LOG

docker source

The docker source ingests data through the docker engine daemon and outputs log events.

Configuration

vector.toml
[sources.my_source_id]
# REQUIRED
type = "docker" # example, must be: "docker"
# OPTIONAL
include_containers = ["my_container_name", "container_prefix", "9b6247364a03"] # example, no default
include_labels = ["label_key1=label_value1", "label_key2=label_value2"] # example, no default

Options

2 items
common[string]optional

include_containers

A list of container IDs or names to match against. Prefix matches are supported, meaning you can supply just the first few characters of the container ID or name. If not provided, all containers will be included.

No default
View examples
common[string]optional

include_labels

A list of container object labels to match against when filtering running containers. This should follow the described label's synatx in docker object labels docs.

No default
View examples

Env Vars

2 items
stringoptional

DOCKER_HOST

The docker host to connect to. See Connecting to the Docker daemon for more info.

Default: "unix:///var/run/docker.sock"
View examples
booloptional

DOCKER_VERIFY_TLS

If true (the default), Vector will validate the TLS certificate of the remote host. Do NOT set this to false unless you understand the risks of not verifying the remote certificate. See Connecting to the Docker daemon for more info.

Default: true
View examples

Output

This component outputs log events. For example:

{
"com.example.vendor": "Timber Inc.",
"container_created_at": "2019-11-01T21:15:47+00:00",
"container_id": "9b6247364a03",
"container_name": "evil_ptolemy",
"image": "ubuntu:latest",
"message": "Started GET / for 127.0.0.1 at 2012-03-10 14:28:14 +0100",
"stream": "stdout",
"timestamp": "2019-11-01T21:15:47+00:00"
}

More detail on the output schema is below.

8 items
stringrequired

[label-key]

Docker object labels. Each label is inserted with it's exact key/value pair.

No default
View examples
timestamprequired

container_created_at

A UTC timestamp representing when the container was created.

No default
View examples
stringrequired

container_id

The Docker container ID that the log was collected from.

No default
View examples
stringrequired

container_name

The Docker container name that the log was collected from.

No default
View examples
stringrequired

image

The image name that the container is based on.

No default
View examples
stringrequired

message

The raw log message, unaltered.

No default
View examples
stringenumrequired

stream

The standard stream that the log was collected from.

No default
Enum, must be one of: "stdout" "stderr"
View examples
timestamprequired

timestamp

The UTC timestamp extracted from the Docker log event.

No default
View examples

How It Works

Connecting to the Docker daemon

Vector will automatically attempt to connect to the docker daemon for you. In most situations if your current user is able to run docker ps then Vector will be able to connect. Vector will also respect if DOCKER_HOST and DOCKER_VERIFY_TLS are set. Vector will also use the other default docker environment variables if they are set. See the Docker daemon docs.

Environment Variables

Environment variables are supported through all of Vector's configuration. Simply add ${MY_ENV_VAR} in your Vector configuration file and the variable will be replaced before being evaluated.

You can learn more in the Environment Variables section.