APT and RPM repositories at repositories.timber.io will be decommissioned on February 28th Migration instructions

Global options reference

Global configuration parameters


common optional object
Controls how acknowledgements are handled by all sources. These settings may be overridden in individual sources.


common optional bool
Controls if sources will wait for destination sinks to deliver the events, or persist them to a disk buffer, before acknowledging receipt. If set to true, all capable sources will have acknowledgements enabled.
default: false


optional string literal
The directory used for persisting Vector state, such as on-disk buffers, file checkpoints, and more. Please make sure the Vector project has write permissions to this directory.
default: /var/lib/vector/


optional object

Configuration options for an enrichment table to be used in a remap transform. Currently supported are:

For the lookup in the enrichment tables to be as performant as possible, the data is indexed according to the fields that are used in the search. Note that indices can only be created for fields for which an exact match is used in the condition. For range searches, an index isn’t used and the enrichment table drops back to a sequential scan of the data. A sequential scan shouldn’t impact performance significantly provided that there are only a few possible rows returned by the exact matches in the condition. We don’t recommend using a condition that uses only date range searches.


required object
Configuration options for the file that provides the enrichment table.
Configuration options for the encoding of the enrichment table’s file.
The delimiter used to separate fields in each row of the CSV file.
default: ,

Set include_headers to true if the first row of the CSV file contains the headers for each column. This is the default behavior.

If you set it to false, there are no headers and the columns are referred to by their numerical index.

default: true
common optional string literal
The encoding of the file. Currently, only CSV is supported.
default: csv
required string literal
The path of the enrichment table file. Currently, only CSV files are supported.
common optional object

Key/value pairs representing mapped log field names and types. This is used to coerce log fields from strings into their proper types. The available types are listed in the Types list below.

Timestamp coercions need to be prefaced with timestamp|, for example "timestamp|%F". Timestamp specifiers can use either of the following:

  1. One of the built-in-formats listed in the Timestamp Formats table below.
  2. The time format specifiers from Rust’s chrono library.


  • bool
  • string
  • float
  • integer
  • date
  • timestamp (see the table below for formats)

Timestamp Formats

%F %TYYYY-MM-DD HH:MM:SS2020-12-01 02:37:54
%v %TDD-Mmm-YYYY HH:MM:SS01-Dec-2020 02:37:54
%FT%TISO 8601/RFC 3339 format without time zone2020-12-01T02:37:54
%a, %d %b %Y %TRFC 822/2822 without time zoneTue, 01 Dec 2020 02:37:54
%a %d %b %T %Ydate command output without time zoneTue 01 Dec 02:37:54 2020
%a %b %e %T %Yctime formatTue Dec 1 02:37:54 2020
%sUNIX timestamp1606790274
%FT%TZISO 8601/RFC 3339 UTC2020-12-01T09:37:54Z
%+ISO 8601/RFC 3339 UTC with time zone2020-12-01T02:37:54-07:00
%a %d %b %T %Z %Ydate command output with time zoneTue 01 Dec 02:37:54 PST 2020
%a %d %b %T %z %Ydate command output with numeric time zoneTue 01 Dec 02:37:54 -0700 2020
%a %d %b %T %#z %Ydate command output with numeric time zone (minutes can be missing or present)Tue 01 Dec 02:37:54 -07 2020

Note: the examples in this table are for 54 seconds after 2:37 am on December 1st, 2020 in Pacific Standard Time.

  "duration": "float",
  "status": "int",
  "success": "bool",
  "timestamp_custom": "timestamp|%a %b %e %T %Y",
  "timestamp_iso8601": "timestamp|%F",
  "timestamp_unix": "timestamp|%F %T"

Configuration options for MaxMind databases.

The following MaxMind databases are currently supported:

  • GeoLite2-ASN.mmdb (free) — Determine the autonomous system number and organization associated with an IP address.
  • GeoLite2-City.mmdb (free) — Determine the country, subdivisions, city, and postal code associated with IPv4 and IPv6 addresses worldwide.
  • GeoIP2-City.mmdb (paid) — Determine the country, subdivisions, city, and postal code associated with IPv4 and IPv6 addresses worldwide.
  • GeoIP2-ISP.mmdb (paid) — Determine the Internet Service Provider (ISP), organization name, and autonomous system organization and number associated with an IP address.

The database file should be in the MaxMind DB file format.

