HTTP

Collect logs emitted by an HTTP server

status: beta role: aggregator role: sidecar delivery: at-least-once egress: batch state: stateless output: log

Configuration

Example configurations

{
  "sources": {
    "my_source_id": {
      "type": "http",
      "acknowledgements": null,
      "address": "0.0.0.0:80",
      "encoding": "text"
    }
  }
}
[sources.my_source_id]
type = "http"
address = "0.0.0.0:80"
encoding = "text"
---
sources:
  my_source_id:
    type: http
    acknowledgements: null
    address: 0.0.0.0:80
    encoding: text
{
  "sources": {
    "my_source_id": {
      "type": "http",
      "acknowledgements": null,
      "address": "0.0.0.0:80",
      "encoding": "text",
      "headers": [
        "User-Agent"
      ],
      "query_parameters": [
        "application"
      ],
      "path": "/",
      "strict_path": true,
      "path_key": "path"
    }
  }
}
[sources.my_source_id]
type = "http"
address = "0.0.0.0:80"
encoding = "text"
headers = [ "User-Agent" ]
query_parameters = [ "application" ]
path = "/"
strict_path = true
path_key = "path"
---
sources:
  my_source_id:
    type: http
    acknowledgements: null
    address: 0.0.0.0:80
    encoding: text
    headers:
      - User-Agent
    auth: null
    query_parameters:
      - application
    path: /
    strict_path: true
    framing: null
    tls: null
    path_key: path
    decoding: null

acknowledgements

common optional bool
Controls if the source will wait for destination sinks to deliver the events before acknowledging receipt.
default: false

address

required string literal
The address to accept connections on. The address must include a port.
Examples
"0.0.0.0:80"
"localhost:80"

auth

optional object
Options for HTTP Basic Authentication.

auth.password

optional string literal
The basic authentication password.
Examples
"${HTTP_PASSWORD}"
"password"

auth.username

optional string literal
The basic authentication user name.
Examples
"${HTTP_USERNAME}"
"username"

decoding

optional object
Configures in which way frames are decoded into events.

decoding.codec

optional string literal enum
The decoding method.
Enum options
OptionDescription
bytesEvents containing the byte frame as-is.
jsonEvents being parsed from a JSON string.
syslogEvents being parsed from a Syslog message.
default: bytes

encoding

common optional string literal enum
The expected encoding of received data. Note that for json and ndjson encodings, the fields of the JSON objects are output as separate fields.
Enum options string literal
OptionDescription
binaryBinary or text, whole http request body is considered as one message.
jsonArray of JSON objects, which must be a JSON array containing JSON objects.
ndjsonNewline-delimited JSON objects, where each line must contain a JSON object.
textNewline-delimited text, with each line forming a message.
default: text

framing

optional object
Configures in which way incoming byte sequences are split up into byte frames.
Options for character_delimited framing.
Relevant when: method = `character_delimited`
The character used to separate frames.
Examples
"\n"
"\t"
The maximum frame length limit. Any frames longer than max_length bytes will be discarded entirely.
Examples
65535
102400

framing.method

optional string literal enum
The framing method.
Enum options
OptionDescription
bytesByte frames are passed through as-is according to the underlying I/O boundaries (e.g. split between messages or stream segments).
character_delimitedByte frames which are delimited by a chosen character.
length_delimitedByte frames whose length is encoded in a header.
newline_delimitedByte frames which are delimited by a newline character.
octet_countingByte frames according to the octet counting format.
default: newline_delimited
Options for newline_delimited framing.
Relevant when: method = `newline_delimited`
The maximum frame length limit. Any frames longer than max_length bytes will be discarded entirely.
Examples
65535
102400

framing.octet_counting

optional object
Options for octet_counting framing.
Relevant when: method = `octet_counting`
The maximum frame length limit. Any frames longer than max_length bytes will be discarded entirely.
Examples
65535
102400

headers

optional [string]
A list of HTTP headers to include in the log event. These will override any values included in the JSON payload with conflicting names.
Array string literal
Examples
[
  "User-Agent",
  "X-My-Custom-Header"
]

path

optional string literal
The URL path on which log event POST requests shall be sent.
Examples
"/event/path"
"/logs"
default: /

path_key

optional string literal
The event key in which the requested URL path used to send the request will be stored.
Examples
"vector_http_path"
default: path

query_parameters

optional [string]
A list of URL query parameters to include in the log event. These will override any values included in the body with conflicting names.
Array string literal
Examples
[
  "application",
  "source"
]

strict_path

optional bool
If set to true, only requests using the exact URL path specified in path will be accepted; otherwise requests sent to a URL path that starts with the value of path will be accepted. With strict_path set to false and path set to "", the configured HTTP source will accept requests from any URL path.
default: true

tls

optional object
Configures the TLS options for incoming connections.

