Vector
- 4. Vector の使い⽅
1. curl でインストールする
$ curl --proto '=https' --tlsv1.2 -sSf https://sh.vector.dev | sh
$ vector -c vector.toml
2. docker を使う
$ docker run -v `pwd`:/etc/vector -v /tmp/log:/tmp/log timberio/vector:0.10.0-alpine
4
- 5. デモ1
1. /tmp/log/sample.log に書き込まれたものを転送して、コンソールに表⽰する
data_dir = "/tmp/"
[sources.log]
type = "file"
include = ["/tmp/log/sample.log"]
fingerprinting.strategy = "device_and_inode"
[transforms.add_type]
type = "add_fields"
inputs = ["log"]
fields.type = "log"
[sinks.console]
type = "console"
inputs = ["add_type"]
target = "stdout"
encoding.codec = "json" 5
- 10. Vectorの考え⽅④
共通で必要なのは source , sinks コンポーネントと [xxxx.yyy] , type , inculde
data_dir = "/tmp/"
[sources.log]
type = "file"
include = ["/tmp/log/sample.log"]
fingerprinting.strategy = "device_and_inode"
[transforms.add_type]
type = "add_fields"
inputs = ["log"]
fields.type = "log"
[sinks.console]
type = "console"
inputs = ["add_type"]
target = "stdout"
encoding.codec = "json" 10
- 13. その他良さそうなところ1: Lua⾔語でカスタマイズが
できること
[transforms.my_transform_id]
# General
type = "lua" # required
inputs = ["my-source-or-transform-id"] # required
version = "2" # required
# Hooks
hooks.process = """
function (event, emit)
event.log.field = "追加フィールド" -- フィールドをセット
event.log.another_field = nil -- フィールドを削除
event.log.first, event.log.second = nil, event.log.first --フィールドの名前を変更
emit(event)
end
"""
13
- 14. その他良さそうなところ2: 単体テストができる
[transforms.add_fields]
type = "add_fields"
inputs = ["log"]
fields.instance_id = "foo-${INSTANCE_ID:-AABB}"
fields.static = "carry"
[[tests]]
name = "check_simple_log"
[[tests.inputs]]
insert_at = "add_fields"
type = "log"
log_fields.message = "some message contents"
log_fields.host = "Ubuntu"
[[tests.outputs]]
extract_from = "add_fields"
[[tests.outputs.conditions]]
type = "check_fields"
"instance_id.equals" = "foo-AABB"
"static.equals" = "ramen"
"host.equals" = "Ubuntu"
14
