  }
}
9 nested properties
adaptive_concurrency object

These parameters typically do not require changes from the default, and incorrect values can lead to meta-stable or unstable performance and sink behavior. Proceed with caution.

5 nested properties
decrease_ratio number

Valid values are greater than 0 and less than 1. Smaller values cause the algorithm to scale back rapidly when latency increases.

Note: The new limit is rounded down after applying this ratio.

Default: 0.9
min=0.0max=1.0
ewma_alpha number

Valid values are greater than 0 and less than 1.

ARC uses an exponentially weighted moving average (EWMA) of past RTT measurements as a reference to compare with the current RTT. Smaller values cause this reference to adjust more slowly, which may be useful if a service has unusually high response variability.

Default: 0.4
min=0.0max=1.0
initial_concurrency integer

Datadog recommends setting this value to your service's average limit if you're seeing that it takes a long time to ramp up adaptive concurrency after a restart. You can find this value by looking at the adaptive_concurrency_limit metric.

Default: 1
min=1.0max=9007199254740990.0
max_concurrency_limit integer

The adaptive request concurrency limit does not go above this bound. This is put in place as a safeguard.

Default: 200
min=1.0max=9007199254740990.0
rtt_deviation_scale number

Valid values are greater than or equal to 0, and reasonable values range from 1.0 to 3.0.

When calculating the past RTT average, a secondary “deviation” value is also computed that indicates how variable those values are. That deviation is used when comparing the past RTT average to the current measurements, so we can ignore increases in RTT that are within an expected range. This factor is used to scale up the deviation to an appropriate range. Larger values cause the algorithm to ignore larger increases in the RTT.

Default: 2.5
min=0.0max=9007199254740990.0
concurrency const: "none" | const: "adaptive" | integer

Configuration for outbound request concurrency.

This can be set either to one of the below enum values or to a positive integer, which denotes a fixed concurrency limit.

rate_limit_duration_secs integer

The time window used for the rate_limit_num option.

Default: 1
min=0.0max=9007199254740990.0
rate_limit_num integer

The maximum number of requests allowed within the rate_limit_duration_secs time window.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_attempts integer

The maximum number of retries to make for failed requests.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_initial_backoff_secs integer

After the first retry has failed, the Fibonacci sequence is used to select future backoffs.

Default: 1
min=1.0max=9007199254740990.0
retry_jitter_mode const: "None" | const: "Full"

The jitter mode to use for retry backoff behavior.

retry_max_duration_secs integer

The maximum amount of time to wait between retries.

Default: 30
min=1.0max=9007199254740990.0
timeout_secs integer

Datadog highly recommends that you do not lower this value below the service's internal timeout, as this could create orphaned requests, pile on retries, and result in duplicate data downstream.

Default: 60
min=0.0max=9007199254740990.0
tls core::option::Option%3Cvector_core::tls::settings::TlsEnableableConfig%3E
vector::sinks::new_relic::config::NewRelicConfig object

Configuration for the new_relic sink.

account_id string required

Wrapper for sensitive strings containing credentials

api const: "events" | const: "metrics" | const: "logs" required

New Relic API endpoint.

license_key string required

Wrapper for sensitive strings containing credentials

acknowledgements object

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

When enabled for a sink, any source that supports end-to-end acknowledgements that is connected to that sink waits for events to be acknowledged by all connected sinks before acknowledging them at the source.

Enabling or disabling acknowledgements at the sink level takes precedence over any global acknowledgements configuration.

batch object

Event batching behavior.

Default:
{
  "max_bytes": null,
  "max_events": null,
  "timeout_secs": null
}
3 nested properties
max_bytes integer | null

This is based on the uncompressed size of the batched events, before they are serialized or compressed.

Default: 1000000
min=0.0max=9007199254740990.0
max_events integer | null

The maximum size of a batch before it is flushed.

Default: 100
min=0.0max=9007199254740990.0
timeout_secs number | null

The maximum age of a batch before it is flushed.

Default: 1.0
min=-9007199254740990.0max=9007199254740990.0
compression const: "none" | const: "gzip" | const: "zlib" | const: "zstd" | const: "snappy" | object

All compression algorithms use the default compression level unless otherwise specified.

encoding object

Transformations to prepare an event for serialization.

3 nested properties
except_fields array | null

List of fields that are excluded from the encoded event.

Default: null
only_fields array | null

List of fields that are included in the encoded event.

Default: null
timestamp_format core::option::Option%3Ccodecs::encoding::transformer::TimestampFormat%3E

Format used for timestamp fields.

Default: null
region null | const: "us" | const: "eu"

New Relic region.

request object

Various settings can be configured, such as concurrency and rate limits, timeouts, and retry behavior.

Note that the retry backoff policy follows the Fibonacci sequence.

9 nested properties
adaptive_concurrency object

These parameters typically do not require changes from the default, and incorrect values can lead to meta-stable or unstable performance and sink behavior. Proceed with caution.

5 nested properties
decrease_ratio number

Valid values are greater than 0 and less than 1. Smaller values cause the algorithm to scale back rapidly when latency increases.

Note: The new limit is rounded down after applying this ratio.

Default: 0.9
min=0.0max=1.0
ewma_alpha number

Valid values are greater than 0 and less than 1.

ARC uses an exponentially weighted moving average (EWMA) of past RTT measurements as a reference to compare with the current RTT. Smaller values cause this reference to adjust more slowly, which may be useful if a service has unusually high response variability.

Default: 0.4
min=0.0max=1.0
initial_concurrency integer

Datadog recommends setting this value to your service's average limit if you're seeing that it takes a long time to ramp up adaptive concurrency after a restart. You can find this value by looking at the adaptive_concurrency_limit metric.

Default: 1
min=1.0max=9007199254740990.0
max_concurrency_limit integer

The adaptive request concurrency limit does not go above this bound. This is put in place as a safeguard.

Default: 200
min=1.0max=9007199254740990.0
rtt_deviation_scale number

Valid values are greater than or equal to 0, and reasonable values range from 1.0 to 3.0.

When calculating the past RTT average, a secondary “deviation” value is also computed that indicates how variable those values are. That deviation is used when comparing the past RTT average to the current measurements, so we can ignore increases in RTT that are within an expected range. This factor is used to scale up the deviation to an appropriate range. Larger values cause the algorithm to ignore larger increases in the RTT.

Default: 2.5
min=0.0max=9007199254740990.0
concurrency const: "none" | const: "adaptive" | integer

Configuration for outbound request concurrency.

This can be set either to one of the below enum values or to a positive integer, which denotes a fixed concurrency limit.

rate_limit_duration_secs integer

The time window used for the rate_limit_num option.

Default: 1
min=0.0max=9007199254740990.0
rate_limit_num integer

The maximum number of requests allowed within the rate_limit_duration_secs time window.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_attempts integer

The maximum number of retries to make for failed requests.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_initial_backoff_secs integer

After the first retry has failed, the Fibonacci sequence is used to select future backoffs.

Default: 1
min=1.0max=9007199254740990.0
retry_jitter_mode const: "None" | const: "Full"

The jitter mode to use for retry backoff behavior.

retry_max_duration_secs integer

The maximum amount of time to wait between retries.

Default: 30
min=1.0max=9007199254740990.0
timeout_secs integer

Datadog highly recommends that you do not lower this value below the service's internal timeout, as this could create orphaned requests, pile on retries, and result in duplicate data downstream.

Default: 60
min=0.0max=9007199254740990.0
vector::sinks::opentelemetry::OpenTelemetryConfig object

Configuration for the OpenTelemetry sink.

protocol required

Protocol configuration

vector::sinks::papertrail::PapertrailConfig object

Configuration for the papertrail sink.

encoding required

Encoding configuration. Configures how events are encoded into raw bytes. The selected encoding also determines which input types (logs, metrics, traces) are supported.

All of: codecs::encoding::serializer::SerializerConfig object | object | object | object | object | object, object object
endpoint string required
acknowledgements object

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

When enabled for a sink, any source that supports end-to-end acknowledgements that is connected to that sink waits for events to be acknowledged by all connected sinks before acknowledging them at the source.

Enabling or disabling acknowledgements at the sink level takes precedence over any global acknowledgements configuration.

keepalive core::option::Option%3Cvector_core::tcp::TcpKeepaliveConfig%3E
process string

In many cases, components can be configured so that part of the component's functionality can be customized on a per-event basis. For example, you have a sink that writes events to a file and you want to specify which file an event should go to by using an event field as part of the input to the filename used.

By using Template, users can specify either fixed strings or templated strings. Templated strings use a common syntax to refer to fields in an event that is used as the input data when rendering the template. An example of a fixed string is my-file.log. An example of a template string is my-file-{{key}}.log, where {{key}} is the key's value when the template is rendered into a string.

send_buffer_bytes integer | null

Configures the send buffer size using the SO_SNDBUF option on the socket.

min=0.0max=9007199254740990.0
tls core::option::Option%3Cvector_core::tls::settings::TlsEnableableConfig%3E
vector::sinks::postgres::config::PostgresConfig object

Configuration for the postgres sink.

endpoint string required

The PostgreSQL server connection string. It can contain the username and password. See PostgreSQL documentation about connection strings for more information about valid formats and options that can be used.

table string required

The table that data is inserted into. This table parameter is vulnerable to SQL injection attacks as Vector does not validate or sanitize it, you must not use untrusted input. This parameter will be directly interpolated in the SQL query statement, as table names as parameters in prepared statements are not allowed in PostgreSQL.

acknowledgements object

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

When enabled for a sink, any source that supports end-to-end acknowledgements that is connected to that sink waits for events to be acknowledged by all connected sinks before acknowledging them at the source.

Enabling or disabling acknowledgements at the sink level takes precedence over any global acknowledgements configuration.

batch vector::sinks::util::batch::BatchConfig%3Cvector::sinks::util::batch::RealtimeSizeBasedDefaultBatchSettings%3E

Note that as PostgreSQL's jsonb_populate_recordset function is used to insert events, a single event in the batch can make the whole batch to fail. For example, if a single event within the batch triggers a unique constraint violation in the destination table, the whole event batch will fail.

As a workaround, triggers on constraint violations can be defined at a database level to change the behavior of the insert operation on specific tables. Alternatively, setting max_events batch setting to 1 will make each event to be inserted independently, so events that trigger a constraint violation will not affect the rest of the events.

Default:
{
  "max_bytes": null,
  "max_events": null,
  "timeout_secs": null
}
pool_size integer

The postgres connection pool size. See this for more information about why a connection pool should be used.

Default: 5
min=0.0max=4294967295.0
request object

Various settings can be configured, such as concurrency and rate limits, timeouts, and retry behavior.

Note that the retry backoff policy follows the Fibonacci sequence.

9 nested properties
adaptive_concurrency object

These parameters typically do not require changes from the default, and incorrect values can lead to meta-stable or unstable performance and sink behavior. Proceed with caution.

5 nested properties
decrease_ratio number

Valid values are greater than 0 and less than 1. Smaller values cause the algorithm to scale back rapidly when latency increases.

Note: The new limit is rounded down after applying this ratio.

Default: 0.9
min=0.0max=1.0
ewma_alpha number

Valid values are greater than 0 and less than 1.

ARC uses an exponentially weighted moving average (EWMA) of past RTT measurements as a reference to compare with the current RTT. Smaller values cause this reference to adjust more slowly, which may be useful if a service has unusually high response variability.

Default: 0.4
min=0.0max=1.0
initial_concurrency integer

Datadog recommends setting this value to your service's average limit if you're seeing that it takes a long time to ramp up adaptive concurrency after a restart. You can find this value by looking at the adaptive_concurrency_limit metric.

Default: 1
min=1.0max=9007199254740990.0
max_concurrency_limit integer

The adaptive request concurrency limit does not go above this bound. This is put in place as a safeguard.

Default: 200
min=1.0max=9007199254740990.0
rtt_deviation_scale number

Valid values are greater than or equal to 0, and reasonable values range from 1.0 to 3.0.

When calculating the past RTT average, a secondary “deviation” value is also computed that indicates how variable those values are. That deviation is used when comparing the past RTT average to the current measurements, so we can ignore increases in RTT that are within an expected range. This factor is used to scale up the deviation to an appropriate range. Larger values cause the algorithm to ignore larger increases in the RTT.

Default: 2.5
min=0.0max=9007199254740990.0
concurrency const: "none" | const: "adaptive" | integer

Configuration for outbound request concurrency.

This can be set either to one of the below enum values or to a positive integer, which denotes a fixed concurrency limit.

rate_limit_duration_secs integer

The time window used for the rate_limit_num option.

Default: 1
min=0.0max=9007199254740990.0
rate_limit_num integer

The maximum number of requests allowed within the rate_limit_duration_secs time window.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_attempts integer

The maximum number of retries to make for failed requests.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_initial_backoff_secs integer

After the first retry has failed, the Fibonacci sequence is used to select future backoffs.

Default: 1
min=1.0max=9007199254740990.0
retry_jitter_mode const: "None" | const: "Full"

The jitter mode to use for retry backoff behavior.

retry_max_duration_secs integer

The maximum amount of time to wait between retries.

Default: 30
min=1.0max=9007199254740990.0
timeout_secs integer

Datadog highly recommends that you do not lower this value below the service's internal timeout, as this could create orphaned requests, pile on retries, and result in duplicate data downstream.

Default: 60
min=0.0max=9007199254740990.0
vector::sinks::prometheus::exporter::PrometheusExporterConfig object

Configuration for the prometheus_exporter sink.

acknowledgements object

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

When enabled for a sink, any source that supports end-to-end acknowledgements that is connected to that sink waits for events to be acknowledged by all connected sinks before acknowledging them at the source.

Enabling or disabling acknowledgements at the sink level takes precedence over any global acknowledgements configuration.

address string

An internet socket address, either IPv4 or IPv6.

auth core::option::Option%3Cvector::http::Auth%3E
buckets number[]
Default:
[
  0.005,
  0.01,
  0.025,
  0.05,
  0.1,
  0.25,
  0.5,
  1.0,
  2.5,
  5.0,
  10.0
]
default_namespace string | null

This namespace is only used if a metric has no existing namespace. When a namespace is present, it is used as a prefix to the metric name, and separated with an underscore (_).

It should follow the Prometheus naming conventions.

distributions_as_summaries boolean

While distributions as a lossless way to represent a set of samples for a metric is supported, Prometheus clients (the application being scraped, which is this sink) must aggregate locally into either an aggregated histogram or aggregated summary.

Default: false
flush_period_secs integer

A span of time, in whole seconds.

min=0.0max=9007199254740990.0
quantiles number[]
Default:
[
  0.5,
  0.75,
  0.9,
  0.95,
  0.99
]
suppress_timestamp boolean

This can sometimes be useful when the source of metrics leads to their timestamps being too far in the past for Prometheus to allow them, such as when aggregating metrics over long time periods, or when replaying old metrics from a disk buffer.

Default: false
tls core::option::Option%3Cvector_core::tls::settings::TlsEnableableConfig%3E
vector::sinks::prometheus::remote_write::config::RemoteWriteConfig object

Configuration for the prometheus_remote_write sink.

endpoint string required

The endpoint should include the scheme and the path to write to.

acknowledgements object

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

When enabled for a sink, any source that supports end-to-end acknowledgements that is connected to that sink waits for events to be acknowledged by all connected sinks before acknowledging them at the source.

Enabling or disabling acknowledgements at the sink level takes precedence over any global acknowledgements configuration.

auth null | object | object

Authentication strategies.

aws core::option::Option%3Cvector::aws::region::RegionOrEndpoint%3E
batch

The batch config for remote write.

Default:
{
  "max_bytes": null,
  "max_events": null,
  "timeout_secs": null,
  "aggregate": true
}
All of: object object, object object
buckets number[]
Default:
[
  0.005,
  0.01,
  0.025,
  0.05,
  0.1,
  0.25,
  0.5,
  1.0,
  2.5,
  5.0,
  10.0
]
compression const: "none" | const: "gzip" | const: "zlib" | const: "zstd" | const: "snappy" | object

All compression algorithms use the default compression level unless otherwise specified.

default_namespace string | null

This namespace is only used if a metric has no existing namespace. When a namespace is present, it is used as a prefix to the metric name, and separated with an underscore (_).

It should follow the Prometheus naming conventions.

expire_metrics_secs number | null

If unset, sending unique incremental metrics to this sink will cause indefinite memory growth.

min=-9007199254740990.0max=9007199254740990.0
quantiles number[]
Default:
[
  0.5,
  0.75,
  0.9,
  0.95,
  0.99
]
request

Outbound HTTP request settings for the Prometheus remote write sink.

Default:
{
  "timeout_secs": 60,
  "rate_limit_duration_secs": 1,
  "rate_limit_num": 9223372036854775807,
  "retry_attempts": 9223372036854775807,
  "retry_max_duration_secs": 30,
  "retry_initial_backoff_secs": 1,
  "retry_jitter_mode": "Full",
  "adaptive_concurrency": {
    "initial_concurrency": 1,
    "decrease_ratio": 0.9,
    "ewma_alpha": 0.4,
    "rtt_deviation_scale": 2.5,
    "max_concurrency_limit": 200
  },
  "headers": {}
}
All of: object object, Middleware settings for outbound requests. object
tenant_id core::option::Option%3Cvector::template::Template%3E

If set, a header named X-Scope-OrgID is added to outgoing requests with the value of this setting.

This may be used by Cortex or other remote services to identify the tenant making the request.

Default: null
tls core::option::Option%3Cvector_core::tls::settings::TlsConfig%3E
vector::sinks::pulsar::config::PulsarSinkConfig object

Configuration for the pulsar sink.

encoding required

Encoding configuration. Configures how events are encoded into raw bytes. The selected encoding also determines which input types (logs, metrics, traces) are supported.

