HTTP

Collect logs emitted by an HTTP server

status: beta role: aggregator role: sidecar delivery: at-least-once egress: batch state: stateless output: log

Configuration

Example configurations

{
  "sources": {
    "my_source_id": {
      "type": "http",
      "acknowledgements": null,
      "address": "0.0.0.0:80",
      "encoding": "text"
    }
  }
}
[sources.my_source_id]
type = "http"
address = "0.0.0.0:80"
encoding = "text"
---
sources:
  my_source_id:
    type: http
    acknowledgements: null
    address: 0.0.0.0:80
    encoding: text
{
  "sources": {
    "my_source_id": {
      "type": "http",
      "acknowledgements": null,
      "address": "0.0.0.0:80",
      "encoding": "text",
      "headers": [
        "User-Agent"
      ],
      "query_parameters": [
        "application"
      ],
      "path": "/",
      "strict_path": true,
      "path_key": "path"
    }
  }
}
[sources.my_source_id]
type = "http"
address = "0.0.0.0:80"
encoding = "text"
headers = [ "User-Agent" ]
query_parameters = [ "application" ]
path = "/"
strict_path = true
path_key = "path"
---
sources:
  my_source_id:
    type: http
    acknowledgements: null
    address: 0.0.0.0:80
    encoding: text
    headers:
      - User-Agent
    auth: null
    query_parameters:
      - application
    path: /
    strict_path: true
    tls: null
    path_key: path

acknowledgements

common optional bool
Controls if the source will wait for destination sinks to deliver the events before acknowledging receipt.
default: false

address

required string literal
The address to accept connections on. The address must include a port.
Examples
"0.0.0.0:80"
"localhost:80"

auth

optional object
Options for HTTP Basic Authentication.

auth.password

required string literal
The basic authentication password.

auth.username

required string literal
The basic authentication user name.

encoding

common optional string literal enum
The expected encoding of received data. Note that for json and ndjson encodings, the fields of the JSON objects are output as separate fields.
Enum options string literal
OptionDescription
binaryBinary or text, whole http request body is considered as one message.
jsonArray of JSON objects, which must be a JSON array containing JSON objects.
ndjsonNewline-delimited JSON objects, where each line must contain a JSON object.
textNewline-delimited text, with each line forming a message.
default: text

headers

optional [string]
A list of HTTP headers to include in the log event. These will override any values included in the JSON payload with conflicting names.
Array string literal
Examples
[
  "User-Agent",
  "X-My-Custom-Header"
]

path

optional string literal
The URL path on which log event POST requests shall be sent.
Examples
"/event/path"
"/logs"
default: /

path_key

optional string literal
The event key in which the requested URL path used to send the request will be stored.
Examples
"vector_http_path"
default: path

query_parameters

optional [string]
A list of URL query parameters to include in the log event. These will override any values included in the body with conflicting names.
Array string literal
Examples
[
  "application",
  "source"
]

strict_path

optional bool
If set to true, only requests using the exact URL path specified in path will be accepted; otherwise requests sent to a URL path that starts with the value of path will be accepted. With strict_path set to false and path set to "", the configured HTTP source will accept requests from any URL path.
default: true

tls

optional object
Configures the TLS options for incoming connections.

tls.ca_file

optional string literal
Absolute path to an additional CA certificate file, in DER or PEM format (X.509), or an in-line CA certificate in PEM format.

tls.crt_file

optional string literal
Absolute path to a certificate file used to identify this server, in DER or PEM format (X.509) or PKCS#12, or an in-line certificate in PEM format. If this is set, and is not a PKCS#12 archive, key_file must also be set. This is required if enabled is set to true.

tls.enabled

optional bool
Require TLS for incoming connections. If this is set, an identity certificate is also required.
default: false

tls.key_file

optional string literal
Absolute path to a private key file used to identify this server, in DER or PEM format (PKCS#8), or an in-line private key in PEM format.

tls.key_pass

optional string literal
Pass phrase used to unlock the encrypted key file. This has no effect unless key_file is set.

tls.verify_certificate

optional bool
If true, Vector will require a TLS certificate from the connecting host and terminate the connection if the certificate is not valid. If false (the default), Vector will not request a certificate from the client.
default: false

Output

Logs

Structured

An individual line from an application/json request
Fields
* optional *
Any field contained in your JSON payload
path required string literal
The HTTP path the event was received from. The key can be changed using the path_key configuration setting
Examples
/
/logs/event712
timestamp required timestamp
The exact time the event was ingested into Vector.
Examples
2020-10-10T17:07:36.452332Z

