vector maintenance (旧版，已废弃)

旧版，已废弃

simple

syslog remote config

# remote syslog
[sources.remote_udp_syslog]
type = "syslog"
address = "0.0.0.0:514"
mode = "udp"

# Parse Syslog logs
# See the Vector Remap Language reference for more info: https://vrl.dev
[transforms.parse_logs]
type = "remap"
inputs = ["remote_udp_syslog"]
source = '''
. = parse_syslog!(string!(.message))
'''

# Print parsed logs to stdout
[sinks.print]
type = "console"
inputs = ["parse_logs"]
encoding.codec = "json"

# Vector's GraphQL API (disabled by default)
# Uncomment to try it out with the `vector top` command or
# in your browser at http://localhost:8686
#[api]
#enabled = true
#address = "127.0.0.1:8686"
[transforms.better_stack_transform_1]
type = "remap"
inputs = [ "*" ]
source = '''
.dt = del(.timestamp)
'''

[sinks.better_stack_http_sink_1]
type = "http"
method = "post"
inputs = [ "better_stack_transform_1" ]
uri = "https://in.logs.betterstack.com/"
encoding.codec = "json"
auth.strategy = "bearer"
auth.token = ""

systemctl

service vector restart

manual

config (demo)

# Change this to use a non-default directory for Vector data storage:
# data_dir = "/var/lib/vector"

# 接收JSON日志，绑定到9000端口
[sources.app_logs]
type = "socket"
address = "0.0.0.0:9000"
max_length = 102_400
mode = "tcp"
decoding.codec = "json"

# output to ELK
[sinks.to_elk]
type = "elasticsearch"
inputs = [ "app_logs" ]
endpoint = "https://localhost:9200/"
auth.user = "elastic"
auth.password = "elastic"
auth.strategy = "basic"
# CA 证书文件
tls.ca_file = "/usr/local/share/ca-certificates/http_ca.crt"
mode = "bulk"
bulk.action = "index"
# 索引名称
bulk.index = "app-dev-%Y-%m-%d"
batch.max_events = 10
compression = "none"
# 这个非常重要 默认值为false 会发送失败。
suppress_type_name = true

bootstrap

bin/vector -C config/ --require-healthy=true -v

-C ：配置文件目录 --require-healthy=true ： 节点必须是健康的才能启动 -v： debug模式