All of: codecs::encoding::serializer::SerializerConfig object | object | object | object | object | object, object object
endpoint string required

The endpoint should specify the pulsar protocol and port.

topic string required

In many cases, components can be configured so that part of the component's functionality can be customized on a per-event basis. For example, you have a sink that writes events to a file and you want to specify which file an event should go to by using an event field as part of the input to the filename used.

By using Template, users can specify either fixed strings or templated strings. Templated strings use a common syntax to refer to fields in an event that is used as the input data when rendering the template. An example of a fixed string is my-file.log. An example of a template string is my-file-{{key}}.log, where {{key}} is the key's value when the template is rendered into a string.

acknowledgements object

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

When enabled for a sink, any source that supports end-to-end acknowledgements that is connected to that sink waits for events to be acknowledged by all connected sinks before acknowledging them at the source.

Enabling or disabling acknowledgements at the sink level takes precedence over any global acknowledgements configuration.

auth null | object

Authentication configuration.

batch object

Event batching behavior.

Default:
{
  "max_events": null,
  "max_bytes": null
}
2 nested properties
max_bytes integer | null

The maximum size of a batch before it is flushed.

min=0.0max=9007199254740990.0
max_events integer | null

Note this is an unsigned 32 bit integer which is a smaller capacity than many of the other sink batch settings.

min=0.0max=4294967295.0
compression const: "none" | const: "lz4" | const: "zlib" | const: "zstd" | const: "snappy"

Supported compression types for Pulsar.

Default: "none"
connection_retry_options null | object

Custom connection retry options configuration for the Pulsar client.

Default: null
partition_key_field core::option::Option%3Cvector_lookup::lookup_v2::optional_path::OptionalTargetPath%3E

If the field does not exist in the log event or metric tags, a blank value will be used.

If omitted, the key is not sent.

Pulsar uses a hash of the key to choose the topic-partition or uses round-robin if the record has no key.

producer_name string | null

The name of the producer. If not specified, the default name assigned by Pulsar is used.

properties_key core::option::Option%3Cvector_lookup::lookup_v2::optional_path::OptionalTargetPath%3E

If omitted, no properties will be written.

tls null | object

TLS options configuration for the Pulsar client.

Default: null
vector::sinks::redis::config::RedisSinkConfig object

Configuration for the redis sink.

encoding required

Encoding configuration. Configures how events are encoded into raw bytes. The selected encoding also determines which input types (logs, metrics, traces) are supported.

All of: codecs::encoding::serializer::SerializerConfig object | object | object | object | object | object, object object
endpoint vector::serde::OneOrMany%3Calloc::string::String%3E required

The URL must take the form of protocol://server:port/db where the protocol can either be redis or rediss for connections secured via TLS.

key string required

In many cases, components can be configured so that part of the component's functionality can be customized on a per-event basis. For example, you have a sink that writes events to a file and you want to specify which file an event should go to by using an event field as part of the input to the filename used.

By using Template, users can specify either fixed strings or templated strings. Templated strings use a common syntax to refer to fields in an event that is used as the input data when rendering the template. An example of a fixed string is my-file.log. An example of a template string is my-file-{{key}}.log, where {{key}} is the key's value when the template is rendered into a string.

acknowledgements object

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

When enabled for a sink, any source that supports end-to-end acknowledgements that is connected to that sink waits for events to be acknowledged by all connected sinks before acknowledging them at the source.

Enabling or disabling acknowledgements at the sink level takes precedence over any global acknowledgements configuration.

batch object

Event batching behavior.

Default:
{
  "max_bytes": null,
  "max_events": null,
  "timeout_secs": null
}
3 nested properties
max_bytes integer | null

This is based on the uncompressed size of the batched events, before they are serialized or compressed.

Default: null
min=0.0max=9007199254740990.0
max_events integer | null

The maximum size of a batch before it is flushed.

Default: 1
min=0.0max=9007199254740990.0
timeout_secs number | null

The maximum age of a batch before it is flushed.

Default: 1.0
min=-9007199254740990.0max=9007199254740990.0
data_type const: "list" | const: "sortedset" | const: "channel"

Redis data type to store messages in.

Default: "list"
list_option null | object

List-specific options.

request object

Various settings can be configured, such as concurrency and rate limits, timeouts, and retry behavior.

Note that the retry backoff policy follows the Fibonacci sequence.

Default:
{
  "timeout_secs": 60,
  "rate_limit_duration_secs": 1,
  "rate_limit_num": 9223372036854775807,
  "retry_attempts": 9223372036854775807,
  "retry_max_duration_secs": 30,
  "retry_initial_backoff_secs": 1,
  "retry_jitter_mode": "Full",
  "adaptive_concurrency": {
    "initial_concurrency": 1,
    "decrease_ratio": 0.9,
    "ewma_alpha": 0.4,
    "rtt_deviation_scale": 2.5,
    "max_concurrency_limit": 200
  }
}
9 nested properties
adaptive_concurrency object

These parameters typically do not require changes from the default, and incorrect values can lead to meta-stable or unstable performance and sink behavior. Proceed with caution.

5 nested properties
decrease_ratio number

Valid values are greater than 0 and less than 1. Smaller values cause the algorithm to scale back rapidly when latency increases.

Note: The new limit is rounded down after applying this ratio.

Default: 0.9
min=0.0max=1.0
ewma_alpha number

Valid values are greater than 0 and less than 1.

ARC uses an exponentially weighted moving average (EWMA) of past RTT measurements as a reference to compare with the current RTT. Smaller values cause this reference to adjust more slowly, which may be useful if a service has unusually high response variability.

Default: 0.4
min=0.0max=1.0
initial_concurrency integer

Datadog recommends setting this value to your service's average limit if you're seeing that it takes a long time to ramp up adaptive concurrency after a restart. You can find this value by looking at the adaptive_concurrency_limit metric.

Default: 1
min=1.0max=9007199254740990.0
max_concurrency_limit integer

The adaptive request concurrency limit does not go above this bound. This is put in place as a safeguard.

Default: 200
min=1.0max=9007199254740990.0
rtt_deviation_scale number

Valid values are greater than or equal to 0, and reasonable values range from 1.0 to 3.0.

When calculating the past RTT average, a secondary “deviation” value is also computed that indicates how variable those values are. That deviation is used when comparing the past RTT average to the current measurements, so we can ignore increases in RTT that are within an expected range. This factor is used to scale up the deviation to an appropriate range. Larger values cause the algorithm to ignore larger increases in the RTT.

Default: 2.5
min=0.0max=9007199254740990.0
concurrency const: "none" | const: "adaptive" | integer

Configuration for outbound request concurrency.

This can be set either to one of the below enum values or to a positive integer, which denotes a fixed concurrency limit.

rate_limit_duration_secs integer

The time window used for the rate_limit_num option.

Default: 1
min=0.0max=9007199254740990.0
rate_limit_num integer

The maximum number of requests allowed within the rate_limit_duration_secs time window.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_attempts integer

The maximum number of retries to make for failed requests.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_initial_backoff_secs integer

After the first retry has failed, the Fibonacci sequence is used to select future backoffs.

Default: 1
min=1.0max=9007199254740990.0
retry_jitter_mode const: "None" | const: "Full"

The jitter mode to use for retry backoff behavior.

retry_max_duration_secs integer

The maximum amount of time to wait between retries.

Default: 30
min=1.0max=9007199254740990.0
timeout_secs integer

Datadog highly recommends that you do not lower this value below the service's internal timeout, as this could create orphaned requests, pile on retries, and result in duplicate data downstream.

Default: 60
min=0.0max=9007199254740990.0
sentinel_connect null | object

Controls how Redis Sentinel will connect to the servers belonging to it.

Default: null
sentinel_service string | null

If this is specified, endpoint will be used to reach sentinel instances instead of a redis instance.

sorted_set_option null | object

Sorted Set-specific options

vector::sinks::sematext::Region const: "us" | const: "eu"

The Sematext region to send data to.

vector::sinks::sematext::logs::SematextLogsConfig object

Configuration for the sematext_logs sink.

token string required

Wrapper for sensitive strings containing credentials

acknowledgements object

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

When enabled for a sink, any source that supports end-to-end acknowledgements that is connected to that sink waits for events to be acknowledged by all connected sinks before acknowledging them at the source.

Enabling or disabling acknowledgements at the sink level takes precedence over any global acknowledgements configuration.

batch vector::sinks::util::batch::BatchConfig%3Cvector::sinks::util::batch::RealtimeSizeBasedDefaultBatchSettings%3E

Event batching behavior.

Default:
{
  "max_bytes": null,
  "max_events": null,
  "timeout_secs": null
}
encoding object

Transformations to prepare an event for serialization.

3 nested properties
except_fields array | null

List of fields that are excluded from the encoded event.

Default: null
only_fields array | null

List of fields that are included in the encoded event.

Default: null
timestamp_format core::option::Option%3Ccodecs::encoding::transformer::TimestampFormat%3E

Format used for timestamp fields.

Default: null
endpoint string | null

Setting this option overrides the region option.

region const: "us" | const: "eu"

The Sematext region to send data to.

request object

Various settings can be configured, such as concurrency and rate limits, timeouts, and retry behavior.

Note that the retry backoff policy follows the Fibonacci sequence.

9 nested properties
adaptive_concurrency object

These parameters typically do not require changes from the default, and incorrect values can lead to meta-stable or unstable performance and sink behavior. Proceed with caution.

5 nested properties
decrease_ratio number

Valid values are greater than 0 and less than 1. Smaller values cause the algorithm to scale back rapidly when latency increases.

Note: The new limit is rounded down after applying this ratio.

Default: 0.9
min=0.0max=1.0
ewma_alpha number

Valid values are greater than 0 and less than 1.

ARC uses an exponentially weighted moving average (EWMA) of past RTT measurements as a reference to compare with the current RTT. Smaller values cause this reference to adjust more slowly, which may be useful if a service has unusually high response variability.

Default: 0.4
min=0.0max=1.0
initial_concurrency integer

Datadog recommends setting this value to your service's average limit if you're seeing that it takes a long time to ramp up adaptive concurrency after a restart. You can find this value by looking at the adaptive_concurrency_limit metric.

Default: 1
min=1.0max=9007199254740990.0
max_concurrency_limit integer

The adaptive request concurrency limit does not go above this bound. This is put in place as a safeguard.

Default: 200
min=1.0max=9007199254740990.0
rtt_deviation_scale number

Valid values are greater than or equal to 0, and reasonable values range from 1.0 to 3.0.

When calculating the past RTT average, a secondary “deviation” value is also computed that indicates how variable those values are. That deviation is used when comparing the past RTT average to the current measurements, so we can ignore increases in RTT that are within an expected range. This factor is used to scale up the deviation to an appropriate range. Larger values cause the algorithm to ignore larger increases in the RTT.

Default: 2.5
min=0.0max=9007199254740990.0
concurrency const: "none" | const: "adaptive" | integer

Configuration for outbound request concurrency.

This can be set either to one of the below enum values or to a positive integer, which denotes a fixed concurrency limit.

rate_limit_duration_secs integer

The time window used for the rate_limit_num option.

Default: 1
min=0.0max=9007199254740990.0
rate_limit_num integer

The maximum number of requests allowed within the rate_limit_duration_secs time window.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_attempts integer

The maximum number of retries to make for failed requests.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_initial_backoff_secs integer

After the first retry has failed, the Fibonacci sequence is used to select future backoffs.

Default: 1
min=1.0max=9007199254740990.0
retry_jitter_mode const: "None" | const: "Full"

The jitter mode to use for retry backoff behavior.

retry_max_duration_secs integer

The maximum amount of time to wait between retries.

Default: 30
min=1.0max=9007199254740990.0
timeout_secs integer

Datadog highly recommends that you do not lower this value below the service's internal timeout, as this could create orphaned requests, pile on retries, and result in duplicate data downstream.

Default: 60
min=0.0max=9007199254740990.0
vector::sinks::sematext::metrics::SematextMetricsConfig object

Configuration for the sematext_metrics sink.

default_namespace string required

This namespace is only used if a metric has no existing namespace. When a namespace is present, it is used as a prefix to the metric name, and separated with a period (.).

token string required

Wrapper for sensitive strings containing credentials

acknowledgements object

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

When enabled for a sink, any source that supports end-to-end acknowledgements that is connected to that sink waits for events to be acknowledged by all connected sinks before acknowledging them at the source.

Enabling or disabling acknowledgements at the sink level takes precedence over any global acknowledgements configuration.

batch object

Event batching behavior.

Default:
{
  "max_bytes": null,
  "max_events": null,
  "timeout_secs": null
}
3 nested properties
max_bytes integer | null

This is based on the uncompressed size of the batched events, before they are serialized or compressed.

Default: null
min=0.0max=9007199254740990.0
max_events integer | null

The maximum size of a batch before it is flushed.

Default: 20
min=0.0max=9007199254740990.0
timeout_secs number | null

The maximum age of a batch before it is flushed.

Default: 1.0
min=-9007199254740990.0max=9007199254740990.0
endpoint string | null

Setting this option overrides the region option.

region const: "us" | const: "eu"

The Sematext region to send data to.

request object

Various settings can be configured, such as concurrency and rate limits, timeouts, and retry behavior.

Note that the retry backoff policy follows the Fibonacci sequence.

9 nested properties
adaptive_concurrency object

These parameters typically do not require changes from the default, and incorrect values can lead to meta-stable or unstable performance and sink behavior. Proceed with caution.

5 nested properties
decrease_ratio number

Valid values are greater than 0 and less than 1. Smaller values cause the algorithm to scale back rapidly when latency increases.

Note: The new limit is rounded down after applying this ratio.

Default: 0.9
min=0.0max=1.0
ewma_alpha number

Valid values are greater than 0 and less than 1.

ARC uses an exponentially weighted moving average (EWMA) of past RTT measurements as a reference to compare with the current RTT. Smaller values cause this reference to adjust more slowly, which may be useful if a service has unusually high response variability.

Default: 0.4
min=0.0max=1.0
initial_concurrency integer

Datadog recommends setting this value to your service's average limit if you're seeing that it takes a long time to ramp up adaptive concurrency after a restart. You can find this value by looking at the adaptive_concurrency_limit metric.

Default: 1
min=1.0max=9007199254740990.0
max_concurrency_limit integer

The adaptive request concurrency limit does not go above this bound. This is put in place as a safeguard.

Default: 200
min=1.0max=9007199254740990.0
rtt_deviation_scale number

Valid values are greater than or equal to 0, and reasonable values range from 1.0 to 3.0.

When calculating the past RTT average, a secondary “deviation” value is also computed that indicates how variable those values are. That deviation is used when comparing the past RTT average to the current measurements, so we can ignore increases in RTT that are within an expected range. This factor is used to scale up the deviation to an appropriate range. Larger values cause the algorithm to ignore larger increases in the RTT.

Default: 2.5
min=0.0max=9007199254740990.0
concurrency const: "none" | const: "adaptive" | integer

Configuration for outbound request concurrency.

This can be set either to one of the below enum values or to a positive integer, which denotes a fixed concurrency limit.

rate_limit_duration_secs integer

The time window used for the rate_limit_num option.

Default: 1
min=0.0max=9007199254740990.0
rate_limit_num integer

The maximum number of requests allowed within the rate_limit_duration_secs time window.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_attempts integer

The maximum number of retries to make for failed requests.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_initial_backoff_secs integer

After the first retry has failed, the Fibonacci sequence is used to select future backoffs.

Default: 1
min=1.0max=9007199254740990.0
retry_jitter_mode const: "None" | const: "Full"

The jitter mode to use for retry backoff behavior.

retry_max_duration_secs integer

The maximum amount of time to wait between retries.

Default: 30
min=1.0max=9007199254740990.0
timeout_secs integer

Datadog highly recommends that you do not lower this value below the service's internal timeout, as this could create orphaned requests, pile on retries, and result in duplicate data downstream.

Default: 60
min=0.0max=9007199254740990.0
vector::sinks::socket::SocketSinkConfig

Configuration for the socket sink.

vector::sinks::socket::UnixMode

Unix Domain Socket configuration.

vector::sinks::splunk_hec::common::acknowledgements::HecClientAcknowledgementsConfig

Splunk HEC acknowledgement configuration.

vector::sinks::splunk_hec::logs::config::HecLogsSinkConfig object

Configuration for the splunk_hec_logs sink.

default_token string required

Wrapper for sensitive strings containing credentials

encoding required

Encoding configuration. Configures how events are encoded into raw bytes. The selected encoding also determines which input types (logs, metrics, traces) are supported.

All of: codecs::encoding::serializer::SerializerConfig object | object | object | object | object | object, object object
endpoint string required

The scheme (http or https) must be specified. No path should be included since the paths defined by the Splunk API are used.

format=uri
acknowledgements

Splunk HEC acknowledgement configuration.

Default:
{
  "indexer_acknowledgements_enabled": true,
  "query_interval": 10,
  "retry_limit": 30,
  "max_pending_acks": 1000000
}
All of: object object, Controls how acknowledgements are handled for this sink. object
auto_extract_timestamp boolean | null

This option is only relevant to Splunk v8.x and above, and is only applied when endpoint_target is set to event.

Setting this to true causes Splunk to extract the timestamp from the message text rather than use the timestamp embedded in the event. The timestamp must be in the format yyyy-mm-dd hh:mm:ss.

Default: null
batch vector::sinks::util::batch::BatchConfig%3Cvector::sinks::splunk_hec::common::util::SplunkHecDefaultBatchSettings%3E

Event batching behavior.