This enrichment table only supports lookup with IP address.

optional string literal
The locale to use to lookup the country name and region name for the city database. See Locations Files
default: en
required string literal
Path to the database file.


required string literal enum
Determines the type of enrichment data that is to be loaded.
Enum options
fileEnrich data from a CSV file.
geoipEnrich data from a MaxMind database.


optional object
If set, Vector will configure the internal metrics system to automatically remove all metrics that have not been updated in the given time. This value must be positive.


Deprecated, please use expire_metrics_secs instead.


common optional uint
The fractional number of seconds after which to expire metrics.


common optional uint
The whole number of seconds after which to expire metrics.


optional float

If set, Vector will configure the internal metrics system to automatically remove all metrics that have not been updated in the given number of seconds. This value must be positive.

Note that internal counters that are expired but are later updated will have their values reset to zero. Be careful to set this value high enough to avoid expiring critical but infrequently updated internal counters.



optional object
Configures health checks for all sinks.


common optional bool
Disables all health checks if false, otherwise sink specific option overrides it.
default: true
Exit on startup if any sinks' health check fails. Overridden by --require-healthy command line flag.
default: false


optional object
Configures default log schema for all events. This is used by Vector components to assign the fields on incoming events. These values are ignored if log namespacing is enabled. (See Log Namespacing)


common optional string literal
Sets the event key to use for the event host field.
default: host


common optional string literal
Sets the event key to use for the event message field.
default: message


common optional string literal
Sets the event key to use for event metadata field (e.g. error or abort annotations in the remap transform).
default: metadata


common optional string literal
Sets the event key to use for the event source type field that is set by some sources.
default: source_type


common optional string literal
Sets the event key to use for the event timestamp field.
default: timestamp


optional object
Configures an HTTP(S) proxy for Vector to use.


optional bool
If false the proxy will be disabled.
default: true


optional string literal
The URL to proxy HTTP requests through.


optional string literal
The URL to proxy HTTPS requests through.


optional [string]

A list of hosts to avoid proxying. Allowed patterns here include:

PatternExample match
Domain namesexample.com matches requests to example.com
Wildcard domains.example.com matches requests to example.com and its subdomains
IP addresses127.0.0.1 matches requests to
CIDR blocks192.168.0.0./16 matches requests to any IP addresses in this range
Splat* matches all hosts


optional object
Configures options for how Vector handles event schema.
Globally enables / disables log namespacing. See Log Namespacing for more details. If you want to enable individual sources, there is a config option in the source configuration.
default: false


optional object
Configuration options to retrieve secrets from external backend in order to avoid storing secrets in plaintext in Vector config. Currently, only the exec backend is supported. Multiple backends can be configured. To signify Vector that it should look for a secret to retrieve use the SECRET[<backend_name>.<secret_key>]. This placeholder will then be replaced by the secret retrieved from the relevant backend.


required object

Run a local command to retrieve secrets.

The provided command will be run and provided a list of secrets to fetch, determined from the configuration file, on stdin as JSON in the format:

{"version": "1.0", "secrets": ["secret1", "secret2"]}

The executable is expected to respond with the values of these secrets on stdout, also as JSON, in the format:

	"secret1": {"value": "secret_value", "error": null},
	"secret2": {"value": null, "error": "could not fetch the secret"}

If an error is returned for any secrets, or if the command exits with a non-zero status code, Vector will log the errors and exit.

Secrets will be loaded when Vector starts or if Vector receives a SIGHUP signal triggering its configuration reload process.

required [string]
The command to be run, plus any arguments required.
optional uint
The amount of time Vector will wait for the command to complete.
default: 5 (seconds)


optional object
Configures options for how Vector emits telemetry.


optional object
Controls which tags should be included with the vector_component_sent_events_total and vector_component_sent_event_bytes_total metrics.

Adds a service tag with the service component the event was received from.

For logs this is the field that has been determined to mean service. Each source may define different fields for this. For example, with syslog events the appname field is used.

Metric events will use the tag named service.

If no service is available a - is emitted for this tag.

default: false
common optional bool

Add a source tag with the source component the event was received from.

If there is no source component, for example if the event was generated by the lua transform a - is emitted for this tag.

default: false


optional string literal
The name of the time zone to apply to timestamp conversions that do not contain an explicit time zone. The time zone name may be any name in the TZ database, or local to indicate system local time.
default: local