vector

Vector is a lightweight, ultra-fast tool for building observability pipelines

Installation⚑

On debian ⚑

First, add the Vector repo:

bash -c "$(curl -L https://setup.vector.dev)"

Then you can install the vector package:

sudo apt-get install vector

Tweak the configuration and then enable the service.

To be sure that vector is able to push to loki create the /usr/local/bin/wait-for-loki.sh file

#!/bin/bash
while true; do
  response=$(curl -s http://localhost:3100/ready 2>/dev/null)
  if [ "$response" = "ready" ]; then
    break
  fi
  sleep 1
done

Make it executable chmod +x /usr/local/bin/wait-for-loki.sh

Then update your vector.service (/usr/lib/systemd/system/vector.service)

ExecStartPre=/usr/local/bin/wait-for-loki.sh
ExecStartPre=/usr/bin/vector validate

Run systemctl daemon-reload to reload the service configuration.

Configuration ⚑

The config lives at /etc/vector/vector.yaml.

Docker ⚑

First add vector to the docker group: usermod -a -G docker vector

sources:
  docker:
    type: docker_logs

transforms:
  docker_labels:
    type: remap
    inputs:
      - docker
    source: |
      .service_name = get(.label, ["com.docker.compose.project"]) ?? "unknown"
sinks:
  loki_docker:
    type: loki
    inputs:
      - docker_labels
    endpoint: http://localhost:3100/
    encoding:
      codec: json
    labels:
      source: docker
      host: "{{ host }}"
      container: "{{ container_name }}"
      service_name: "{{ service_name }}"

journald ⚑

To avoid the services that run docker to be indexed twice

sources:
  journald:
    type: journald

transforms:
  journald_filter:
    type: filter
    inputs:
      - journald
    condition: |
      # Exclude docker-compose systemd services
      !contains(string!(.SYSLOG_IDENTIFIER), "docker-compose") &&
      !contains(string!(.SYSLOG_IDENTIFIER), "docker")

  journald_labels:
    type: remap
    inputs:
      - journald_filter
    source: |
      .service_name = ._SYSTEMD_UNIT || "unknown"

sinks:
  loki_systemd:
    type: loki
    inputs:
      - journald_labels
    endpoint: http://localhost:3100/
    encoding:
      codec: json
    labels:
      source: journald
      host: "{{ host }}"
      service_name: "{{ service_name }}"

ZFS⚑

Prepare the file to be readable by vector:

chown root:vector /proc/spl/kstat/zfs/dbgmsg
chmod 640 /proc/spl/kstat/zfs/dbgmsg

sources:
  zfs_log:
    type: file
    include:
      - /proc/spl/kstat/zfs/dbgmsg
  zfs_files:
    type: loki
    inputs:
      - zfs_log
    endpoint: http://localhost:3100/
    encoding:
      codec: json
    labels:
      source: file
      service_name: zfs
      host: "{{ host }}"
      filename: "{{ file }}"
sinks:

Troubleshooting⚑

Unable to open checkpoint file. path="/var/lib/vector/journald/checkpoint.txt"⚑

ERROR source{component_kind="source" component_id=journald component_type=journald}: vector::internal_events::journald: Unable to open checkpoint file. path="/var/lib/vector/journald/checkpoint.txt" error=Permission denied (os error 13) error_type="io_failed" stage="receiving"

sudo mkdir -p /var/lib/vector/journald
sudo chown -R vector:vector /var/lib/vector
sudo chmod 755 /var/lib/vector
sudo chmod 755 /var/lib/vector/journald

References⚑

Home