Default:
{
  "max_bytes": null,
  "max_events": null,
  "timeout_secs": null
}
compression const: "none" | const: "gzip" | const: "zlib" | const: "zstd" | const: "snappy" | object

All compression algorithms use the default compression level unless otherwise specified.

endpoint_target const: "raw" | const: "event"

Splunk HEC endpoint configuration.

Default: "event"
host_key core::option::Option%3Cvector_lookup::lookup_v2::optional_path::OptionalTargetPath%3E

By default, the global log_schema.host_key option is used if log events are Legacy namespaced, or the semantic meaning of "host" is used, if defined.

index core::option::Option%3Cvector::template::Template%3E

If not specified, the default index defined within Splunk is used.

indexed_fields vector_lookup::lookup_v2::ConfigValuePath[]
Default:
[]
request object

Various settings can be configured, such as concurrency and rate limits, timeouts, and retry behavior.

Note that the retry backoff policy follows the Fibonacci sequence.

9 nested properties
adaptive_concurrency object

These parameters typically do not require changes from the default, and incorrect values can lead to meta-stable or unstable performance and sink behavior. Proceed with caution.

5 nested properties
decrease_ratio number

Valid values are greater than 0 and less than 1. Smaller values cause the algorithm to scale back rapidly when latency increases.

Note: The new limit is rounded down after applying this ratio.

Default: 0.9
min=0.0max=1.0
ewma_alpha number

Valid values are greater than 0 and less than 1.

ARC uses an exponentially weighted moving average (EWMA) of past RTT measurements as a reference to compare with the current RTT. Smaller values cause this reference to adjust more slowly, which may be useful if a service has unusually high response variability.

Default: 0.4
min=0.0max=1.0
initial_concurrency integer

Datadog recommends setting this value to your service's average limit if you're seeing that it takes a long time to ramp up adaptive concurrency after a restart. You can find this value by looking at the adaptive_concurrency_limit metric.

Default: 1
min=1.0max=9007199254740990.0
max_concurrency_limit integer

The adaptive request concurrency limit does not go above this bound. This is put in place as a safeguard.

Default: 200
min=1.0max=9007199254740990.0
rtt_deviation_scale number

Valid values are greater than or equal to 0, and reasonable values range from 1.0 to 3.0.

When calculating the past RTT average, a secondary “deviation” value is also computed that indicates how variable those values are. That deviation is used when comparing the past RTT average to the current measurements, so we can ignore increases in RTT that are within an expected range. This factor is used to scale up the deviation to an appropriate range. Larger values cause the algorithm to ignore larger increases in the RTT.

Default: 2.5
min=0.0max=9007199254740990.0
concurrency const: "none" | const: "adaptive" | integer

Configuration for outbound request concurrency.

This can be set either to one of the below enum values or to a positive integer, which denotes a fixed concurrency limit.

rate_limit_duration_secs integer

The time window used for the rate_limit_num option.

Default: 1
min=0.0max=9007199254740990.0
rate_limit_num integer

The maximum number of requests allowed within the rate_limit_duration_secs time window.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_attempts integer

The maximum number of retries to make for failed requests.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_initial_backoff_secs integer

After the first retry has failed, the Fibonacci sequence is used to select future backoffs.

Default: 1
min=1.0max=9007199254740990.0
retry_jitter_mode const: "None" | const: "Full"

The jitter mode to use for retry backoff behavior.

retry_max_duration_secs integer

The maximum amount of time to wait between retries.

Default: 30
min=1.0max=9007199254740990.0
timeout_secs integer

Datadog highly recommends that you do not lower this value below the service's internal timeout, as this could create orphaned requests, pile on retries, and result in duplicate data downstream.

Default: 60
min=0.0max=9007199254740990.0
source core::option::Option%3Cvector::template::Template%3E

This is typically the filename the logs originated from.

If unset, the Splunk collector sets it.

sourcetype core::option::Option%3Cvector::template::Template%3E

If unset, Splunk defaults to httpevent.

timestamp_key core::option::Option%3Cvector_lookup::lookup_v2::optional_path::OptionalTargetPath%3E

By default, either the global log_schema.timestamp_key option is used if log events are Legacy namespaced, or the semantic meaning of "timestamp" is used, if defined.

tls core::option::Option%3Cvector_core::tls::settings::TlsConfig%3E
vector::sinks::splunk_hec::metrics::config::HecMetricsSinkConfig object

Configuration of the splunk_hec_metrics sink.

default_token string required

Wrapper for sensitive strings containing credentials

endpoint string required

The scheme (http or https) must be specified. No path should be included since the paths defined by the Splunk API are used.

format=uri
acknowledgements

Splunk HEC acknowledgement configuration.

Default:
{
  "indexer_acknowledgements_enabled": true,
  "query_interval": 10,
  "retry_limit": 30,
  "max_pending_acks": 1000000
}
All of: object object, Controls how acknowledgements are handled for this sink. object
batch vector::sinks::util::batch::BatchConfig%3Cvector::sinks::splunk_hec::common::util::SplunkHecDefaultBatchSettings%3E

Event batching behavior.

Default:
{
  "max_bytes": null,
  "max_events": null,
  "timeout_secs": null
}
compression const: "none" | const: "gzip" | const: "zlib" | const: "zstd" | const: "snappy" | object

All compression algorithms use the default compression level unless otherwise specified.

default_namespace string | null

This namespace is only used if a metric has no existing namespace. When a namespace is present, it is used as a prefix to the metric name, and separated with a period (.).

host_key string

An optional path that deserializes an empty string to None.

index core::option::Option%3Cvector::template::Template%3E

If not specified, the default index defined within Splunk is used.

request object

Various settings can be configured, such as concurrency and rate limits, timeouts, and retry behavior.

Note that the retry backoff policy follows the Fibonacci sequence.

9 nested properties
adaptive_concurrency object

These parameters typically do not require changes from the default, and incorrect values can lead to meta-stable or unstable performance and sink behavior. Proceed with caution.

5 nested properties
decrease_ratio number

Valid values are greater than 0 and less than 1. Smaller values cause the algorithm to scale back rapidly when latency increases.

Note: The new limit is rounded down after applying this ratio.

Default: 0.9
min=0.0max=1.0
ewma_alpha number

Valid values are greater than 0 and less than 1.

ARC uses an exponentially weighted moving average (EWMA) of past RTT measurements as a reference to compare with the current RTT. Smaller values cause this reference to adjust more slowly, which may be useful if a service has unusually high response variability.

Default: 0.4
min=0.0max=1.0
initial_concurrency integer

Datadog recommends setting this value to your service's average limit if you're seeing that it takes a long time to ramp up adaptive concurrency after a restart. You can find this value by looking at the adaptive_concurrency_limit metric.

Default: 1
min=1.0max=9007199254740990.0
max_concurrency_limit integer

The adaptive request concurrency limit does not go above this bound. This is put in place as a safeguard.

Default: 200
min=1.0max=9007199254740990.0
rtt_deviation_scale number

Valid values are greater than or equal to 0, and reasonable values range from 1.0 to 3.0.

When calculating the past RTT average, a secondary “deviation” value is also computed that indicates how variable those values are. That deviation is used when comparing the past RTT average to the current measurements, so we can ignore increases in RTT that are within an expected range. This factor is used to scale up the deviation to an appropriate range. Larger values cause the algorithm to ignore larger increases in the RTT.

Default: 2.5
min=0.0max=9007199254740990.0
concurrency const: "none" | const: "adaptive" | integer

Configuration for outbound request concurrency.

This can be set either to one of the below enum values or to a positive integer, which denotes a fixed concurrency limit.

rate_limit_duration_secs integer

The time window used for the rate_limit_num option.

Default: 1
min=0.0max=9007199254740990.0
rate_limit_num integer

The maximum number of requests allowed within the rate_limit_duration_secs time window.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_attempts integer

The maximum number of retries to make for failed requests.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_initial_backoff_secs integer

After the first retry has failed, the Fibonacci sequence is used to select future backoffs.

Default: 1
min=1.0max=9007199254740990.0
retry_jitter_mode const: "None" | const: "Full"

The jitter mode to use for retry backoff behavior.

retry_max_duration_secs integer

The maximum amount of time to wait between retries.

Default: 30
min=1.0max=9007199254740990.0
timeout_secs integer

Datadog highly recommends that you do not lower this value below the service's internal timeout, as this could create orphaned requests, pile on retries, and result in duplicate data downstream.

Default: 60
min=0.0max=9007199254740990.0
source core::option::Option%3Cvector::template::Template%3E

This is typically the filename the logs originated from.

If unset, the Splunk collector sets it.

sourcetype core::option::Option%3Cvector::template::Template%3E

If unset, Splunk defaults to httpevent.

tls core::option::Option%3Cvector_core::tls::settings::TlsConfig%3E
vector::sinks::statsd::config::StatsdSinkConfig

Configuration for the statsd sink.

vector::sinks::util::adaptive_concurrency::AdaptiveConcurrencySettings object

These parameters typically do not require changes from the default, and incorrect values can lead to meta-stable or unstable performance and sink behavior. Proceed with caution.

decrease_ratio number

Valid values are greater than 0 and less than 1. Smaller values cause the algorithm to scale back rapidly when latency increases.

Note: The new limit is rounded down after applying this ratio.

Default: 0.9
min=0.0max=1.0
ewma_alpha number

Valid values are greater than 0 and less than 1.

ARC uses an exponentially weighted moving average (EWMA) of past RTT measurements as a reference to compare with the current RTT. Smaller values cause this reference to adjust more slowly, which may be useful if a service has unusually high response variability.

Default: 0.4
min=0.0max=1.0
initial_concurrency integer

Datadog recommends setting this value to your service's average limit if you're seeing that it takes a long time to ramp up adaptive concurrency after a restart. You can find this value by looking at the adaptive_concurrency_limit metric.

Default: 1
min=1.0max=9007199254740990.0
max_concurrency_limit integer

The adaptive request concurrency limit does not go above this bound. This is put in place as a safeguard.

Default: 200
min=1.0max=9007199254740990.0
rtt_deviation_scale number

Valid values are greater than or equal to 0, and reasonable values range from 1.0 to 3.0.

When calculating the past RTT average, a secondary “deviation” value is also computed that indicates how variable those values are. That deviation is used when comparing the past RTT average to the current measurements, so we can ignore increases in RTT that are within an expected range. This factor is used to scale up the deviation to an appropriate range. Larger values cause the algorithm to ignore larger increases in the RTT.

Default: 2.5
min=0.0max=9007199254740990.0
vector::sinks::util::batch::BatchConfig<vector::sinks::greptimedb::GreptimeDBDefaultBatchSettings> object

Event batching behavior.

max_bytes integer | null

This is based on the uncompressed size of the batched events, before they are serialized or compressed.

Default: null
min=0.0max=9007199254740990.0
max_events integer | null

The maximum size of a batch before it is flushed.

Default: 20
min=0.0max=9007199254740990.0
timeout_secs number | null

The maximum age of a batch before it is flushed.

Default: 1.0
min=-9007199254740990.0max=9007199254740990.0
vector::sinks::util::batch::BatchConfig<vector::sinks::splunk_hec::common::util::SplunkHecDefaultBatchSettings> object

Event batching behavior.

max_bytes integer | null

This is based on the uncompressed size of the batched events, before they are serialized or compressed.

Default: 1000000
min=0.0max=9007199254740990.0
max_events integer | null

The maximum size of a batch before it is flushed.

Default: null
min=0.0max=9007199254740990.0
timeout_secs number | null

The maximum age of a batch before it is flushed.

Default: 1.0
min=-9007199254740990.0max=9007199254740990.0
vector::sinks::util::batch::BatchConfig<vector::sinks::util::batch::BulkSizeBasedDefaultBatchSettings> object

Event batching behavior.

max_bytes integer | null

This is based on the uncompressed size of the batched events, before they are serialized or compressed.

Default: 10000000
min=0.0max=9007199254740990.0
max_events integer | null

The maximum size of a batch before it is flushed.

Default: null
min=0.0max=9007199254740990.0
timeout_secs number | null

The maximum age of a batch before it is flushed.

Default: 300.0
min=-9007199254740990.0max=9007199254740990.0
vector::sinks::util::batch::BatchConfig<vector::sinks::util::batch::RealtimeSizeBasedDefaultBatchSettings> object

Event batching behavior.

max_bytes integer | null

This is based on the uncompressed size of the batched events, before they are serialized or compressed.

Default: 10000000
min=0.0max=9007199254740990.0
max_events integer | null

The maximum size of a batch before it is flushed.

Default: null
min=0.0max=9007199254740990.0
timeout_secs number | null

The maximum age of a batch before it is flushed.

Default: 1.0
min=-9007199254740990.0max=9007199254740990.0
vector::sinks::util::buffer::compression::Compression const: "none" | const: "gzip" | const: "zlib" | const: "zstd" | const: "snappy" | object

All compression algorithms use the default compression level unless otherwise specified.

vector::sinks::util::buffer::compression::CompressionLevel enum

Compression level.

vector::sinks::util::http::RequestConfig

Outbound HTTP request settings.

vector::sinks::util::retries::JitterMode const: "None" | const: "Full"

The jitter mode to use for retry backoff behavior.

vector::sinks::util::service::TowerRequestConfig object

Various settings can be configured, such as concurrency and rate limits, timeouts, and retry behavior.

Note that the retry backoff policy follows the Fibonacci sequence.

adaptive_concurrency object

These parameters typically do not require changes from the default, and incorrect values can lead to meta-stable or unstable performance and sink behavior. Proceed with caution.

5 nested properties
decrease_ratio number

Valid values are greater than 0 and less than 1. Smaller values cause the algorithm to scale back rapidly when latency increases.

Note: The new limit is rounded down after applying this ratio.

Default: 0.9
min=0.0max=1.0
ewma_alpha number

Valid values are greater than 0 and less than 1.

ARC uses an exponentially weighted moving average (EWMA) of past RTT measurements as a reference to compare with the current RTT. Smaller values cause this reference to adjust more slowly, which may be useful if a service has unusually high response variability.

Default: 0.4
min=0.0max=1.0
initial_concurrency integer

Datadog recommends setting this value to your service's average limit if you're seeing that it takes a long time to ramp up adaptive concurrency after a restart. You can find this value by looking at the adaptive_concurrency_limit metric.

Default: 1
min=1.0max=9007199254740990.0
max_concurrency_limit integer

The adaptive request concurrency limit does not go above this bound. This is put in place as a safeguard.

Default: 200
min=1.0max=9007199254740990.0
rtt_deviation_scale number

Valid values are greater than or equal to 0, and reasonable values range from 1.0 to 3.0.

When calculating the past RTT average, a secondary “deviation” value is also computed that indicates how variable those values are. That deviation is used when comparing the past RTT average to the current measurements, so we can ignore increases in RTT that are within an expected range. This factor is used to scale up the deviation to an appropriate range. Larger values cause the algorithm to ignore larger increases in the RTT.

Default: 2.5
min=0.0max=9007199254740990.0
concurrency const: "none" | const: "adaptive" | integer

Configuration for outbound request concurrency.

This can be set either to one of the below enum values or to a positive integer, which denotes a fixed concurrency limit.

rate_limit_duration_secs integer

The time window used for the rate_limit_num option.

Default: 1
min=0.0max=9007199254740990.0
rate_limit_num integer

The maximum number of requests allowed within the rate_limit_duration_secs time window.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_attempts integer

The maximum number of retries to make for failed requests.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_initial_backoff_secs integer

After the first retry has failed, the Fibonacci sequence is used to select future backoffs.

Default: 1
min=1.0max=9007199254740990.0
retry_jitter_mode const: "None" | const: "Full"

The jitter mode to use for retry backoff behavior.

retry_max_duration_secs integer

The maximum amount of time to wait between retries.

Default: 30
min=1.0max=9007199254740990.0
timeout_secs integer

Datadog highly recommends that you do not lower this value below the service's internal timeout, as this could create orphaned requests, pile on retries, and result in duplicate data downstream.

Default: 60
min=0.0max=9007199254740990.0
vector::sinks::util::service::concurrency::Concurrency const: "none" | const: "adaptive" | integer

Configuration for outbound request concurrency.

This can be set either to one of the below enum values or to a positive integer, which denotes a fixed concurrency limit.

vector::sinks::util::service::health::HealthConfig object

Options for determining the health of an endpoint.

retry_initial_backoff_secs integer

Initial delay between attempts to reactivate endpoints once they become unhealthy.

Default: 1
min=0.0max=9007199254740990.0
retry_max_duration_secs integer

A span of time, in whole seconds.

min=0.0max=9007199254740990.0
vector::sinks::util::service::net::HostAndPort string

Both IP addresses and hostnames/fully qualified domain names (FQDNs) are accepted formats.

The address must include a port.

vector::sinks::util::unix::UnixSinkConfig object

A Unix Domain Socket sink.

path string required

A file path.

pattern=(\/.*|[a-zA-Z]:\\(?:([^<>:"\/\\|?*]*[^<>:"\/\\|?*.]\\|..\\)*([^<>:"\/\\|?*]*[^<>:"\/\\|?*.]\\?|..\\))?)
vector::sinks::util::uri::UriSerde string
vector::sinks::vector::config::VectorConfig object

Configuration for the vector sink.

address string required

Both IP address and hostname are accepted formats.

The address must include a port.

format=uri
acknowledgements object

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

When enabled for a sink, any source that supports end-to-end acknowledgements that is connected to that sink waits for events to be acknowledged by all connected sinks before acknowledging them at the source.

