2023-07-14 22:06:27 +02:00
---
2024-06-17 12:13:18 +02:00
weight: 20
2023-07-14 22:06:27 +02:00
title: Vector setup
2023-07-14 22:56:38 +02:00
disableToc: true
2023-07-14 22:06:27 +02:00
menu:
docs:
parent: "victorialogs-data-ingestion"
2024-06-17 12:13:18 +02:00
weight: 20
2023-07-14 22:56:38 +02:00
aliases:
- /VictoriaLogs/data-ingestion/Vector.html
2024-06-14 12:32:12 +02:00
- /victorialogs/data-ingestion/Vector.html
- /victorialogs/data-ingestion/vector.html
2023-07-14 22:06:27 +02:00
---
2024-09-03 17:43:26 +02:00
VictoriaLogs supports given below Vector sinks:
- [Elasticsearch ](#elasticsearch )
- [Loki ](#loki )
- [HTTP JSON ](#http )
2024-04-16 14:07:16 +02:00
2024-09-03 17:43:26 +02:00
## Elasticsearch
Specify [Elasticsearch sink type ](https://vector.dev/docs/reference/configuration/sinks/elasticsearch/ ) in the `vector.yaml`
for sending the collected logs to [VictoriaLogs ](https://docs.victoriametrics.com/victorialogs/ ):
```yaml
sinks:
vlogs:
inputs:
- your_input
type: elasticsearch
endpoints:
- http://localhost:9428/insert/elasticsearch/
mode: bulk
api_version: v8
healthcheck:
enabled: false
query:
_msg_field: message
_time_field: timestamp
_stream_fields: host,container_name
```
## Loki
Specify [Loki sink type ](https://vector.dev/docs/reference/configuration/sinks/loki/ ) in the `vector.yaml`
2024-05-25 00:30:58 +02:00
for sending the collected logs to [VictoriaLogs ](https://docs.victoriametrics.com/victorialogs/ ):
2023-06-21 16:58:43 +02:00
2024-09-03 17:43:26 +02:00
```yaml
sinks:
vlogs:
type: "loki"
endpoint = "http://localhost:9428/insert/loki/"
inputs:
- your_input
compression: gzip
path: /api/v1/push?_msg_field=message.message& _time_field=timestamp& _stream_fields=source
encoding:
codec: json
labels:
source: vector
2023-06-21 16:58:43 +02:00
```
Substitute the `localhost:9428` address inside `endpoints` section with the real TCP address of VictoriaLogs.
Replace `your_input` with the name of the `inputs` section, which collects logs. See [these docs ](https://vector.dev/docs/reference/configuration/sources/ ) for details.
2024-05-25 00:30:58 +02:00
See [these docs ](https://docs.victoriametrics.com/victorialogs/data-ingestion/#http-parameters ) for details on parameters specified
2024-09-03 17:43:26 +02:00
in the `sinks.vlogs.query` section.
2023-06-22 03:31:50 +02:00
2024-05-25 00:30:58 +02:00
It is recommended verifying whether the initial setup generates the needed [log fields ](https://docs.victoriametrics.com/victorialogs/keyconcepts/#data-model )
and uses the correct [stream fields ](https://docs.victoriametrics.com/victorialogs/keyconcepts/#stream-fields ).
This can be done by specifying `debug` [parameter ](https://docs.victoriametrics.com/victorialogs/data-ingestion/#http-parameters )
2024-09-03 17:43:26 +02:00
in the `sinks.vlogs.query` section and inspecting VictoriaLogs logs then:
```yaml
sinks:
vlogs:
inputs:
- your_input
type: elasticsearch
endpoints:
- http://localhost:9428/insert/elasticsearch/
mode: bulk
api_version: v8
healthcheck:
enabled: false
query:
_msg_field: message
_time_field: timestamp
_stream_fields: host,container_name
debug: "1"
2023-06-22 03:31:50 +02:00
```
2023-06-21 16:58:43 +02:00
2024-05-25 00:30:58 +02:00
If some [log fields ](https://docs.victoriametrics.com/victorialogs/keyconcepts/#data-model ) must be skipped
during data ingestion, then they can be put into `ignore_fields` [parameter ](https://docs.victoriametrics.com/victorialogs/data-ingestion/#http-parameters ).
