Log events
Here’s an example representation of a log event (as JSON):
{
"log": {
"custom": "field",
"host": "my.host.com",
"message": "Hello world",
"timestamp": "2020-11-01T21:15:47+00:00"
}
}
Schema
Options
*
common optional *Examples
{
"custom": "field",
"host": "my.host.com",
"message": "Hello world",
"timestamp": "2020-11-01T21:15:47+00:00"
}How it works
Schemas
Vector is schema-neutral and doesn’t require any specific schema. This ensures that Vector can work with a variety of schemas, supporting legacy schemas as well as future schemas.
Types
Strings
Strings are UTF-8 compatible and are only bounded by the available system memory.
Integers
Integers are signed integers up to 64 bits.
Floats
Floats are 64-bit IEEE 754 floats.
Booleans
Booleans represent binary true/false values.
Timestamps
Timestamps are represented as DateTime Rust structs stored as UTC.
Timestamp Coercion
There are cases where Vector interacts with formats that don’t have a formal timestamp definition,
such as JSON. In these cases, Vector ingests the timestamp in its primitive form (string or
integer). You can then coerce the field into a timestamp using a remap transform with the
parse_timestamp VRL function.
Time zones
If Vector receives a timestamp that doesn’t contain timezone information, it assumes that the timestamp is in local time and converts the timestamp to UTC from the local time.
Null values
For compatibility with JSON log events, Vector also supports null values.
Maps
Maps are associative arrays mapping string fields to values of any type.
Arrays
Array fields are sequences of values of any type.