Enabling or disabling acknowledgements at the sink level takes precedence over any global acknowledgements configuration.

batch object

Event batching behavior.

Default:
{
  "max_bytes": null,
  "max_events": null,
  "timeout_secs": null
}
3 nested properties
max_bytes integer | null

This is based on the uncompressed size of the batched events, before they are serialized or compressed.

Default: null
min=0.0max=9007199254740990.0
max_events integer | null

The maximum size of a batch before it is flushed.

Default: 1000
min=0.0max=9007199254740990.0
timeout_secs number | null

The maximum age of a batch before it is flushed.

Default: 1.0
min=-9007199254740990.0max=9007199254740990.0
compression boolean

If set to true, requests are compressed with gzip.

Default: false
request object

Various settings can be configured, such as concurrency and rate limits, timeouts, and retry behavior.

Note that the retry backoff policy follows the Fibonacci sequence.

9 nested properties
adaptive_concurrency object

These parameters typically do not require changes from the default, and incorrect values can lead to meta-stable or unstable performance and sink behavior. Proceed with caution.

5 nested properties
decrease_ratio number

Valid values are greater than 0 and less than 1. Smaller values cause the algorithm to scale back rapidly when latency increases.

Note: The new limit is rounded down after applying this ratio.

Default: 0.9
min=0.0max=1.0
ewma_alpha number

Valid values are greater than 0 and less than 1.

ARC uses an exponentially weighted moving average (EWMA) of past RTT measurements as a reference to compare with the current RTT. Smaller values cause this reference to adjust more slowly, which may be useful if a service has unusually high response variability.

Default: 0.4
min=0.0max=1.0
initial_concurrency integer

Datadog recommends setting this value to your service's average limit if you're seeing that it takes a long time to ramp up adaptive concurrency after a restart. You can find this value by looking at the adaptive_concurrency_limit metric.

Default: 1
min=1.0max=9007199254740990.0
max_concurrency_limit integer

The adaptive request concurrency limit does not go above this bound. This is put in place as a safeguard.

Default: 200
min=1.0max=9007199254740990.0
rtt_deviation_scale number

Valid values are greater than or equal to 0, and reasonable values range from 1.0 to 3.0.

When calculating the past RTT average, a secondary “deviation” value is also computed that indicates how variable those values are. That deviation is used when comparing the past RTT average to the current measurements, so we can ignore increases in RTT that are within an expected range. This factor is used to scale up the deviation to an appropriate range. Larger values cause the algorithm to ignore larger increases in the RTT.

Default: 2.5
min=0.0max=9007199254740990.0
concurrency const: "none" | const: "adaptive" | integer

Configuration for outbound request concurrency.

This can be set either to one of the below enum values or to a positive integer, which denotes a fixed concurrency limit.

rate_limit_duration_secs integer

The time window used for the rate_limit_num option.

Default: 1
min=0.0max=9007199254740990.0
rate_limit_num integer

The maximum number of requests allowed within the rate_limit_duration_secs time window.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_attempts integer

The maximum number of retries to make for failed requests.

Default: 9223372036854775807
min=0.0max=9007199254740990.0
retry_initial_backoff_secs integer

After the first retry has failed, the Fibonacci sequence is used to select future backoffs.

Default: 1
min=1.0max=9007199254740990.0
retry_jitter_mode const: "None" | const: "Full"

The jitter mode to use for retry backoff behavior.

retry_max_duration_secs integer

The maximum amount of time to wait between retries.

Default: 30
min=1.0max=9007199254740990.0
timeout_secs integer

Datadog highly recommends that you do not lower this value below the service's internal timeout, as this could create orphaned requests, pile on retries, and result in duplicate data downstream.

Default: 60
min=0.0max=9007199254740990.0
tls core::option::Option%3Cvector_core::tls::settings::TlsEnableableConfig%3E
Default: null
version null | const: "2"

Version of the configuration.

vector::sinks::webhdfs::config::WebHdfsConfig

Configuration for the webhdfs sink.

vector::sinks::websocket::config::WebSocketSinkConfig

Configuration for the websocket sink.

vector::sinks::websocket_server::config::WebSocketListenerSinkConfig object

Configuration for the websocket_server sink.

address string required

An internet socket address, either IPv4 or IPv6.

encoding required

Encoding configuration. Configures how events are encoded into raw bytes. The selected encoding also determines which input types (logs, metrics, traces) are supported.

All of: codecs::encoding::serializer::SerializerConfig object | object | object | object | object | object, object object
acknowledgements object

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

When enabled for a sink, any source that supports end-to-end acknowledgements that is connected to that sink waits for events to be acknowledged by all connected sinks before acknowledging them at the source.

Enabling or disabling acknowledgements at the sink level takes precedence over any global acknowledgements configuration.

auth core::option::Option%3Cvector::common::http::server_auth::HttpServerAuthConfig%3E
internal_metrics object

Configuration of internal metrics

Default:
{}
1 nested properties
extra_tags Record<string, object | object | object | object | object>

Extra tags to add to all metrics generated by this component

Default:
{}
message_buffering null | object

Configuration for message buffering which enables message replay for clients that connect later.

subprotocol object | object

Configuration of websocket subprotocol handling.

Default:
{
  "type": "specific",
  "supported_subprotocols": []
}
tls core::option::Option%3Cvector_core::tls::settings::TlsEnableableConfig%3E
vector::sources::Sources

Configurable sources in Vector.

vector::sources::amqp::AmqpSourceConfig

Supports AMQP version 0.9.1

vector::sources::apache_metrics::ApacheMetricsConfig object

Configuration for the apache_metrics source.

endpoints string[] required

The list of mod_status endpoints to scrape metrics from.

namespace string

Disabled if empty.

Default: "apache"
scrape_interval_secs integer

A span of time, in whole seconds.

min=0.0max=9007199254740990.0
vector::sources::aws_ecs_metrics::AwsEcsMetricsSourceConfig object

Configuration for the aws_ecs_metrics source.

endpoint string

If empty, the URI is automatically discovered based on the latest version detected.

By default:

  • The version 4 endpoint base URI is stored in the environment variable ECS_CONTAINER_METADATA_URI_V4.
  • The version 3 endpoint base URI is stored in the environment variable ECS_CONTAINER_METADATA_URI.
  • The version 2 endpoint base URI is 169.254.170.2/v2/.
Default: "http://169.254.170.2/v2"
namespace string

Disabled if empty.

Default: "awsecs"
scrape_interval_secs integer

A span of time, in whole seconds.

min=0.0max=9007199254740990.0
version const: "v2" | const: "v3" | const: "v4"

If empty, the version is automatically discovered based on environment variables.

By default:

  • Version 4 is used if the environment variable ECS_CONTAINER_METADATA_URI_V4 is defined.
  • Version 3 is used if the environment variable ECS_CONTAINER_METADATA_URI_V4 is not defined, but the environment variable ECS_CONTAINER_METADATA_URI is defined.
  • Version 2 is used if neither of the environment variables ECS_CONTAINER_METADATA_URI_V4 or ECS_CONTAINER_METADATA_URI are defined.
Default: "v2"
vector::sources::aws_kinesis_firehose::AwsKinesisFirehoseConfig object

Configuration for the aws_kinesis_firehose source.

address string required

An internet socket address, either IPv4 or IPv6.

store_access_key boolean required

If set to true, when incoming requests contains an access key sent by AWS Firehose, it is kept in the event secrets as "aws_kinesis_firehose_access_key".

access_key core::option::Option%3Cvector_common::sensitive_string::SensitiveString%3E

AWS Kinesis Firehose can be configured to pass along a user-configurable access key with each request. If configured, access_key should be set to the same value. Otherwise, all requests are allowed.

access_keys array | null

AWS Kinesis Firehose can be configured to pass along a user-configurable access key with each request. If configured, access_keys should be set to the same value. Otherwise, all requests are allowed.

acknowledgements object

This setting is deprecated in favor of enabling acknowledgements at the global or sink level.

Enabling or disabling acknowledgements at the source level has no effect on acknowledgement behavior.

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

Whether or not end-to-end acknowledgements are enabled for this source.

decoding object | object | object

Configures how events are decoded from raw bytes. Note some decoders can also determine the event output type (log, metric, trace).

framing object

Framing handles how events are separated when encoded in a raw byte form, where each event is a frame that must be prefixed, or delimited, in a way that marks where an event begins and ends within the byte stream.

keepalive object

Configuration of HTTP server keepalive parameters.

2 nested properties
max_connection_age_jitter_factor number

A value of 0.1 means that the actual duration will be between 90% and 110% of the specified maximum duration.

Default: 0.1
min=0.0max=1.0
max_connection_age_secs integer | null

Only applies to HTTP/0.9, HTTP/1.0, and HTTP/1.1 requests.

A random jitter configured by max_connection_age_jitter_factor is added to the specified duration to spread out connection storms.

Default: 300
min=0.0max=9007199254740990.0
log_namespace boolean | null

The namespace to use for logs. This overrides the global setting.

Default: null
record_compression const: "auto" | const: "none" | const: "gzip"

Some services, like AWS CloudWatch Logs, compresses the events with gzip, before sending them AWS Kinesis Firehose. This option can be used to automatically decompress them before forwarding them to the next component.

Note that this is different from Content encoding option of the Firehose HTTP endpoint destination. That option controls the content encoding of the entire HTTP request.

Default: "auto"
tls core::option::Option%3Cvector_core::tls::settings::TlsEnableableConfig%3E
vector::sources::aws_s3::AwsS3Config

Configuration for the aws_s3 source.

vector::sources::aws_sqs::config::AwsSqsConfig

Configuration for the aws_sqs source.

vector::sources::datadog_agent::DatadogAgentConfig object

Configuration for the datadog_agent source.

address string required

An internet socket address, either IPv4 or IPv6.

acknowledgements object

This setting is deprecated in favor of enabling acknowledgements at the global or sink level.

Enabling or disabling acknowledgements at the source level has no effect on acknowledgement behavior.

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

Whether or not end-to-end acknowledgements are enabled for this source.

decoding object | object | object

Configures how events are decoded from raw bytes. Note some decoders can also determine the event output type (log, metric, trace).

disable_logs boolean

If this is set to true, logs are not accepted by the component.

Default: false
disable_metrics boolean

If this is set to true, metrics (beta) are not accepted by the component.

Default: false
disable_traces boolean

If this is set to true, traces (alpha) are not accepted by the component.

Default: false
framing object

Framing handles how events are separated when encoded in a raw byte form, where each event is a frame that must be prefixed, or delimited, in a way that marks where an event begins and ends within the byte stream.

keepalive object

Configuration of HTTP server keepalive parameters.

2 nested properties
max_connection_age_jitter_factor number

A value of 0.1 means that the actual duration will be between 90% and 110% of the specified maximum duration.

Default: 0.1
min=0.0max=1.0
max_connection_age_secs integer | null

Only applies to HTTP/0.9, HTTP/1.0, and HTTP/1.1 requests.

A random jitter configured by max_connection_age_jitter_factor is added to the specified duration to spread out connection storms.

Default: 300
min=0.0max=9007199254740990.0
log_namespace boolean | null

The namespace to use for logs. This overrides the global setting.

Default: null
multiple_outputs boolean

For a source component named agent, the received logs, metrics (beta), and traces (alpha) can then be configured as input to other components by specifying agent.logs, agent.metrics, and agent.traces, respectively.

Default: false
parse_ddtags boolean

If this is set to true, when log events contain the field ddtags, the string value that contains a list of key:value pairs set by the Agent is parsed and expanded into an array.

Default: false
send_timeout_secs number | null

If not set, responses to completed requests will block indefinitely until connected transforms or sinks are ready to receive the events. When this happens, the sending Datadog Agent will eventually time out the request and drop the connection, resulting Vector generating an "Events dropped." error and incrementing the component_discarded_events_total internal metric. By setting this option to a value less than the Agent's timeout, Vector will instead respond to the Agent with a HTTP 503 Service Unavailable error, emit a warning, and increment the component_timed_out_events_total internal metric instead.

min=-9007199254740990.0max=9007199254740990.0
split_metric_namespace boolean

If this is set to true, metric names are split at the first '.' into a namespace and name. For example, system.cpu.usage would be split into namespace system and name cpu.usage. If false, the full metric name is used without splitting. This may be useful if you are using a default namespace for metrics in sinks connected to this source.

Default: true
store_api_key boolean

If this is set to true, when incoming events contain a Datadog API key, it is stored in the event metadata and used if the event is sent to a Datadog sink.

Default: true
tls core::option::Option%3Cvector_core::tls::settings::TlsEnableableConfig%3E
vector::sources::demo_logs::DemoLogsConfig

Configuration for the demo_logs source.

vector::sources::dnstap::DnstapConfig

Configuration for the dnstap source.

vector::sources::docker_logs::DockerLogsConfig object

Configuration for the docker_logs source.

auto_partial_merge boolean

Enables automatic merging of partial events.

docker_host string | null

Use an HTTPS URL to enable TLS encryption.

If absent, the DOCKER_HOST environment variable is used. If DOCKER_HOST is also absent, the default Docker local socket (/var/run/docker.sock on Unix platforms, //./pipe/docker_engine on Windows) is used.

exclude_containers array | null

Matching is prefix first, so specifying a value of foo would match any container named foo as well as any container whose name started with foo. This applies equally whether matching container IDs or names.

By default, the source collects logs for all containers. If exclude_containers is configured, any container that matches a configured exclusion is excluded even if it is also included with include_containers, so care should be taken when using prefix matches as they cannot be overridden by a corresponding entry in include_containers, for example, excluding foo by attempting to include foo-specific-id.

This can be used in conjunction with include_containers.

host_key core::option::Option%3Cvector_lookup::lookup_v2::optional_path::OptionalValuePath%3E

By default, the global log_schema.host_key option is used.

include_containers array | null

Matching is prefix first, so specifying a value of foo would match any container named foo as well as any container whose name started with foo. This applies equally whether matching container IDs or names.

By default, the source collects logs for all containers. If include_containers is configured, only containers that match a configured inclusion and are also not excluded get matched.

This can be used in conjunction with exclude_containers.

include_images array | null

If not provided, all images are included.

include_labels array | null

Labels should follow the syntax described in the Docker object labels documentation.

log_namespace boolean | null

The namespace to use for logs. This overrides the global setting.

Default: null
multiline core::option::Option%3Cvector::sources::util::multiline_config::MultilineConfig%3E

If not specified, multiline aggregation is disabled.

partial_event_marker_field string | null

If auto_partial_merge is disabled, partial events are emitted with a log field, set by this configuration value, indicating that the event is not complete.

Default: "_partial"
retry_backoff_secs integer

A span of time, in whole seconds.

min=0.0max=9007199254740990.0
tls null | object

Only relevant when connecting to Docker with an HTTPS URL.

If not configured, the environment variable DOCKER_CERT_PATH is used. If DOCKER_CERT_PATH is absent, then DOCKER_CONFIG is used. If both environment variables are absent, the certificates in ~/.docker/ are read.

vector::sources::eventstoredb_metrics::EventStoreDbConfig object

Configuration for the eventstoredb_metrics source.

default_namespace string | null

By default, eventstoredb is used.

endpoint string

Endpoint to scrape stats from.

Default: "https://localhost:2113/stats"
scrape_interval_secs integer

A span of time, in whole seconds.

min=0.0max=9007199254740990.0
vector::sources::exec::ExecConfig object

Configuration for the exec source.

command string[] required

The command to run, plus any arguments required.

mode const: "scheduled" | const: "streaming" required

Mode of operation for running the command.

clear_environment boolean

Whether or not to clear the environment before setting custom environment variables.

Default: false
decoding object | object | object

Configures how events are decoded from raw bytes. Note some decoders can also determine the event output type (log, metric, trace).

environment Record<string, string>

Custom environment variables to set or update when running the command. If a variable name already exists in the environment, its value is replaced.

Default: null
framing core::option::Option%3Ccodecs::decoding::FramingConfig%3E
include_stderr boolean

Whether or not the output from stderr should be included when generating events.

Default: true
log_namespace boolean | null

The namespace to use for logs. This overrides the global setting.

Default: null
maximum_buffer_size_bytes integer

The maximum buffer size allowed before a log event is generated.

Default: 1000000
min=0.0max=9007199254740990.0
scheduled null | object

Configuration options for scheduled commands.

streaming null | object

Configuration options for streaming commands.

working_directory core::option::Option%3Cstd::path::PathBuf%3E

The directory in which to run the command.

vector::sources::file::FileConfig object

Configuration for the file source.

include stdlib::PathBuf[] required

Array of file patterns to include. Globbing is supported.

acknowledgements object

This setting is deprecated in favor of enabling acknowledgements at the global or sink level.

Enabling or disabling acknowledgements at the source level has no effect on acknowledgement behavior.

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

Whether or not end-to-end acknowledgements are enabled for this source.

data_dir core::option::Option%3Cstd::path::PathBuf%3E

By default, the global data_dir option is used. Make sure the running user has write permissions to this directory.

If this directory is specified, then Vector will attempt to create it.

Default: null
encoding null | object

Character set encoding.

Default: null
exclude stdlib::PathBuf[]

Takes precedence over the include option. Note: The exclude patterns are applied after the attempt to glob everything in include. This means that all files are first matched by include and then filtered by the exclude patterns. This can be impactful if include contains directories with contents that are not accessible.

Default:
[]
file_key string

An optional path that deserializes an empty string to None.

fingerprint object | object

This is important for checkpointing when file rotation is used.