2023-06-21 16:58:43 +02:00
For example, the following config instructs VictoriaLogs to ignore `log.offset` and `event.original` fields in the ingested logs:
2024-09-03 17:43:26 +02:00
```yaml
sinks:
vlogs:
inputs:
- your_input
type: elasticsearch
endpoints:
- http://localhost:9428/insert/elasticsearch/
mode: bulk
api_version: v8
healthcheck:
enabled: false
query:
_msg_field: message
_time_field: timestamp
_stream_fields: host,container_name
_ignore_fields: log.offset,event.original
2023-06-21 16:58:43 +02:00
```
When Vector ingests logs into VictoriaLogs at a high rate, then it may be needed to tune `batch.max_events` option.
For example, the following config is optimized for higher than usual ingestion rate:
2024-09-03 17:43:26 +02:00
```yaml
sinks:
vlogs:
inputs:
- your_input
type: elasticsearch
endpoints:
- http://localhost:9428/insert/elasticsearch/
mode: bulk
api_version: v8
healthcheck:
enabled: false
query:
_msg_field: message
_time_field: timestamp
_stream_fields: host,container_name
batch]
max_events: 1000
2023-06-21 16:58:43 +02:00
```
2023-06-22 03:31:50 +02:00
If the Vector sends logs to VictoriaLogs in another datacenter, then it may be useful enabling data compression via `compression = "gzip"` option.
2023-06-21 16:58:43 +02:00
This usually allows saving network bandwidth and costs by up to 5 times:
2024-09-03 17:43:26 +02:00
```yaml
sinks:
vlogs:
inputs:
- your_input
type: elasticsearch
endpoints:
- http://localhost:9428/insert/elasticsearch/
mode: bulk
api_version: v8
healthcheck:
enabled: false
compression: gzip
query:
_msg_field: message
_time_field: timestamp
_stream_fields: host,container_name
2023-06-21 16:58:43 +02:00
```
2024-05-25 00:30:58 +02:00
By default, the ingested logs are stored in the `(AccountID=0, ProjectID=0)` [tenant ](https://docs.victoriametrics.com/victorialogs/keyconcepts/#multitenancy ).
2024-09-03 17:43:26 +02:00
If you need storing logs in other tenant, then specify the needed tenant via `sinks.vlogs.request.headers` section.
For example, the following `vector.yaml` config instructs Vector to store the data to `(AccountID=12, ProjectID=34)` tenant:
```yaml
sinks:
vlogs:
inputs:
- your_input
type: elasticsearch
endpoints:
- http://localhost:9428/insert/elasticsearch/
mode: bulk
api_version: v8
healthcheck:
enabled: false
query:
_msg_field: message
_time_field: timestamp
_stream_fields: host,container_name
request:
headers:
AccountID: "12"
ProjectID: "34"
2023-06-21 16:58:43 +02:00
```
2024-09-03 17:43:26 +02:00
## HTTP
2024-04-16 14:07:16 +02:00
Vector can be configured with [HTTP ](https://vector.dev/docs/reference/configuration/sinks/http/ ) sink type
for sending data to [JSON stream API ](https://docs.victoriametrics.com/victorialogs/data-ingestion/#json-stream-api ):
2024-09-03 17:43:26 +02:00
```yaml
sinks:
vlogs:
inputs:
- your_input
type: http
uri: http://localhost:9428/insert/jsonline?_stream_fields=host,container_name& _msg_field=message& _time_field=timestamp
encoding:
codec: json
framing:
method: newline_delimited
healthcheck:
enabled: false
request:
headers:
AccountID: "12"
ProjectID: "34"
2024-04-16 14:07:16 +02:00
```
2023-06-22 03:31:50 +02:00
See also:
2023-06-21 16:58:43 +02:00
2024-05-25 00:30:58 +02:00
- [Data ingestion troubleshooting ](https://docs.victoriametrics.com/victorialogs/data-ingestion/#troubleshooting ).
- [How to query VictoriaLogs ](https://docs.victoriametrics.com/victorialogs/querying/ ).
2023-06-22 04:39:22 +02:00
- [Elasticsearch output docs for Vector ](https://vector.dev/docs/reference/configuration/sinks/elasticsearch/ ).
2023-06-22 03:31:50 +02:00
- [Docker-compose demo for Filebeat integration with VictoriaLogs ](https://github.com/VictoriaMetrics/VictoriaMetrics/tree/master/deployment/docker/victorialogs/vector-docker ).