tls.ca_file

optional string literal
Absolute path to an additional CA certificate file, in DER or PEM format (X.509), or an in-line CA certificate in PEM format.
Examples
"/path/to/certificate_authority.crt"

tls.crt_file

optional string literal
Absolute path to a certificate file used to identify this server, in DER or PEM format (X.509) or PKCS#12, or an in-line certificate in PEM format. If this is set, and is not a PKCS#12 archive, key_file must also be set. This is required if enabled is set to true.
Examples
"/path/to/host_certificate.crt"

tls.enabled

optional bool
Require TLS for incoming connections. If this is set, an identity certificate is also required.
default: false

tls.key_file

optional string literal
Absolute path to a private key file used to identify this server, in DER or PEM format (PKCS#8), or an in-line private key in PEM format.
Examples
"/path/to/host_certificate.key"

tls.key_pass

optional string literal
Pass phrase used to unlock the encrypted key file. This has no effect unless key_file is set.
Examples
"${KEY_PASS_ENV_VAR}"
"PassWord1"
If true, Vector will require a TLS certificate from the connecting host and terminate the connection if the certificate is not valid. If false (the default), Vector will not request a certificate from the client.
default: false

Output

Logs

Structured

An individual line from an application/json request
Fields
* optional *
Any field contained in your JSON payload
path required string literal
The HTTP path the event was received from. The key can be changed using the path_key configuration setting
Examples
/
/logs/event712
timestamp required timestamp
The exact time the event was ingested into Vector.
Examples
2020-10-10T17:07:36.452332Z

Text

An individual line from a text/plain request
Fields
message required string literal
The raw line line from the incoming payload.
Examples
Hello world
path required string literal
The HTTP path the event was received from. The key can be changed using the path_key configuration setting
Examples
/
/logs/event712
timestamp required timestamp
The exact time the event was ingested into Vector.
Examples
2020-10-10T17:07:36.452332Z

Telemetry

Metrics

link

component_errors_total

counter
The total number of errors encountered by this component.
component_id required
The Vector component ID.
component_kind required
The Vector component kind.
component_name required
Deprecated, use component_id instead. The value is the same as component_id.
component_type required
The Vector component type.
error_type required
The type of the error
host required
The hostname of the system Vector is running on.
pid required
The process ID of the Vector instance.
stage required
The stage within the component at which the error occurred.

component_received_bytes_total

counter
The number of raw bytes accepted by this component from source origins.
component_id required
The Vector component ID.
component_kind required
The Vector component kind.
component_name required
Deprecated, use component_id instead. The value is the same as component_id.
component_type required
The Vector component type.
container_name optional
The name of the container from which the event originates.
file optional
The file from which the event originates.
host required
The hostname of the system Vector is running on.
mode optional
The connection mode used by the component.
peer_addr optional
The IP from which the event originates.
peer_path optional
The pathname from which the event originates.
pid required
The process ID of the Vector instance.
pod_name optional
The name of the pod from which the event originates.
uri optional
The sanitized URI from which the event originates.

component_received_event_bytes_total

counter
The number of event bytes accepted by this component either from tagged origins like file and uri, or cumulatively from other origins.
component_id required
The Vector component ID.
component_kind required
The Vector component kind.
component_name required
Deprecated, use component_id instead. The value is the same as component_id.
component_type required
The Vector component type.
container_name optional
The name of the container from which the event originates.
file optional
The file from which the event originates.
host required
The hostname of the system Vector is running on.
mode optional
The connection mode used by the component.
peer_addr optional
The IP from which the event originates.
peer_path optional
The pathname from which the event originates.
pid required
The process ID of the Vector instance.
pod_name optional
The name of the pod from which the event originates.
uri optional
The sanitized URI from which the event originates.

component_received_events_total

counter
The number of events accepted by this component either from tagged origins like file and uri, or cumulatively from other origins.
component_id required
The Vector component ID.
component_kind required
The Vector component kind.
component_name required
Deprecated, use component_id instead. The value is the same as component_id.
component_type required
The Vector component type.
container_name optional
The name of the container from which the event originates.
file optional
The file from which the event originates.
host required
The hostname of the system Vector is running on.
mode optional
The connection mode used by the component.
peer_addr optional
The IP from which the event originates.
peer_path optional
The pathname from which the event originates.
pid required
The process ID of the Vector instance.
pod_name optional
The name of the pod from which the event originates.
uri optional
The sanitized URI from which the event originates.