Default:
{
  "strategy": "checksum",
  "ignored_header_bytes": 0,
  "lines": 1
}
glob_minimum_cooldown_ms integer

A span of time, in whole milliseconds.

min=0.0max=9007199254740990.0
host_key core::option::Option%3Cvector_lookup::lookup_v2::optional_path::OptionalValuePath%3E

By default, the global log_schema.host_key option is used.

Set to "" to suppress this key.

ignore_checkpoints boolean | null

Checkpoints are still written normally.

Default: null
ignore_not_found boolean

This may be useful when used with source directories containing dangling symlinks.

Default: false
ignore_older_secs integer | null

Ignore files with a data modification date older than the specified number of seconds.

Default: null
min=0.0max=9007199254740990.0
internal_metrics object

Configuration of internal metrics for file-based components.

1 nested properties
include_file_tag boolean

This is useful for distinguishing between different files while monitoring. However, the tag's cardinality is unbounded.

Default: false
line_delimiter string

String sequence used to separate one file line from another.

Default: " "
log_namespace boolean | null

The namespace to use for logs. This overrides the global setting.

Default: null
max_line_bytes integer

This protects against malformed lines or tailing incorrect files.

Default: 102400
min=0.0max=9007199254740990.0
max_read_bytes integer

This allows distributing the reads more or less evenly across the files.

Default: 2048
min=0.0max=9007199254740990.0
message_start_indicator string | null

String value used to identify the start of a multi-line message.

Default: null
multi_line_timeout integer

How long to wait for more data when aggregating a multi-line message, in milliseconds.

Default: 1000
min=0.0max=9007199254740990.0
multiline core::option::Option%3Cvector::sources::util::multiline_config::MultilineConfig%3E

If not specified, multiline aggregation is disabled.

Default: null
offset_key core::option::Option%3Cvector_lookup::lookup_v2::optional_path::OptionalValuePath%3E

The value is the byte offset of the start of the line within the file.

Off by default, the offset is only added to the event if this is set.

Default: null
oldest_first boolean

Instead of balancing read capacity fairly across all watched files, prioritize draining the oldest files before moving on to read data from more recent files.

Default: false
read_from const: "beginning" | const: "end"

File position to use when reading a new file.

remove_after_secs integer | null

If not specified, files are not removed.

Default: null
min=0.0max=9007199254740990.0
rotate_wait_secs integer

A span of time, in whole seconds.

min=0.0max=9007199254740990.0
start_at_beginning boolean | null

Whether or not to start reading from the beginning of a new file.

Default: null
vector::sources::file_descriptors::file_descriptor::FileDescriptorSourceConfig object

Configuration for the file_descriptor source.

fd integer required

The file descriptor number to read from.

min=0.0max=4294967295.0
decoding object | object | object

Configures how events are decoded from raw bytes. Note some decoders can also determine the event output type (log, metric, trace).

framing core::option::Option%3Ccodecs::decoding::FramingConfig%3E
host_key core::option::Option%3Cvector_lookup::lookup_v2::optional_path::OptionalValuePath%3E

By default, the global host_key option is used.

log_namespace boolean | null

The namespace to use for logs. This overrides the global setting.

Default: null
max_length integer

Messages larger than this are truncated.

Default: 102400
min=0.0max=9007199254740990.0
vector::sources::file_descriptors::stdin::StdinConfig object

Configuration for the stdin source.

decoding object | object | object

Configures how events are decoded from raw bytes. Note some decoders can also determine the event output type (log, metric, trace).

framing core::option::Option%3Ccodecs::decoding::FramingConfig%3E
host_key core::option::Option%3Cvector_lookup::lookup_v2::optional_path::OptionalValuePath%3E

By default, the global log_schema.host_key option is used.

log_namespace boolean | null

The namespace to use for logs. This overrides the global setting.

Default: null
max_length integer

Messages larger than this are truncated.

Default: 102400
min=0.0max=9007199254740990.0
vector::sources::fluent::FluentConfig

Configuration for the fluent source.

vector::sources::gcp_pubsub::PubsubConfig

Configuration for the gcp_pubsub source.

vector::sources::heroku_logs::LogplexConfig object

Configuration for heroku_logs source.

address string required

An internet socket address, either IPv4 or IPv6.

acknowledgements object

This setting is deprecated in favor of enabling acknowledgements at the global or sink level.

Enabling or disabling acknowledgements at the source level has no effect on acknowledgement behavior.

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

Whether or not end-to-end acknowledgements are enabled for this source.

auth core::option::Option%3Cvector::common::http::server_auth::HttpServerAuthConfig%3E
decoding object | object | object

Configures how events are decoded from raw bytes. Note some decoders can also determine the event output type (log, metric, trace).

framing object

Framing handles how events are separated when encoded in a raw byte form, where each event is a frame that must be prefixed, or delimited, in a way that marks where an event begins and ends within the byte stream.

keepalive object

Configuration of HTTP server keepalive parameters.

2 nested properties
max_connection_age_jitter_factor number

A value of 0.1 means that the actual duration will be between 90% and 110% of the specified maximum duration.

Default: 0.1
min=0.0max=1.0
max_connection_age_secs integer | null

Only applies to HTTP/0.9, HTTP/1.0, and HTTP/1.1 requests.

A random jitter configured by max_connection_age_jitter_factor is added to the specified duration to spread out connection storms.

Default: 300
min=0.0max=9007199254740990.0
log_namespace boolean | null

The namespace to use for logs. This overrides the global setting.

Default: null
query_parameters string[]

Accepts the wildcard (*) character for query parameters matching a specified pattern.

Specifying "*" results in all query parameters included in the log event.

These override any values included in the body with conflicting names.

Default:
[]
tls core::option::Option%3Cvector_core::tls::settings::TlsEnableableConfig%3E
vector::sources::host_metrics::FilterList object

Filtering configuration.

excludes array | null

The patterns are matched using globbing.

includes array | null

The patterns are matched using globbing.

vector::sources::host_metrics::HostMetricsConfig object

Configuration for the host_metrics source.

cgroups null | object

This collector is only available on Linux systems, and only supports either version 2 or hybrid cgroups.

Default:
{
  "levels": 100,
  "base": null,
  "groups": {
    "includes": null,
    "excludes": null
  }
}
collectors array | null

Defaults to all collectors.

Default:
[
  "cpu",
  "disk",
  "filesystem",
  "load",
  "host",
  "memory",
  "network",
  "process",
  "cgroups",
  "tcp"
]
disk object

Options for the disk metrics collector.

Default:
{
  "devices": {
    "includes": null,
    "excludes": null
  }
}
1 nested properties
devices object

Filtering configuration.

2 nested properties
excludes array | null

The patterns are matched using globbing.

includes array | null

The patterns are matched using globbing.

filesystem object

Options for the filesystem metrics collector.

Default:
{
  "devices": {
    "includes": null,
    "excludes": null
  },
  "filesystems": {
    "includes": null,
    "excludes": null
  },
  "mountpoints": {
    "includes": null,
    "excludes": null
  }
}
3 nested properties
devices object

Filtering configuration.

2 nested properties
excludes array | null

The patterns are matched using globbing.

includes array | null

The patterns are matched using globbing.

filesystems object

Filtering configuration.

2 nested properties
excludes array | null

The patterns are matched using globbing.

includes array | null

The patterns are matched using globbing.

mountpoints object

Filtering configuration.

2 nested properties
excludes array | null

The patterns are matched using globbing.

includes array | null

The patterns are matched using globbing.

namespace string | null

Overrides the default namespace for the metrics emitted by the source.

Default: "host"
network object

Options for the network metrics collector.

Default:
{
  "devices": {
    "includes": null,
    "excludes": null
  }
}
1 nested properties
devices object

Filtering configuration.

2 nested properties
excludes array | null

The patterns are matched using globbing.

includes array | null

The patterns are matched using globbing.

process object

Options for the process metrics collector.

Default:
{
  "processes": {
    "includes": null,
    "excludes": null
  }
}
1 nested properties
processes object

Filtering configuration.

2 nested properties
excludes array | null

The patterns are matched using globbing.

includes array | null

The patterns are matched using globbing.

scrape_interval_secs integer

A span of time, in whole seconds.

min=0.0max=9007199254740990.0
vector::sources::host_metrics::PatternWrapper string
  • ? matches any single character.
  • * matches any (possibly empty) sequence of characters.
  • ** matches the current directory and arbitrary subdirectories. This sequence must form a single path component, so both **a and b** are invalid and will result in an error. A sequence of more than two consecutive * characters is also invalid.
  • [...] matches any character inside the brackets. Character sequences can also specify ranges of characters, as ordered by Unicode, so e.g. [0-9] specifies any character between 0 and 9 inclusive. An unclosed bracket is invalid.
  • [!...] is the negation of [...], i.e. it matches any characters not in the brackets.

The metacharacters ?, *, [, ] can be matched by using brackets (e.g. [?]). When a ] occurs immediately following [ or [! then it is interpreted as being part of, rather then ending, the character set, so ] and NOT ] can be matched by []] and [!]] respectively. The - character can be specified inside a character sequence pattern by placing it at the start or the end, e.g. [abc-].

vector::sources::http_client::client::HttpClientConfig object

Configuration for the http_client source.

endpoint string required

The full path must be specified.

auth core::option::Option%3Cvector::http::Auth%3E

HTTP Authentication.

body null | vector::http::ParameterValue

Can be a static string or a VRL expression.

When a body is provided, the Content-Type header is automatically set to application/json unless explicitly overridden in the headers configuration.

Default: null
decoding object | object | object

Configures how events are decoded from raw bytes. Note some decoders can also determine the event output type (log, metric, trace).

framing object

Framing handles how events are separated when encoded in a raw byte form, where each event is a frame that must be prefixed, or delimited, in a way that marks where an event begins and ends within the byte stream.

headers Record<string, string[]>

One or more values for the same header can be provided.

Default:
{}
log_namespace boolean | null

The namespace to use for logs. This overrides the global setting.

Default: null
method const: "HEAD" | const: "GET" | const: "POST" | const: "PUT" | const: "PATCH" | const: "DELETE" | const: "OPTIONS"

HTTP method.

query Record<string, vector::http::ParameterValue | vector::http::ParameterValue[]>

One or more values for the same parameter key can be provided.

The parameters provided in this option are appended to any parameters manually provided in the endpoint option.

VRL functions are supported within query parameters. You can use functions like now() to dynamically modify query parameter values.

Default:
{}
scrape_interval_secs integer

A span of time, in whole seconds.

min=0.0max=9007199254740990.0
scrape_timeout_secs number

A span of time, in fractional seconds.

min=-9007199254740990.0max=9007199254740990.0
tls core::option::Option%3Cvector_core::tls::settings::TlsConfig%3E

TLS configuration.

vector::sources::http_server::HttpConfig object

Configuration for the http_server source.

address string required

An internet socket address, either IPv4 or IPv6.

acknowledgements object

This setting is deprecated in favor of enabling acknowledgements at the global or sink level.

Enabling or disabling acknowledgements at the source level has no effect on acknowledgement behavior.

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

Whether or not end-to-end acknowledgements are enabled for this source.

auth core::option::Option%3Cvector::common::http::server_auth::HttpServerAuthConfig%3E
decoding core::option::Option%3Ccodecs::decoding::DeserializerConfig%3E
encoding core::option::Option%3Cvector::sources::util::body_decoding::Encoding%3E

For json and ndjson encodings, the fields of the JSON objects are output as separate fields.

Default: null
framing core::option::Option%3Ccodecs::decoding::FramingConfig%3E
headers string[]

Accepts the wildcard (*) character for headers matching a specified pattern.

Specifying "*" results in all headers included in the log event.

These headers are not included in the JSON payload if a field with a conflicting name exists.

Default:
[]
host_key string

An optional path that deserializes an empty string to None.

keepalive object

Configuration of HTTP server keepalive parameters.

2 nested properties
max_connection_age_jitter_factor number

A value of 0.1 means that the actual duration will be between 90% and 110% of the specified maximum duration.

Default: 0.1
min=0.0max=1.0
max_connection_age_secs integer | null

Only applies to HTTP/0.9, HTTP/1.0, and HTTP/1.1 requests.

A random jitter configured by max_connection_age_jitter_factor is added to the specified duration to spread out connection storms.

Default: 300
min=0.0max=9007199254740990.0
log_namespace boolean | null

The namespace to use for logs. This overrides the global setting.

Default: null
method const: "HEAD" | const: "GET" | const: "POST" | const: "PUT" | const: "PATCH" | const: "DELETE" | const: "OPTIONS"

HTTP method.

path string

The URL path on which log event POST requests are sent.

Default: "/"
path_key string

An optional path that deserializes an empty string to None.

query_parameters string[]

Accepts the wildcard (*) character for query parameters matching a specified pattern.

Specifying "*" results in all query parameters included in the log event.

These override any values included in the body with conflicting names.

Default:
[]
response_code integer

HTTP response status code

Default: 200
min=0.0max=65535.0
strict_path boolean

If set to true, only requests using the exact URL path specified in path are accepted. Otherwise, requests sent to a URL path that starts with the value of path are accepted.

With strict_path set to false and path set to "", the configured HTTP source accepts requests from any URL path.

Default: true
tls core::option::Option%3Cvector_core::tls::settings::TlsEnableableConfig%3E
vector::sources::http_server::SimpleHttpConfig object

Configuration for the http_server source.

address string required

An internet socket address, either IPv4 or IPv6.

acknowledgements object

This setting is deprecated in favor of enabling acknowledgements at the global or sink level.

Enabling or disabling acknowledgements at the source level has no effect on acknowledgement behavior.

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

Whether or not end-to-end acknowledgements are enabled for this source.

auth core::option::Option%3Cvector::common::http::server_auth::HttpServerAuthConfig%3E
decoding core::option::Option%3Ccodecs::decoding::DeserializerConfig%3E
encoding core::option::Option%3Cvector::sources::util::body_decoding::Encoding%3E

For json and ndjson encodings, the fields of the JSON objects are output as separate fields.

Default: null
framing core::option::Option%3Ccodecs::decoding::FramingConfig%3E
headers string[]

Accepts the wildcard (*) character for headers matching a specified pattern.

Specifying "*" results in all headers included in the log event.

These headers are not included in the JSON payload if a field with a conflicting name exists.

Default:
[]
host_key string

An optional path that deserializes an empty string to None.

keepalive object

Configuration of HTTP server keepalive parameters.

2 nested properties
max_connection_age_jitter_factor number

A value of 0.1 means that the actual duration will be between 90% and 110% of the specified maximum duration.

Default: 0.1
min=0.0max=1.0
max_connection_age_secs integer | null

Only applies to HTTP/0.9, HTTP/1.0, and HTTP/1.1 requests.

A random jitter configured by max_connection_age_jitter_factor is added to the specified duration to spread out connection storms.

Default: 300
min=0.0max=9007199254740990.0
log_namespace boolean | null

The namespace to use for logs. This overrides the global setting.

Default: null
method const: "HEAD" | const: "GET" | const: "POST" | const: "PUT" | const: "PATCH" | const: "DELETE" | const: "OPTIONS"

HTTP method.

path string

The URL path on which log event POST requests are sent.

Default: "/"
path_key string

An optional path that deserializes an empty string to None.

query_parameters string[]

Accepts the wildcard (*) character for query parameters matching a specified pattern.

Specifying "*" results in all query parameters included in the log event.

These override any values included in the body with conflicting names.

Default:
[]
response_code integer

HTTP response status code

Default: 200
min=0.0max=65535.0
strict_path boolean

If set to true, only requests using the exact URL path specified in path are accepted. Otherwise, requests sent to a URL path that starts with the value of path are accepted.

With strict_path set to false and path set to "", the configured HTTP source accepts requests from any URL path.

Default: true
tls core::option::Option%3Cvector_core::tls::settings::TlsEnableableConfig%3E
vector::sources::internal_logs::InternalLogsConfig object

Configuration for the internal_logs source.

host_key core::option::Option%3Cvector_lookup::lookup_v2::optional_path::OptionalValuePath%3E

By default, the global log_schema.host_key option is used.

Set to "" to suppress this key.

log_namespace boolean | null

The namespace to use for logs. This overrides the global setting.

Default: null
pid_key string

An optional path that deserializes an empty string to None.

vector::sources::internal_metrics::InternalMetricsConfig object

Configuration for the internal_metrics source.

namespace string

Overrides the default namespace for the metrics emitted by the source.

Default: "vector"
scrape_interval_secs number

A span of time, in fractional seconds.

min=-9007199254740990.0max=9007199254740990.0
tags object

Tag configuration for the internal_metrics source.

Default:
{
  "host_key": null,
  "pid_key": null
}
2 nested properties
host_key core::option::Option%3Cvector_lookup::lookup_v2::optional_path::OptionalValuePath%3E

The value is the peer host's address, including the port. For example, 1.2.3.4:9000.

By default, the global log_schema.host_key option is used.

Set to "" to suppress this key.

pid_key string | null

By default, this is not set and the tag is not automatically added.

vector::sources::journald::JournaldConfig object

Configuration for the journald source.

acknowledgements object

This setting is deprecated in favor of enabling acknowledgements at the global or sink level.

Enabling or disabling acknowledgements at the source level has no effect on acknowledgement behavior.

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

Whether or not end-to-end acknowledgements are enabled for this source.

batch_size integer

This option limits the size of the batch.

Default: 16
min=0.0max=9007199254740990.0
current_boot_only boolean

Only include entries that occurred after the current boot of the system.

Default: true
data_dir core::option::Option%3Cstd::path::PathBuf%3E

By default, the global data_dir option is used. Make sure the running user has write permissions to this directory.

If this directory is specified, then Vector will attempt to create it.

