GCP Operations (formerly Stackdriver) Logs
Configuration Options
Required Options
log_id(required)
The log ID to which to publish logs. This is a name you create to identify this log stream.
| Type | Syntax | Default | Example |
|---|---|---|---|
| string | template | ["vector-logs","{{ component_id }}"] |
project_id(required)
The project ID to which to publish logs. See the Google Cloud Platform project management documentation for more details.
Exactly one of billing_account_id, folder_id, organization_id, or project_id must be set.
| Type | Syntax | Default | Example |
|---|---|---|---|
| string | literal | ["vector-123456"] |
resource(required)
Options for describing the logging resource.
| Type | Syntax | Default | Example |
|---|---|---|---|
| hash | literal | [{"type":"gce_instance","instance_id":"Twilight","zone":"us-central1-a"}] |
inputs(required)
A list of upstream source or transform
IDs. Wildcards (*) are supported.
See configuration for more info.
| Type | Syntax | Default | Example |
|---|---|---|---|
| array | literal | ["my-source-or-transform-id","prefix-*"] |
encoding(required)
Configures the encoding specific sink behavior.
| Type | Syntax | Default | Example |
|---|---|---|---|
| hash | literal | [] |
type(required)
The component type. This is a required field for all components and tells Vector which component to use.
| Type | Syntax | Default | Example |
|---|---|---|---|
| string | literal | ["gcp_stackdriver_logs"] |
Advanced Options
billing_account_id(optional)
The billing account ID to which to publish logs.
Exactly one of must be set: billing_account_id, folder_id, organization_id,
or project_id.
| Type | Syntax | Default | Example |
|---|---|---|---|
| string | literal | ["012345-6789AB-CDEF01"] |
credentials_path(optional)
The filename for a Google Cloud service account credentials JSON file used to authenticate access to the
Stackdriver Logging API. If this is unset, Vector checks the GOOGLE_APPLICATION_CREDENTIALS
environment variable for a filename.
If no filename is named, Vector attempts to fetch an instance service account for the compute instance the program is running on. If Vector is not running on a GCE instance, you must define a credentials file as above.
| Type | Syntax | Default | Example |
|---|---|---|---|
| string | literal | ["/path/to/credentials.json"] |
folder_id(optional)
The folder ID to which to publish logs.
See the Google Cloud Platform folder documentation for more details.
Exactly one of billing_account_id, folder_id, organization_id, or project_id must be set.
| Type | Syntax | Default | Example |
|---|---|---|---|
| string | literal | ["My Folder"] |
organization_id(optional)
The organization ID to which to publish logs. This would be the identifier assigned to your organization on Google Cloud Platform.
Exactly one of billing_account_id, folder_id, organization_id, or project_id must be set.
| Type | Syntax | Default | Example |
|---|---|---|---|
| string | literal | ["622418129737"] |
buffer(optional)
Configures the sink specific buffer behavior.
| Type | Syntax | Default | Example |
|---|---|---|---|
| hash | literal | [] |
batch(optional)
Configures the sink batching behavior.
| Type | Syntax | Default | Example |
|---|---|---|---|
| hash | [] |
healthcheck(optional)
Health check options for the sink.
| Type | Syntax | Default | Example |
|---|---|---|---|
| hash | [] |
request(optional)
Configures the sink request behavior.
| Type | Syntax | Default | Example |
|---|---|---|---|
| hash | [] |
tls(optional)
Configures the TLS options for incoming connections.
| Type | Syntax | Default | Example |
|---|---|---|---|
| hash | literal | [] |
proxy(optional)
Configures an HTTP(S) proxy for Vector to use. By default, the globally configured proxy is used.
| Type | Syntax | Default | Example |
|---|---|---|---|
| hash | literal | [] |
severity_key(optional)
The field of the log event from which to take the outgoing log's severity field. The named field is
removed from the log event if present, and must be either an integer between 0 and 800 or a string
containing one of the severity level names (case is ignored) or a
common prefix such as err.
If no severity key is specified, the severity of outgoing records is set to 0 (DEFAULT).
See the GCP Stackdriver Logging LogSeverity description for more
details on the value of the severity field.
| Type | Syntax | Default | Example |
|---|---|---|---|
| string | literal | ["severity"] |
How it Works
Severity Level Mapping
If a severity_key is configured, outgoing log records have their
severity header field set from the named field in the Vector
event. However, the required values for
this field may be inconvenient to produce, typically requiring a custom
mapping using an additional transform. To assist with this, this sink
remaps certain commonly used words to the required numbers as in the
following table. Note that only the prefix is compared, such that a
value of emergency matches emerg, and the comparison ignores case.
| Prefix | Value |
|---|---|
emerg | 800 |
fatal | 800 |
alert | 700 |
crit | 600 |
err | 500 |
warn | 400 |
notice | 300 |
info | 200 |
debug | 100 |
trace | 100 |
State
This component is stateless, meaning its behavior is consistent across each input.
GCP Authentication
GCP offers a variety of authentication methods and Vector is concerned with the server to server methods and will find credentials in the following order:
- If the
credentials_pathoption is set. - If the
api_keyoption is set. - If the
GOOGLE_APPLICATION_CREDENTIALSenvrionment variable is set. - Finally, Vector will check for an instance service account.
If credentials aren't found, Vector's health checks fail and an error is logged.
Health checks
Health checks ensure that the downstream service is accessible and ready to accept data. This check is performed upon sink initialization. If the health check fails an error will be logged and Vector will proceed to start.
Partitioning
Vector supports dynamic configuration values through a simple template syntax. If an option supports templating, it will be noted with a badge and you can use event fields to create dynamic values. For example:
[sinks.my-sink]
dynamic_option = "application={{ application_id }}"
In the above example, the application_id for each event will be
used to partition outgoing data.
Rate limits & adapative concurrency
Transport Layer Security (TLS)
Buffers and batches
This component buffers & batches data as shown in the diagram above. You'll notice that Vector treats these concepts differently, instead of treating them as global concepts, Vector treats them as sink specific concepts. This isolates sinks, ensuring services disruptions are contained and delivery guarantees are honored.
Batches are flushed when 1 of 2 conditions are met:
- The batch age meets or exceeds the configured
timeout_secs. - The batch size meets or exceeds the configured
max_sizeormax_events.
Buffers are controlled via the buffer.* options.
Retry policy
Vector will retry failed requests (status == 429, >= 500, and != 501).
Other responses will not be retried. You can control the number of
retry attempts and backoff rate with the request.retry_attempts and
request.retry_backoff_secs options.