component_sent_event_bytes_total

counter
The total number of event bytes emitted by this component.
component_id required
The Vector component ID.
component_kind required
The Vector component kind.
component_name required
Deprecated, use component_id instead. The value is the same as component_id.
component_type required
The Vector component type.
host required
The hostname of the system Vector is running on.
pid required
The process ID of the Vector instance.

component_sent_events_total

counter
The total number of events emitted by this component.
component_id required
The Vector component ID.
component_kind required
The Vector component kind.
component_name required
Deprecated, use component_id instead. The value is the same as component_id.
component_type required
The Vector component type.
host required
The hostname of the system Vector is running on.
pid required
The process ID of the Vector instance.

events_in_total

counter
The number of events accepted by this component either from tagged origins like file and uri, or cumulatively from other origins. This metric is deprecated and will be removed in a future version. Use component_received_events_total instead.
component_id required
The Vector component ID.
component_kind required
The Vector component kind.
component_name required
Deprecated, use component_id instead. The value is the same as component_id.
component_type required
The Vector component type.
container_name optional
The name of the container from which the event originates.
file optional
The file from which the event originates.
host required
The hostname of the system Vector is running on.
mode optional
The connection mode used by the component.
peer_addr optional
The IP from which the event originates.
peer_path optional
The pathname from which the event originates.
pid required
The process ID of the Vector instance.
pod_name optional
The name of the pod from which the event originates.
uri optional
The sanitized URI from which the event originates.

events_out_total

counter
The total number of events emitted by this component. This metric is deprecated and will be removed in a future version. Use component_sent_events_total instead.
component_id required
The Vector component ID.
component_kind required
The Vector component kind.
component_name required
Deprecated, use component_id instead. The value is the same as component_id.
component_type required
The Vector component type.
host required
The hostname of the system Vector is running on.
pid required
The process ID of the Vector instance.

http_bad_requests_total

counter
The total number of HTTP 400 Bad Request errors encountered.
host required
The hostname of the system Vector is running on.
pid required
The process ID of the Vector instance.

parse_errors_total

counter
The total number of errors parsing metrics for this component.
host required
The hostname of the system Vector is running on.
pid required
The process ID of the Vector instance.

Examples

text/plain

Given this event...
POST / HTTP/1.1
Content-Type: text/plain
User-Agent: my-service/v2.1
X-Forwarded-For: my-host.local

Hello world
...and this configuration...
[sources.my_source_id]
type = "http"
address = "0.0.0.0:80"
encoding = "text"
headers = [ "User-Agent" ]
---
sources:
  my_source_id:
    type: http
    address: 0.0.0.0:80
    encoding: text
    headers:
      - User-Agent
{
  "sources": {
    "my_source_id": {
      "type": "http",
      "address": "0.0.0.0:80",
      "encoding": "text",
      "headers": [
        "User-Agent"
      ]
    }
  }
}
...this Vector event is produced:
[{"log":{"User-Agent":"my-service/v2.1","host":"my-host.local","message":"Hello world","path":"/","timestamp":"2020-10-10T17:07:36.452332Z"}}]

application/json

Given this event...
POST /events HTTP/1.1
Content-Type: application/json
User-Agent: my-service/v2.1
X-Forwarded-For: my-host.local
{"key": "val"}
...and this configuration...
[sources.my_source_id]
type = "http"
address = "0.0.0.0:80"
encoding = "json"
headers = [ "User-Agent" ]
path_key = "vector_http_path"
---
sources:
  my_source_id:
    type: http
    address: 0.0.0.0:80
    encoding: json
    headers:
      - User-Agent
    path_key: vector_http_path
{
  "sources": {
    "my_source_id": {
      "type": "http",
      "address": "0.0.0.0:80",
      "encoding": "json",
      "headers": [
        "User-Agent"
      ],
      "path_key": "vector_http_path"
    }
  }
}
...this Vector event is produced:
[{"log":{"User-Agent":"my-service/v2.1","host":"my-host.local","key":"val","timestamp":"2020-10-10T17:07:36.452332Z"}}]

How it works

Context

By default, the http source augments events with helpful context keys.

Decompression

Received body is decompressed according to Content-Encoding header. Supported algorithms are gzip, deflate, and snappy.

State

This component is stateless, meaning its behavior is consistent across each input.

Transport Layer Security (TLS)

Vector uses OpenSSL for TLS protocols. You can adjust TLS behavior via the tls.* options.