Default: null
emit_cursor boolean
Default: false
exclude_matches Record<string, string[]>

If exclude_units is specified, it is merged into this list.

Default:
{}
exclude_units string[]

Unit names lacking a . have .service appended to make them a valid service unit name.

Default:
[]
extra_args string[]

If specified, it is merged to the command line arguments as-is.

Default:
[]
include_matches Record<string, string[]>

If empty or not present, all journal fields are accepted.

If include_units is specified, it is merged into this list.

Default:
{}
include_units string[]

If empty or not present, all units are accepted.

Unit names lacking a . have .service appended to make them a valid service unit name.

Note: This option matches only the _SYSTEMD_UNIT field, which is narrower than journalctl --unit. Messages from systemd about unit lifecycle (start/stop) have _SYSTEMD_UNIT=init.scope and will not match. To capture these, explicitly include init.scope or use include_matches for finer control.

Default:
[]
journal_directory core::option::Option%3Cstd::path::PathBuf%3E

If not set, journalctl uses the default system journal path.

Default: null
journal_namespace string | null

This value is passed to journalctl through the --namespace option. If not set, journalctl uses the default namespace.

Default: null
journalctl_path core::option::Option%3Cstd::path::PathBuf%3E

If not set, a search is done for the journalctl path.

Default: null
log_namespace boolean | null

The namespace to use for logs. This overrides the global setting.

Default: null
remap_priority boolean

Has no effect unless the value of the field is already an integer.

Default: false
since_now boolean

Only include entries that appended to the journal after the entries have been read.

Default: false
vector::sources::kafka::KafkaSourceConfig

Configuration for the kafka source.

vector::sources::kubernetes_logs::Config object

Configuration for the kubernetes_logs source.

auto_partial_merge boolean

Partial events are messages that were split by the Kubernetes Container Runtime log driver.

data_dir core::option::Option%3Cstd::path::PathBuf%3E

By default, the global data_dir option is used. Make sure the running user has write permissions to this directory.

If this directory is specified, then Vector will attempt to create it.

delay_deletion_ms integer

A span of time, in whole milliseconds.

min=0.0max=9007199254740990.0
exclude_paths_glob_patterns stdlib::PathBuf[]

A list of glob patterns to exclude from reading the files.

extra_field_selector string

The built-in Node filter uses self_node_name to only watch Pods located on the same Node.

extra_label_selector string
extra_namespace_label_selector string
fingerprint_lines integer

If your files share a common header that is not always a fixed size,

If the file has less than this amount of lines, it won't be read at all.

min=0.0max=9007199254740990.0
glob_minimum_cooldown_ms integer

A span of time, in whole milliseconds.

min=0.0max=9007199254740990.0
ignore_older_secs integer | null

Ignore files with a data modification date older than the specified number of seconds.

Default: null
min=0.0max=9007199254740990.0
include_paths_glob_patterns stdlib::PathBuf[]

A list of glob patterns to include while reading the files.

ingestion_timestamp_field core::option::Option%3Cvector_lookup::lookup_v2::optional_path::OptionalTargetPath%3E

This is useful to compute the latency between important event processing stages. For example, the time delta between when a log line was written and when it was processed by the kubernetes_logs source.

insert_namespace_fields boolean

Setting to false prevents Vector from pulling in namespaces and thus namespace label fields will not be available. This helps reduce load on the kube-apiserver and lowers daemonset memory usage in clusters with many namespaces.

Default: true
internal_metrics object

Configuration of internal metrics for file-based components.

1 nested properties
include_file_tag boolean

This is useful for distinguishing between different files while monitoring. However, the tag's cardinality is unbounded.

Default: false
kube_config_file core::option::Option%3Cstd::path::PathBuf%3E

If not set, a connection to Kubernetes is made using the in-cluster configuration.

log_namespace boolean | null

The namespace to use for logs. This overrides the global setting.

Default: null
max_line_bytes integer

This protects against malformed lines or tailing incorrect files.

min=0.0max=9007199254740990.0
max_merged_line_bytes integer | null

This protects against malformed lines or tailing incorrect files.

Note that, if auto_partial_merge is false, this config will be ignored. Also, if max_line_bytes is too small to reach the continuation character, then this config will have no practical impact (the same is true of auto_partial_merge). Finally, the smaller of max_merged_line_bytes and max_line_bytes will apply if auto_partial_merge is true, so if this is set to be 1 MiB, for example, but max_line_bytes is set to ~2.5 MiB, then every line greater than 1 MiB will be dropped.

min=0.0max=9007199254740990.0
max_read_bytes integer

This allows distributing the reads more or less evenly across the files.

min=0.0max=9007199254740990.0
namespace_annotation_fields object

Configuration for how the events are enriched with Namespace metadata.

Default:
{
  "namespace_labels": ".kubernetes.namespace_labels"
}
1 nested properties
namespace_labels string

An optional path that deserializes an empty string to None.

node_annotation_fields object

Configuration for how the events are enriched with Node metadata.

Default:
{
  "node_labels": ".kubernetes.node_labels"
}
1 nested properties
node_labels string

An optional path that deserializes an empty string to None.

oldest_first boolean

Instead of balancing read capacity fairly across all watched files, prioritize draining the oldest files before moving on to read data from more recent files.

Default: true
pod_annotation_fields object

Configuration for how the events are enriched with Pod metadata.

Default:
{
  "pod_name": ".kubernetes.pod_name",
  "pod_namespace": ".kubernetes.pod_namespace",
  "pod_uid": ".kubernetes.pod_uid",
  "pod_ip": ".kubernetes.pod_ip",
  "pod_ips": ".kubernetes.pod_ips",
  "pod_labels": ".kubernetes.pod_labels",
  "pod_annotations": ".kubernetes.pod_annotations",
  "pod_node_name": ".kubernetes.pod_node_name",
  "pod_owner": ".kubernetes.pod_owner",
  "container_name": ".kubernetes.container_name",
  "container_id": ".kubernetes.container_id",
  "container_image": ".kubernetes.container_image",
  "container_image_id": ".kubernetes.container_image_id"
}
13 nested properties
container_id string

An optional path that deserializes an empty string to None.

container_image string

An optional path that deserializes an empty string to None.

container_image_id string

An optional path that deserializes an empty string to None.

container_name string

An optional path that deserializes an empty string to None.

pod_annotations string

An optional path that deserializes an empty string to None.

pod_ip string

An optional path that deserializes an empty string to None.

pod_ips string

An optional path that deserializes an empty string to None.

pod_labels string

An optional path that deserializes an empty string to None.

pod_name string

An optional path that deserializes an empty string to None.

pod_namespace string

An optional path that deserializes an empty string to None.

pod_node_name string

An optional path that deserializes an empty string to None.

pod_owner string

An optional path that deserializes an empty string to None.

pod_uid string

An optional path that deserializes an empty string to None.

read_from const: "beginning" | const: "end"

File position to use when reading a new file.

rotate_wait_secs integer

A span of time, in whole seconds.

min=0.0max=9007199254740990.0
self_node_name string

Configured to use an environment variable by default, to be evaluated to a value provided by Kubernetes at Pod creation.

timezone core::option::Option%3Cvrl::compiler::datetime::TimeZone%3E

The default time zone for timestamps without an explicit zone.

use_apiserver_cache boolean

Determines if requests to the kube-apiserver can be served by a cache.

vector::sources::logstash::LogstashConfig object

Configuration for the logstash source.

address string required

If a socket address is used, it must include a port.

acknowledgements object

This setting is deprecated in favor of enabling acknowledgements at the global or sink level.

Enabling or disabling acknowledgements at the source level has no effect on acknowledgement behavior.

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

Whether or not end-to-end acknowledgements are enabled for this source.

connection_limit integer | null

The maximum number of TCP connections that are allowed at any given time.

min=0.0max=4294967295.0
keepalive core::option::Option%3Cvector_core::tcp::TcpKeepaliveConfig%3E
log_namespace boolean | null

The namespace to use for logs. This overrides the global setting.

Default: null
permit_origin core::option::Option%3Cvector_core::ipallowlist::IpAllowlistConfig%3E
receive_buffer_bytes integer | null

The size of the receive buffer used for each connection.

min=0.0max=9007199254740990.0
tls core::option::Option%3Cvector_core::tls::settings::TlsSourceConfig%3E
vector::sources::mongodb_metrics::MongoDbMetricsConfig object

Configuration for the mongodb_metrics source.

endpoints string[] required

Each endpoint must be in the Connection String URI Format.

namespace string

If set to an empty string, no namespace is added to the metrics.

By default, mongodb is used.

Default: "mongodb"
scrape_interval_secs integer

A span of time, in whole seconds.

min=0.0max=9007199254740990.0
vector::sources::mqtt::config::MqttSourceConfig

Configuration for the mqtt source.

vector::sources::nats::config::NatsSourceConfig object

Configuration for the nats source.

connection_name string required
subject string required
url string required

The URL takes the form of nats://server:port. If the port is not specified it defaults to 4222.

auth core::option::Option%3Cvector::nats::NatsAuthConfig%3E
decoding object | object | object

Configures how events are decoded from raw bytes. Note some decoders can also determine the event output type (log, metric, trace).

framing object

Framing handles how events are separated when encoded in a raw byte form, where each event is a frame that must be prefixed, or delimited, in a way that marks where an event begins and ends within the byte stream.

jetstream null | object

Configuration for NATS JetStream.

Default: null
log_namespace boolean | null

The namespace to use for logs. This overrides the global setting.

Default: null
queue string | null

The NATS queue group to join.

subject_key_field string

An optional path that deserializes an empty string to None.

subscriber_capacity integer

This value determines how many messages the NATS subscriber buffers before incoming messages are dropped.

See the async_nats documentation for more information.

Default: 65536
min=0.0max=9007199254740990.0
tls core::option::Option%3Cvector_core::tls::settings::TlsEnableableConfig%3E
vector::sources::nginx_metrics::NginxMetricsConfig object

Configuration for the nginx_metrics source.

endpoints string[] required

Each endpoint must be a valid HTTP/HTTPS URI pointing to an NGINX instance that has the ngx_http_stub_status_module module enabled.

auth core::option::Option%3Cvector::http::Auth%3E
namespace string

If set to an empty string, no namespace is added to the metrics.

By default, nginx is used.

Default: "nginx"
scrape_interval_secs integer

A span of time, in whole seconds.

min=0.0max=9007199254740990.0
tls core::option::Option%3Cvector_core::tls::settings::TlsConfig%3E
vector::sources::okta::client::OktaConfig object

Configuration for the okta source.

domain string required

The Okta subdomain to scrape

token string required

API token for authentication

log_namespace boolean | null

The namespace to use for logs. This overrides the global setting.

Default: null
scrape_interval_secs integer

A span of time, in whole seconds.

min=0.0max=9007199254740990.0
scrape_timeout_secs number

A span of time, in fractional seconds.

min=-9007199254740990.0max=9007199254740990.0
since integer | null

The time to look back for logs. This is used to determine the start time of the first request (that is, the earliest log to fetch)

min=0.0max=9007199254740990.0
tls core::option::Option%3Cvector_core::tls::settings::TlsConfig%3E

TLS configuration.

vector::sources::opentelemetry::config::OpentelemetryConfig object

Configuration for the opentelemetry source.

grpc object required

Configuration for the opentelemetry gRPC server.

2 nested properties
address string required

An internet socket address, either IPv4 or IPv6.

tls core::option::Option%3Cvector_core::tls::settings::TlsEnableableConfig%3E
Default: null
http object required

Configuration for the opentelemetry HTTP server.

4 nested properties
address string required

An internet socket address, either IPv4 or IPv6.

headers string[]

Accepts the wildcard (*) character for headers matching a specified pattern.

Specifying "*" results in all headers included in the log event.

These headers are not included in the JSON payload if a field with a conflicting name exists.

Default:
[]
keepalive object

Configuration of HTTP server keepalive parameters.

2 nested properties
max_connection_age_jitter_factor number

A value of 0.1 means that the actual duration will be between 90% and 110% of the specified maximum duration.

Default: 0.1
min=0.0max=1.0
max_connection_age_secs integer | null

Only applies to HTTP/0.9, HTTP/1.0, and HTTP/1.1 requests.

A random jitter configured by max_connection_age_jitter_factor is added to the specified duration to spread out connection storms.

Default: 300
min=0.0max=9007199254740990.0
tls core::option::Option%3Cvector_core::tls::settings::TlsEnableableConfig%3E
Default: null
acknowledgements object

This setting is deprecated in favor of enabling acknowledgements at the global or sink level.

Enabling or disabling acknowledgements at the source level has no effect on acknowledgement behavior.

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

Whether or not end-to-end acknowledgements are enabled for this source.

log_namespace boolean | null

The namespace to use for logs. This overrides the global setting.

Default: null
use_otlp_decoding boolean

One major caveat here is that the incoming metrics will be parsed as logs but they will preserve the OTLP format. This means that components that work on metrics, will not be compatible with this output. However, these events can be forwarded directly to a downstream OTEL collector.

Default: false
vector::sources::postgresql_metrics::PostgresqlMetricsConfig object

Configuration for the postgresql_metrics source.

endpoints string[] required

Each endpoint must be in the Connection URI format.

exclude_databases array | null

Specifying "" includes metrics where datname is NULL.

This can be used in conjunction with include_databases.

include_databases array | null

If not set, metrics are collected from all databases. Specifying "" includes metrics where datname is NULL.

This can be used in conjunction with exclude_databases.

namespace string

Overrides the default namespace for the metrics emitted by the source.

Default: "postgresql"
scrape_interval_secs integer

A span of time, in whole seconds.

min=0.0max=9007199254740990.0
tls null | object

Configuration of TLS when connecting to PostgreSQL.

vector::sources::prometheus::pushgateway::PrometheusPushgatewayConfig object

Configuration for the prometheus_pushgateway source.

address string required

An internet socket address, either IPv4 or IPv6.

acknowledgements object

This setting is deprecated in favor of enabling acknowledgements at the global or sink level.

Enabling or disabling acknowledgements at the source level has no effect on acknowledgement behavior.

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

Whether or not end-to-end acknowledgements are enabled for this source.

aggregate_metrics boolean

Only applies to counters and histograms as gauges and summaries can't be meaningfully aggregated.

Default: false
auth core::option::Option%3Cvector::common::http::server_auth::HttpServerAuthConfig%3E
keepalive object

Configuration of HTTP server keepalive parameters.

2 nested properties
max_connection_age_jitter_factor number

A value of 0.1 means that the actual duration will be between 90% and 110% of the specified maximum duration.

Default: 0.1
min=0.0max=1.0
max_connection_age_secs integer | null

Only applies to HTTP/0.9, HTTP/1.0, and HTTP/1.1 requests.

A random jitter configured by max_connection_age_jitter_factor is added to the specified duration to spread out connection storms.

Default: 300
min=0.0max=9007199254740990.0
tls core::option::Option%3Cvector_core::tls::settings::TlsEnableableConfig%3E
vector::sources::prometheus::remote_write::PrometheusRemoteWriteConfig object

Configuration for the prometheus_remote_write source.

address string required

An internet socket address, either IPv4 or IPv6.

acknowledgements object

This setting is deprecated in favor of enabling acknowledgements at the global or sink level.

Enabling or disabling acknowledgements at the source level has no effect on acknowledgement behavior.

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

Whether or not end-to-end acknowledgements are enabled for this source.

auth core::option::Option%3Cvector::common::http::server_auth::HttpServerAuthConfig%3E
keepalive object

Configuration of HTTP server keepalive parameters.

2 nested properties
max_connection_age_jitter_factor number

A value of 0.1 means that the actual duration will be between 90% and 110% of the specified maximum duration.

Default: 0.1
min=0.0max=1.0
max_connection_age_secs integer | null

Only applies to HTTP/0.9, HTTP/1.0, and HTTP/1.1 requests.

A random jitter configured by max_connection_age_jitter_factor is added to the specified duration to spread out connection storms.

Default: 300
min=0.0max=9007199254740990.0
metadata_conflict_strategy const: "ignore" | const: "reject"

Defines the behavior for handling conflicting metric metadata.

Default: "reject"
path string

The URL path on which metric POST requests are accepted.

Default: "/"
skip_nan_values boolean

When enabled, any metric sample with a NaN value will be filtered out during parsing, preventing downstream processing of invalid metrics.

Default: false
tls core::option::Option%3Cvector_core::tls::settings::TlsEnableableConfig%3E
vector::sources::prometheus::scrape::PrometheusScrapeConfig object

Configuration for the prometheus_scrape source.

endpoints string[] required

Endpoints to scrape metrics from.

auth core::option::Option%3Cvector::http::Auth%3E
endpoint_tag string | null

The tag value is the endpoint of the scraped instance.

honor_labels boolean

If true, the new tag is not added if the scraped metric has the tag already. If false, the conflicting tag is renamed by prepending exported_ to the original name.

This matches Prometheus’ honor_labels configuration.

Default: false
instance_tag string | null

The tag value is the host and port of the scraped instance.

query Record<string, vector::http::ParameterValue | vector::http::ParameterValue[]>

One or more values for the same parameter key can be provided. The parameters provided in this option are appended to any parameters manually provided in the endpoints option. This option is especially useful when scraping the /federate endpoint.

Default:
{}
scrape_interval_secs integer

A span of time, in whole seconds.

min=0.0max=9007199254740990.0
scrape_timeout_secs number

A span of time, in fractional seconds.

min=-9007199254740990.0max=9007199254740990.0
tls core::option::Option%3Cvector_core::tls::settings::TlsConfig%3E
vector::sources::pulsar::PulsarSourceConfig object

Configuration for the pulsar source.

endpoint string required

The endpoint to which the Pulsar client should connect to.

topics string[] required

The Pulsar topic names to read events from.

acknowledgements object

This setting is deprecated in favor of enabling acknowledgements at the global or sink level.