Text

An individual line from a text/plain request
Fields
message required string literal
The raw line line from the incoming payload.
Examples
Hello world
path required string literal
The HTTP path the event was received from. The key can be changed using the path_key configuration setting
Examples
/
/logs/event712
timestamp required timestamp
The exact time the event was ingested into Vector.
Examples
2020-10-10T17:07:36.452332Z

Telemetry

Metrics

link

events_in_total

counter
The number of events accepted by this component either from tagged origin like file and uri, or cumulatively from other origins.
component_id required
The Vector component ID.
component_kind required
The Vector component kind.
component_name required
Deprecated, use component_id instead. The value is the same as component_id.
component_type required
The Vector component type.
container_name optional
The name of the container from which the event originates.
file optional
The file from which the event originates.
host required
The hostname of the system Vector is running on.
mode optional
The connection mode used by the component.
peer_addr optional
The IP from which the event originates.
peer_path optional
The pathname from which the event originates.
pid required
The process ID of the Vector instance.
pod_name optional
The name of the pod from which the event originates.
uri optional
The sanitized URI from which the event originates.

events_out_total

counter
The total number of events emitted by this component.
component_id required
The Vector component ID.
component_kind required
The Vector component kind.
component_name required
Deprecated, use component_id instead. The value is the same as component_id.
component_type required
The Vector component type.
host required
The hostname of the system Vector is running on.
pid required
The process ID of the Vector instance.

http_bad_requests_total

counter
The total number of HTTP 400 Bad Request errors encountered.
host required
The hostname of the system Vector is running on.
pid required
The process ID of the Vector instance.

parse_errors_total

counter
The total number of errors parsing metrics for this component.
host required
The hostname of the system Vector is running on.
pid required
The process ID of the Vector instance.

utilization

gauge
A ratio from 0 to 1 of the load on a component. A value of 0 would indicate a completely idle component that is simply waiting for input. A value of 1 would indicate a that is never idle. This value is updated every 5 seconds.
component_id required
The Vector component ID.
component_kind required
The Vector component kind.
component_name required
Deprecated, use component_id instead. The value is the same as component_id.
component_type required
The Vector component type.
host required
The hostname of the system Vector is running on.
pid required
The process ID of the Vector instance.

Examples

text/plain

Given this event...
POST / HTTP/1.1
Content-Type: text/plain
User-Agent: my-service/v2.1
X-Forwarded-For: my-host.local

Hello world
...and this configuration...
[sources.my_source_id]
type = "http"
address = "0.0.0.0:80"
encoding = "text"
headers = [ "User-Agent" ]
---
sources:
  my_source_id:
    type: http
    address: 0.0.0.0:80
    encoding: text
    headers:
      - User-Agent
{
  "sources": {
    "my_source_id": {
      "type": "http",
      "address": "0.0.0.0:80",
      "encoding": "text",
      "headers": [
        "User-Agent"
      ]
    }
  }
}
...this Vector event is produced:
[
  {
    "log": {
      "User-Agent": "my-service/v2.1",
      "host": "my-host.local",
      "message": "Hello world",
      "path": "/",
      "timestamp": "2020-10-10T17:07:36.452332Z"
    }
  }
]

application/json

Given this event...
POST /events HTTP/1.1
Content-Type: application/json
User-Agent: my-service/v2.1
X-Forwarded-For: my-host.local
{"key": "val"}
...and this configuration...
[sources.my_source_id]
type = "http"
address = "0.0.0.0:80"
encoding = "json"
headers = [ "User-Agent" ]
path_key = "vector_http_path"
---
sources:
  my_source_id:
    type: http
    address: 0.0.0.0:80
    encoding: json
    headers:
      - User-Agent
    path_key: vector_http_path
{
  "sources": {
    "my_source_id": {
      "type": "http",
      "address": "0.0.0.0:80",
      "encoding": "json",
      "headers": [
        "User-Agent"
      ],
      "path_key": "vector_http_path"
    }
  }
}
...this Vector event is produced:
[
  {
    "log": {
      "User-Agent": "my-service/v2.1",
      "host": "my-host.local",
      "key": "val",
      "timestamp": "2020-10-10T17:07:36.452332Z"
    }
  }
]

How it works

Context

By default, the http source augments events with helpful context keys.

Decompression

Received body is decompressed according to Content-Encoding header. Supported algorithms are gzip, deflate, and snappy.

State

This component is stateless, meaning its behavior is consistent across each input.

Transport Layer Security (TLS)

Vector uses OpenSSL for TLS protocols. You can adjust TLS behavior via the tls.* options.