Enabling or disabling acknowledgements at the source level has no effect on acknowledgement behavior.

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

Whether or not end-to-end acknowledgements are enabled for this source.

auth null | object | object

Authentication configuration.

batch_size integer | null

Max count of messages in a batch.

min=0.0max=4294967295.0
consumer_name string | null

The Pulsar consumer name.

dead_letter_queue_policy null | object

Dead Letter Queue policy configuration.

decoding object | object | object

Configures how events are decoded from raw bytes. Note some decoders can also determine the event output type (log, metric, trace).

framing object

Framing handles how events are separated when encoded in a raw byte form, where each event is a frame that must be prefixed, or delimited, in a way that marks where an event begins and ends within the byte stream.

log_namespace boolean | null

The namespace to use for logs. This overrides the global setting.

Default: null
priority_level integer | null

The broker follows descending priorities. For example, 0=max-priority, 1, 2,...

In Shared subscription type, the broker first dispatches messages to the max priority level consumers if they have permits. Otherwise, the broker considers next priority level consumers.

min=-2147483648.0max=2147483647.0
subscription_name string | null

The Pulsar subscription name.

tls null | object

TLS options configuration for the Pulsar client.

Default: null
vector::sources::redis::RedisSourceConfig object

Configuration for the redis source.

key string required

The Redis key to read messages from.

url string required

The URL must take the form of protocol://server:port/db where the protocol can either be redis or rediss for connections secured using TLS.

data_type const: "list" | const: "channel"

The Redis data type (list or channel) to use.

Default: "list"
decoding object | object | object

Configures how events are decoded from raw bytes. Note some decoders can also determine the event output type (log, metric, trace).

framing object

Framing handles how events are separated when encoded in a raw byte form, where each event is a frame that must be prefixed, or delimited, in a way that marks where an event begins and ends within the byte stream.

list null | object

Options for the Redis list data type.

log_namespace boolean | null

The namespace to use for logs. This overrides the global setting.

Default: null
redis_key core::option::Option%3Cvector_lookup::lookup_v2::optional_path::OptionalValuePath%3E

The value is the Redis key that the event was read from.

By default, this is not set and the field is not automatically added.

vector::sources::socket::SocketConfig

Configuration for the socket source.

vector::sources::socket::unix::UnixConfig object

Unix domain socket configuration for the socket source.

path string required

A file path.

pattern=(\/.*|[a-zA-Z]:\\(?:([^<>:"\/\\|?*]*[^<>:"\/\\|?*.]\\|..\\)*([^<>:"\/\\|?*]*[^<>:"\/\\|?*.]\\?|..\\))?)
decoding object | object | object

Configures how events are decoded from raw bytes. Note some decoders can also determine the event output type (log, metric, trace).

framing core::option::Option%3Ccodecs::decoding::FramingConfig%3E
Default: null
host_key string

An optional path that deserializes an empty string to None.

log_namespace boolean | null

The namespace to use for logs. This overrides the global setting.

Default: null
socket_file_mode integer | null

Note: The file mode value can be specified in any numeric format supported by your configuration language, but it is most intuitive to use an octal number.

min=0.0max=4294967295.0
vector::sources::splunk_hec::SplunkConfig object

Configuration for the splunk_hec source.

acknowledgements object

Acknowledgement configuration for the splunk_hec source.

Default:
{
  "enabled": null,
  "max_pending_acks": 10000000,
  "max_number_of_ack_channels": 1000000,
  "max_pending_acks_per_channel": 1000000,
  "ack_idle_cleanup": false,
  "max_idle_time": 300
}
6 nested properties
ack_idle_cleanup boolean

A channel is idling if it is not used for sending data or querying acknowledgement statuses.

enabled boolean | null

Enables end-to-end acknowledgements.

max_idle_time integer

Channels can potentially idle for longer than this setting but clients should not rely on such behavior.

Minimum of 1.

min=1.0max=9007199254740990.0
max_number_of_ack_channels integer

Minimum of 1.

min=1.0max=9007199254740990.0
max_pending_acks integer

Equivalent to the max_number_of_acked_requests_pending_query Splunk HEC setting.

Minimum of 1.

min=1.0max=9007199254740990.0
max_pending_acks_per_channel integer

Equivalent to the max_number_of_acked_requests_pending_query_per_ack_channel Splunk HEC setting.

Minimum of 1.

min=1.0max=9007199254740990.0
address string

An internet socket address, either IPv4 or IPv6.

keepalive object

Configuration of HTTP server keepalive parameters.

2 nested properties
max_connection_age_jitter_factor number

A value of 0.1 means that the actual duration will be between 90% and 110% of the specified maximum duration.

Default: 0.1
min=0.0max=1.0
max_connection_age_secs integer | null

Only applies to HTTP/0.9, HTTP/1.0, and HTTP/1.1 requests.

A random jitter configured by max_connection_age_jitter_factor is added to the specified duration to spread out connection storms.

Default: 300
min=0.0max=9007199254740990.0
log_namespace boolean | null

The namespace to use for logs. This overrides the global settings.

Default: null
store_hec_token boolean

If set to true, when incoming requests contain a Splunk HEC token, the token used is kept in the event metadata and preferentially used if the event is sent to a Splunk HEC sink.

tls core::option::Option%3Cvector_core::tls::settings::TlsEnableableConfig%3E
token core::option::Option%3Cvector_common::sensitive_string::SensitiveString%3E

If supplied, incoming requests must supply this token in the Authorization header, just as a client would if it was communicating with the Splunk HEC endpoint directly.

If not supplied, the Authorization header is ignored and requests are not authenticated.

valid_tokens array | null

If supplied, incoming requests must supply one of these tokens in the Authorization header, just as a client would if it was communicating with the Splunk HEC endpoint directly.

If not supplied, the Authorization header is ignored and requests are not authenticated.

vector::sources::static_metrics::StaticMetricsConfig object

Configuration for the static_metrics source.

interval_secs number

A span of time, in fractional seconds.

min=-9007199254740990.0max=9007199254740990.0
metrics object[]

Tag configuration for the internal_metrics source.

Default:
[]
namespace string

Overrides the default namespace for the metrics emitted by the source.

Default: "static"
vector::sources::statsd::ConversionUnit const: "seconds" | const: "milliseconds"

Specifies the target unit for converting incoming StatsD timing values. When set to "seconds" (the default), timing values in milliseconds (ms) are converted to seconds (s). When set to "milliseconds", the original timing values are preserved.

vector::sources::statsd::StatsdConfig

Configuration for the statsd source.

vector::sources::syslog::SyslogConfig

Configuration for the syslog source.

vector::sources::util::body_decoding::Encoding const: "text" | const: "ndjson" | const: "json" | const: "binary"

Content encoding.

vector::sources::util::http::method::HttpMethod const: "HEAD" | const: "GET" | const: "POST" | const: "PUT" | const: "PATCH" | const: "DELETE" | const: "OPTIONS"

HTTP method.

vector::sources::util::multiline_config::MultilineConfig object

Configuration of multi-line aggregation.

condition_pattern string required

This setting must be configured in conjunction with mode.

mode const: "continue_through" | const: "continue_past" | const: "halt_before" | const: "halt_with" required

Mode of operation of the line aggregator.

start_pattern string required

Regular expression pattern that is used to match the start of a new message.

timeout_ms integer required

A span of time, in whole milliseconds.

min=0.0max=9007199254740990.0
vector::sources::util::net::SocketListenAddr string

If a socket address is used, it must include a port.

vector::sources::vector::VectorConfig object

Configuration for the vector source.

address string required

An internet socket address, either IPv4 or IPv6.

acknowledgements object

This setting is deprecated in favor of enabling acknowledgements at the global or sink level.

Enabling or disabling acknowledgements at the source level has no effect on acknowledgement behavior.

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

1 nested properties
enabled boolean | null

Whether or not end-to-end acknowledgements are enabled for this source.

log_namespace boolean | null

The namespace to use for logs. This overrides the global setting.

Default: null
tls core::option::Option%3Cvector_core::tls::settings::TlsEnableableConfig%3E
Default: null
version null | const: "2"

Version of the configuration.

vector::sources::websocket::config::WebSocketConfig

Configuration for the websocket source.

vector::template::Template string

In many cases, components can be configured so that part of the component's functionality can be customized on a per-event basis. For example, you have a sink that writes events to a file and you want to specify which file an event should go to by using an event field as part of the input to the filename used.

By using Template, users can specify either fixed strings or templated strings. Templated strings use a common syntax to refer to fields in an event that is used as the input data when rendering the template. An example of a fixed string is my-file.log. An example of a template string is my-file-{{key}}.log, where {{key}} is the key's value when the template is rendered into a string.

vector::template::UnsignedIntTemplate integer | string

The source of a uint template. May be a constant numeric value or a template string.

vector::template::UnsignedIntTemplateSource integer | string

The source of a uint template. May be a constant numeric value or a template string.

vector::transforms::Transforms

Configurable transforms in Vector.

vector::transforms::aggregate::AggregateConfig object

Configuration for the aggregate transform.

interval_ms integer

During this time frame, metrics (beta) with the same series data (name, namespace, tags, and so on) are aggregated.

Default: 10000
min=0.0max=9007199254740990.0
mode const: "Auto" | const: "Sum" | const: "Latest" | const: "Count" | const: "Diff" | const: "Max" | const: "Min" | const: "Mean" | const: "Stdev"

Some of the functions may only function on incremental and some only on absolute metrics.

Default: "Auto"
vector::transforms::aws_ec2_metadata::Ec2Metadata object

Configuration for the aws_ec2_metadata transform.

endpoint string

Overrides the default EC2 metadata endpoint.

Default: "http://169.254.169.254"
fields string[]

A list of metadata fields to include in each transformed event.

Default:
[
  "ami-id",
  "availability-zone",
  "instance-id",
  "instance-type",
  "local-hostname",
  "local-ipv4",
  "public-hostname",
  "public-ipv4",
  "region",
  "subnet-id",
  "vpc-id",
  "role-name"
]
namespace core::option::Option%3Cvector_lookup::lookup_v2::optional_path::OptionalTargetPath%3E

Sets a prefix for all event fields added by the transform.

proxy object

Configure to proxy traffic through an HTTP(S) proxy when making external requests.

Similar to common proxy configuration convention, you can set different proxies to use based on the type of traffic being proxied. You can also set specific hosts that should not be proxied.

4 nested properties
enabled boolean

Enables proxying support.

Default: true
http string | null

Must be a valid URI string.

Default: null
format=uri
https string | null

Must be a valid URI string.

Default: null
format=uri
no_proxy string[]

Multiple patterns are allowed:

PatternExample match
Domain namesexample.com matches requests to example.com
Wildcard domains.example.com matches requests to example.com and its subdomains
IP addresses127.0.0.1 matches requests to 127.0.0.1
CIDR blocks192.168.0.0/16 matches requests to any IP addresses in this range
Splat* matches all hosts
Default:
[]
refresh_interval_secs integer

A span of time, in whole seconds.

min=0.0max=9007199254740990.0
refresh_timeout_secs integer

A span of time, in whole seconds.

min=0.0max=9007199254740990.0
required boolean

Requires the transform to be able to successfully query the EC2 metadata before starting to process the data.

Default: true
tags string[]

A list of instance tags to include in each transformed event.

Default:
[]
vector::transforms::dedupe::config::DedupeConfig object

Configuration for the dedupe transform.

cache object

Caching configuration for deduplication.

Default:
{
  "num_events": 5000
}
1 nested properties
num_events integer required

Number of events to cache and use for comparing incoming events to previously seen events.

min=1.0max=9007199254740990.0
fields null | object | object

When no field matching configuration is specified, events are matched using the timestamp, host, and message fields from an event. The specific field names used are those set in the global log schema configuration.

Default: null
time_settings null | object

Configuration for time based cache.

Default: null
vector::transforms::exclusive_route::config::ExclusiveRouteConfig object

Configuration for the route transform.

routes object[] required

An array of named routes. The route names are expected to be unique. Routes are evaluated in order from first to last, and only the first matching route receives each event (first-match-wins).

vector::transforms::filter::FilterConfig object

Configuration for the filter transform.

condition string | vector::conditions::ConditionConfig required

Many methods exist for matching events, such as using a VRL expression, a Datadog Search query string, or hard-coded matchers like "must be a metric" or "fields A, B, and C must match these constraints".

As VRL is the most common way to apply conditions to events, this type provides a shortcut to define VRL expressions directly in the configuration by passing the VRL expression as a string:

condition = '.message == "hooray"'

When other condition types are required, they can be specified with an enum-style notation:

condition.type = 'datadog_search'
condition.source = 'NOT "foo"'
vector::transforms::incremental_to_absolute::IncrementalToAbsoluteConfig object

Configuration for the incremental_to_absolute transform.

cache object

By default, incremental metrics are evicted after 5 minutes of not being updated. The next incremental value will be reset.

Default:
{
  "max_bytes": null,
  "max_events": null,
  "time_to_live": null
}
3 nested properties
max_bytes integer | null

The maximum size in bytes of the events in the metrics normalizer cache, excluding cache overhead.

Default: null
min=0.0max=9007199254740990.0
max_events integer | null

The maximum number of events of the metrics normalizer cache

Default: null
min=0.0max=9007199254740990.0
time_to_live integer | null

The maximum age of a metric not being updated before it is evicted from the metrics normalizer cache.

Default: 300
min=0.0max=9007199254740990.0
vector::transforms::log_to_metric::LogToMetricConfig object

Configuration for the log_to_metric transform.

all_metrics boolean | null

Example:

{
    "counter": {
        "value": 10.0
    },
    "kind": "incremental",
    "name": "test.transform.counter",
    "tags": {
        "env": "test_env",
        "host": "localhost"
    }
}

This is a JSON representation of a counter with the following properties:

  • counter: An object with a single property value representing the counter value, in this case, 10.0).
  • kind: A string indicating the kind of counter, in this case, "incremental".
  • name: A string representing the name of the counter, here set to "test.transform.counter".
  • tags: An object containing additional tags such as "env" and "host".

Objects that can be processed include counter, histogram, gauge, set and summary.

metrics array | null

A list of metrics to generate.

vector::transforms::lua::LuaConfig

Configuration for the lua transform.

vector::transforms::metric_to_log::MetricToLogConfig object

Configuration for the metric_to_log transform.

host_tag string | null

If present, the value of the tag is set on the generated log event in the host field, where the field key uses the global host_key option.

log_namespace boolean | null

The namespace to use for logs. This overrides the global setting.

Default: null
metric_tag_values const: "single" | const: "full"

The user configuration to choose the metric tag strategy.

timezone core::option::Option%3Cvrl::compiler::datetime::TimeZone%3E

This overrides the global timezone option. The time zone name may be any name in the TZ database or local to indicate system local time.

vector::transforms::reduce::config::ReduceConfig object

Configuration for the reduce transform.

end_every_period_ms integer | null

If supplied, every time this interval elapses for a given grouping, the reduced value for that grouping is flushed. Checked every flush_period_ms.

Default: null
min=0.0max=9007199254740990.0
ends_when core::option::Option%3Cvector::conditions::AnyCondition%3E

If this condition resolves to true for an event, the current transaction is immediately flushed with this event.

expire_after_ms integer

A span of time, in whole milliseconds.

min=0.0max=9007199254740990.0
flush_period_ms integer

A span of time, in whole milliseconds.

min=0.0max=9007199254740990.0
group_by string[]

Each group with matching values for the specified keys is reduced independently, allowing you to keep independent event streams separate. Note that each field specified, will be reduced with the default merge strategy based on its type unless a merge strategy is explicitly defined in merge_strategies.

This field is optional and when not specified, all events are reduced in a single group.

For example, if group_by = ["host", "region"], then all incoming events that have the same host and region are grouped together before being reduced.

Default:
[]
max_events integer | null

The maximum number of events to group together.

min=1.0max=9007199254740990.0
merge_strategies Record<string, const: "discard" | const: "retain" | const: "sum" | const: "max" | const: "min" | const: "array" | const: "concat" | const: "concat_newline" | const: "concat_raw" | const: "shortest_array" | const: "longest_array" | const: "flat_unique">

For each field specified, the given strategy is used for combining events rather than the default behavior.

The default behavior is as follows:

  • The first value of a string field is kept and subsequent values are discarded.
  • For timestamp fields the first is kept and a new field [field-name]_end is added with the last received timestamp value.
  • Numeric values are summed.
  • For nested paths, the field value is retrieved and then reduced using the default strategies mentioned above (unless explicitly specified otherwise).
Default:
{}
starts_when core::option::Option%3Cvector::conditions::AnyCondition%3E

If this condition resolves to true for an event, the previous transaction is flushed (without this event) and a new transaction is started.

vector::transforms::remap::RemapConfig object

Configuration for the remap transform.

drop_on_abort boolean

If a VRL program is manually aborted (using abort) when processing an event, this option controls whether the original, unmodified event is sent downstream without any modifications or if it is dropped.

Additionally, dropped events can potentially be diverted to a specially-named output for further logging and analysis by setting reroute_dropped.

Default: true
drop_on_error boolean

Normally, if a VRL program encounters an error when processing an event, the original, unmodified event is sent downstream. In some cases, you may not want to send the event any further, such as if certain transformation or enrichment is strictly required. Setting drop_on_error to true allows you to ensure these events do not get processed any further.

Additionally, dropped events can potentially be diverted to a specially named output for further logging and analysis by setting reroute_dropped.

Default: false
file core::option::Option%3Cstd::path::PathBuf%3E

If a relative path is provided, its root is the current working directory.

Required if source is missing.

files array | null

If a relative path is provided, its root is the current working directory.

Required if source or file are missing.

metric_tag_values const: "single" | const: "full"

The user configuration to choose the metric tag strategy.

reroute_dropped boolean

When using drop_on_error or drop_on_abort, events that are "dropped" are processed no further. In some cases, it may be desirable to keep the events around for further analysis, debugging, or retrying.

In these cases, reroute_dropped can be set to true which forwards the original event to a specially-named output, dropped. The original event is annotated with additional fields describing why the event was dropped.

Default: false
runtime string

The runtime to use for executing VRL code.

Default: "ast"
source string | null

Required if file is missing.

timezone core::option::Option%3Cvrl::compiler::datetime::TimeZone%3E

This overrides the global timezone option. The time zone name may be any name in the TZ database, or local to indicate system local time.

Default: null
vector::transforms::route::RouteConfig object

Configuration for the route transform.

reroute_unmatched boolean

Normally, if an event doesn't match any defined route, it is sent to the <transform_name>._unmatched output for further processing. In some cases, you may want to simply discard unmatched events and not process them any further.

In these cases, reroute_unmatched can be set to false to disable the <transform_name>._unmatched output and instead silently discard any unmatched events.

Default: true
route Record<string, string | vector::conditions::ConditionConfig>

The following identifiers are reserved output names and thus cannot be used as route IDs:

  • _unmatched
  • _default

Each route can then be referenced as an input by other components with the name <transform_name>.<route_id>. If an event doesn’t match any route, and if reroute_unmatched is set to true (the default), it is sent to the <transform_name>._unmatched output. Otherwise, the unmatched event is instead silently discarded.

vector::transforms::sample::config::SampleConfig object

Configuration for the sample transform.

exclude core::option::Option%3Cvector::conditions::AnyCondition%3E

A logical condition used to exclude events from sampling.

group_by core::option::Option%3Cvector::template::Template%3E

If left unspecified, or if the event doesn't have group_by, then the event is not sampled separately.

key_field string | null

Each unique value for the key creates a bucket of related events to be sampled together and the rate is applied to the buckets themselves to sample 1/N buckets. The overall rate of sampling may differ from the configured one if values in the field are not uniformly distributed. If left unspecified, or if the event doesn’t have key_field, then the event is sampled independently.

This can be useful to, for example, ensure that all logs for a given transaction are sampled together, but that overall 1/N transactions are sampled.

rate integer | null

For example, rate = 1500 means 1 out of every 1500 events are forwarded and the rest are dropped. This differs from ratio which allows more precise control over the number of events retained and values greater than 1/2. It is an error to provide a value for both rate and ratio.

min=0.0max=9007199254740990.0
ratio number | null

For example, ratio = .13 means that 13% out of all events on the stream are forwarded and the rest are dropped. This differs from rate allowing the configuration of a higher precision value and also the ability to retain values of greater than 50% of all events. It is an error to provide a value for both rate and ratio.

min=0.0max=1.0
sample_rate_key string

An optional path that deserializes an empty string to None.

vector::transforms::tag_cardinality_limit::config::BloomFilterConfig object

Bloom filter configuration in probabilistic mode.

cache_size_per_key integer

The larger the cache size, the less likely it is to have a false positive, or a case where we allow a new value for tag even after we have reached the configured limits.

Default: 5120
min=0.0max=9007199254740990.0
vector::transforms::tag_cardinality_limit::config::Config

Configuration for the tag_cardinality_limit transform.

vector::transforms::tag_cardinality_limit::config::Inner

Configuration for the tag_cardinality_limit transform for a specific group of metrics.

vector::transforms::tag_cardinality_limit::config::InternalMetricsConfig object

Configuration of internal metrics for the TagCardinalityLimit transform.

include_extended_tags boolean

This helps identify which metrics and tag keys are hitting cardinality limits, but can significantly increase metric cardinality. Defaults to false because these tags have potentially unbounded cardinality.

Default: false
vector::transforms::tag_cardinality_limit::config::LimitExceededAction const: "drop_tag" | const: "drop_event"

Possible actions to take when an event arrives that would exceed the cardinality limit for one or more of its tags.

vector::transforms::tag_cardinality_limit::config::Mode object

Controls the approach taken for tracking tag cardinality.

vector::transforms::throttle::config::ThrottleConfig object

Configuration for the throttle transform.

threshold integer required

Each unique key has its own threshold.

min=0.0max=4294967295.0
window_secs number required

A span of time, in fractional seconds.

min=-9007199254740990.0max=9007199254740990.0
exclude core::option::Option%3Cvector::conditions::AnyCondition%3E

A logical condition used to exclude events from sampling.

internal_metrics object

Configuration of internal metrics for the Throttle transform.

Default:
{
  "emit_events_discarded_per_key": false
}
1 nested properties
emit_events_discarded_per_key boolean

If true, the counter will be incremented for each discarded event, including the key value associated with the discarded event. If false, the counter will not be emitted. Instead, the number of discarded events can be seen through the component_discarded_events_total internal metric.

Note that this defaults to false because the key tag has potentially unbounded cardinality. Only set this to true if you know that the number of unique keys is bounded.

Default: false
key_field core::option::Option%3Cvector::template::Template%3E

If left unspecified, or if the event doesn't have key_field, then the event is not rate limited separately.

vector::transforms::trace_to_log::TraceToLogConfig object

This is a naive implementation that simply converts a TraceEvent to a LogEvent. The conversion preserves all trace attributes (span IDs, trace IDs, etc.) as log fields without modification. This will need to be updated when Vector's trace data model is finalized to properly handle trace-specific semantics and field mappings.

log_namespace boolean | null

The namespace to use for logs. This overrides the global setting.

Default: null
vector::transforms::window::config::WindowConfig object

Configuration for the window transform.

flush_when string | vector::conditions::ConditionConfig required

Many methods exist for matching events, such as using a VRL expression, a Datadog Search query string, or hard-coded matchers like "must be a metric" or "fields A, B, and C must match these constraints".

As VRL is the most common way to apply conditions to events, this type provides a shortcut to define VRL expressions directly in the configuration by passing the VRL expression as a string:

condition = '.message == "hooray"'

When other condition types are required, they can be specified with an enum-style notation:

condition.type = 'datadog_search'
condition.source = 'NOT "foo"'
forward_when core::option::Option%3Cvector::conditions::AnyCondition%3E

If the condition resolves to true for an event, the event is immediately forwarded without buffering and without preserving the original order of events. Use with caution if the sink cannot handle out of order events.

num_events_after integer

The maximum number of events to keep after the event matched by the flush_when condition.

Default: 0
min=0.0max=9007199254740990.0
num_events_before integer

The maximum number of events to keep before the event matched by the flush_when condition.

Default: 100
min=0.0max=9007199254740990.0
vector_buffers::WhenFull const: "block" | const: "drop_newest" | const: "overflow"

Event handling behavior when a buffer is full.

vector_buffers::config::BufferType object

A specific type of buffer stage.

vector_buffers::config::MemoryBufferSize object | object

Enumeration to define exactly what terms the bounds of the buffer is expressed in: length, or byte_size.

vector_common::config::ComponentKey string

Component identifier.

vector_common::id::Inputs<alloc::string::String> string[]

Wildcards (*) are supported.

See configuration for more info.

vector_common::sensitive_string::SensitiveString string

Wrapper for sensitive strings containing credentials

vector_core::config::AcknowledgementsConfig object

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

enabled boolean | null

When enabled for a sink, any source that supports end-to-end acknowledgements that is connected to that sink waits for events to be acknowledged by all connected sinks before acknowledging them at the source.

Enabling or disabling acknowledgements at the sink level takes precedence over any global acknowledgements configuration.

vector_core::config::SourceAcknowledgementsConfig object

This setting is deprecated in favor of enabling acknowledgements at the global or sink level.

Enabling or disabling acknowledgements at the source level has no effect on acknowledgement behavior.

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

enabled boolean | null

Whether or not end-to-end acknowledgements are enabled for this source.

vector_core::config::metrics_expiration::MetricLabelMatcher object | object

Configuration for metric labels matcher.

vector_core::config::proxy::ProxyConfig object

Configure to proxy traffic through an HTTP(S) proxy when making external requests.

Similar to common proxy configuration convention, you can set different proxies to use based on the type of traffic being proxied. You can also set specific hosts that should not be proxied.

enabled boolean

Enables proxying support.

Default: true
http string | null

Must be a valid URI string.

Default: null
format=uri
https string | null

Must be a valid URI string.

Default: null
format=uri
no_proxy string[]

Multiple patterns are allowed:

PatternExample match
Domain namesexample.com matches requests to example.com
Wildcard domains.example.com matches requests to example.com and its subdomains
IP addresses127.0.0.1 matches requests to 127.0.0.1
CIDR blocks192.168.0.0/16 matches requests to any IP addresses in this range
Splat* matches all hosts
Default:
[]
vector_core::event::metric::Metric

A metric.

vector_core::event::metric::MetricKind const: "incremental" | const: "absolute"

Metrics can be either absolute or incremental. Absolute metrics represent a sort of "last write wins" scenario, where the latest absolute value seen is meant to be the actual metric value. In contrast, and perhaps intuitively, incremental metrics are meant to be additive, such that we don't know what total value of the metric is, but we know that we'll be adding or subtracting the given value from it.

Generally speaking, most metrics storage systems deal with incremental updates. A notable exception is Prometheus, which deals with, and expects, absolute values from clients.

vector_core::event::metric::data::MetricData

Metric data.

vector_core::event::metric::data::MetricTime object

Metric time.

interval_ms integer | null

Intervals represent the time window over which this metric applies, and is generally only used for tracking rates (change over time) on counters.

min=1.0max=4294967295.0
timestamp string | null

Metrics may sometimes have no timestamp, or have no meaningful value if the metric is an aggregation or transformed heavily enough from its original form such that the original timestamp would not represent a meaningful value.

vector_core::event::metric::series::MetricName object

Metric name.

name string required

This would typically be a name for the metric itself, unrelated to where the metric originates from. For example, if the metric represented the amount of used system memory, it may be called memory.used.

namespace string | null

Namespace represents a grouping for a metric where the name itself may otherwise be too generic. For example, while the name of a metric may be memory.used for the amount of used system memory, the namespace could differentiate that by being system for the total amount of used memory across the system, or vector for the amount of used system memory specific to Vector, and so on.

vector_core::event::metric::series::MetricSeries

Metrics series.

vector_core::event::metric::tags::MetricTags Record<string, const: "Empty" | object | object>

Tags for a metric series.

vector_core::event::metric::tags::TagValue null | string

A single tag value, either a bare tag or a value.

vector_core::event::metric::tags::TagValueSet const: "Empty" | object | object

Tag values for a metric series. This may be empty, a single value, or a set of values. This is used to provide the storage for TagValueSet.

vector_core::event::metric::value::Bucket object

Histogram buckets represent the count of observations where the value of the observations does not exceed the specified upper_limit.

count integer required

The number of values tracked in this bucket.

min=0.0max=9007199254740990.0
upper_limit number required

The upper limit of values in the bucket.

min=-9007199254740990.0max=9007199254740990.0
vector_core::event::metric::value::MetricSketch object

A generalized metrics sketch.

vector_core::event::metric::value::MetricValue object | object | object | object | object | object | object

Metric value. Container for the actual value of a metric.

vector_core::event::metric::value::Quantile object

Quantiles themselves are "cut points dividing the range of a probability distribution into continuous intervals with equal probabilities". [1].

We use quantiles to measure the value along these probability distributions for representing client-side aggregations of distributions, which represent a collection of observations over a specific time window.

In general, we typically use the term "quantile" to represent the concept of percentiles, which deal with whole integers -- 0, 1, 2, .., 99, 100 -- even though quantiles are floating-point numbers and can represent higher-precision cut points, such as 0.9999, or the 99.99th percentile.

quantile number required

This value must be between 0.0 and 1.0, inclusive.

min=-9007199254740990.0max=9007199254740990.0
value number required

The estimated value of the given quantile within the probability distribution.

min=-9007199254740990.0max=9007199254740990.0
vector_core::event::metric::value::Sample object

A single observation.

rate integer required

The rate at which the value was observed.

min=0.0max=4294967295.0
value number required

The value of the observation.

min=-9007199254740990.0max=9007199254740990.0
vector_core::event::metric::value::StatisticKind const: "histogram" | const: "summary"

Type of statistics to generate for a distribution.

vector_core::ipallowlist::IpAllowlistConfig string[]

List of allowed origin IP networks. IP addresses must be in CIDR notation.

vector_core::metrics::ddsketch::AgentDDSketch object

This implementation is subtly different from the open-source implementations of DDSketch, as Datadog made some slight tweaks to configuration values and in-memory layout to optimize it for insertion performance within the agent.

We've mimicked the agent version of DDSketch here in order to support a future where we can take sketches shipped by the agent, handle them internally, merge them, and so on, without any loss of accuracy, eventually forwarding them to Datadog ourselves.

As such, this implementation is constrained in the same ways: the configuration parameters cannot be changed, the collapsing strategy is fixed, and we support a limited number of methods for inserting into the sketch.

Importantly, we have a special function, again taken from the agent version, to allow us to interpolate histograms, specifically our own aggregated histograms, into a sketch so that we can emit useful default quantiles, rather than having to ship the buckets -- upper bound and count -- to a downstream system that might have no native way to do the same thing, basically providing no value as they have no way to render useful data from them.

avg number required

The average value of all observations within the sketch.

min=-9007199254740990.0max=9007199254740990.0
bins object required

While internally we depend on a vector of bins, the serialized form used in Protocol Buffers splits the bins -- which contain their own key and bin count -- into two separate vectors, one for the keys and one for the bin counts.

This type provides the glue to go from our internal representation to the Protocol Buffers-specific representation.

2 nested properties
k integer[] required

The bin keys.

n integer[] required

The bin counts.

count integer required

The number of observations within the sketch.

min=0.0max=4294967295.0
max number required

The maximum value of all observations within the sketch.

min=-9007199254740990.0max=9007199254740990.0
min number required

The minimum value of all observations within the sketch.

min=-9007199254740990.0max=9007199254740990.0
sum number required

The sum of all observations within the sketch.

min=-9007199254740990.0max=9007199254740990.0
vector_core::metrics::ddsketch::BinMap object

While internally we depend on a vector of bins, the serialized form used in Protocol Buffers splits the bins -- which contain their own key and bin count -- into two separate vectors, one for the keys and one for the bin counts.

This type provides the glue to go from our internal representation to the Protocol Buffers-specific representation.

k integer[] required

The bin keys.

n integer[] required

The bin counts.

vector_core::tcp::TcpKeepaliveConfig object

TCP keepalive settings for socket-based components.

time_secs integer | null

The time to wait before starting to send TCP keepalive probes on an idle connection.

min=0.0max=9007199254740990.0
vector_core::tls::settings::TlsConfig object

TLS configuration.

alpn_protocols array | null

Declare the supported ALPN protocols, which are used during negotiation with a peer. They are prioritized in the order that they are defined.

ca_file core::option::Option%3Cstd::path::PathBuf%3E

The certificate must be in the DER or PEM (X.509) format. Additionally, the certificate can be provided as an inline string in PEM format.

crt_file core::option::Option%3Cstd::path::PathBuf%3E

The certificate must be in DER, PEM (X.509), or PKCS#12 format. Additionally, the certificate can be provided as an inline string in PEM format.

If this is set and is not a PKCS#12 archive, key_file must also be set.

key_file core::option::Option%3Cstd::path::PathBuf%3E

The key must be in DER or PEM (PKCS#8) format. Additionally, the key can be provided as an inline string in PEM format.

key_pass string | null

This has no effect unless key_file is set.

server_name string | null

Only relevant for outgoing connections.

verify_certificate boolean | null

If enabled, certificates must not be expired and must be issued by a trusted issuer. This verification operates in a hierarchical manner, checking that the leaf certificate (the certificate presented by the client/server) is not only valid, but that the issuer of that certificate is also valid, and so on, until the verification process reaches a root certificate.

Do NOT set this to false unless you understand the risks of not verifying the validity of certificates.

verify_hostname boolean | null

If enabled, the hostname used to connect to the remote host must be present in the TLS certificate presented by the remote host, either as the Common Name or as an entry in the Subject Alternative Name extension.

Only relevant for outgoing connections.

Do NOT set this to false unless you understand the risks of not verifying the remote hostname.

vector_core::tls::settings::TlsEnableableConfig

Configures the TLS options for incoming/outgoing connections.

vector_core::tls::settings::TlsSourceConfig

TlsEnableableConfig for sources, adding metadata from the client certificate.

vector_lookup::lookup_v2::ConfigTargetPath string

A wrapper around OwnedTargetPath that allows it to be used in Vector config with prefix default to PathPrefix::Event

vector_lookup::lookup_v2::ConfigValuePath string

A wrapper around OwnedValuePath that allows it to be used in Vector config. This requires a valid path to be used. If you want to allow optional paths, use [optional_path::OptionalValuePath].

vector_lookup::lookup_v2::optional_path::OptionalTargetPath string

An optional path that deserializes an empty string to None.

vector_lookup::lookup_v2::optional_path::OptionalValuePath string

An optional path that deserializes an empty string to None.

vrl::compiler::datetime::TimeZone const: "local" | string

This can refer to any valid timezone as defined in the TZ database, or "local" which refers to the system local timezone. It will default to the globally configured timezone.