The Vector team is pleased to announce version 0.23.0!
Be sure to check out the upgrade guide for breaking changes in this release.
In addition to the new features, enhancements, and fixes listed below, this release adds:
logfmt) and framings (like newline-delimited and length-delimited) to be used on more sinks. See the release highlight for details.
decoding.codec) receives invalid data. Fixed in v0.23.1.
elasticsearchsink doesn’t evaluate templated configuration options like the
indexconfiguration before applying the
except_fieldsoptions, causing templates to fail to be evaluated if they used a field that was dropped. Fixed in v0.23.1.
is_jsonfunction now takes a
variantargument making it easier to assert the type of the JSON value; for example that the text is a JSON object. Thanks to nabokihms for contributing this change!
kubernetes_logs source now annotates logs with node labels. This requires updating to the version
Thanks to nabokihms for contributing this change!
= 0.11.0 of the helm chart or adding the
noderesource to the allowed actions for the Vector pod. See the upgrade guide for more details.
parse_nginx_logfunction now parses out the
upstreamvalue if it exists in the log line. Thanks to nabokihms for contributing this change!
geoip transform now includes the following additional fields:
This brings the transform up to parity with the fields enriched by Logstash’s geoip filter (though the field names are not the same).
datadog_metricssink now achieves a better compression ratio, when compression is enabled, due to sorting the metrics before compression when transmitting them.
azure_blobsink now supports loading credentials from environment variables and via the managed identity service. To use this, set the new
storage_accountparameter. Thanks to yvespp for contributing this change!
prometheus_scrapesource now sets the
text/plainwhen requesting metrics. This improves compatibility with Prometheus exporters like keyclock which require this header.
datadog_agentsource is now able to accept traces from newer Datadog Agents (version >= 7.33).
parse_nginx_log function now correctly parses:
VRL’s diagnostic error messages have had a number of improvements in this release which should help users more quickly identify errors in their VRL code.
See the originating RFC for full details about the improvements that were made.
logfunction now correctly independently rate limits multiple
logcalls in a single
remaptransform. Previously they were mistakenly rate limited all together.
splunk_hec_logssink now has a new option to configure Vector to not set a timestamp on the event when sending it to Splunk:
suppress_timestamp. This allows Splunk to set the timestamp during ingestion.
The following sinks now allow configuration of end-to-end acknowledgements (via
pulsarsink now allows authentication via OAuth2 via new
auth.oauth2configuration option. Thanks to fantapsody for contributing this change!
gcp_pubsubsource has been improved by automatically scaling up the number of consumers within Vector to a maximum of the newly added
max_concurrencyoption (defaults to 10).
auth.api_keyoption. This was previously only supported by the
gcp_pubsubsource and sink and ignored by all other GCP components.
logfmt) and framings (like newline-delimited and octet-framing) to be used on more sinks. See the release highlight for details.
aws_cloudwatch_logssink now allows configuration of request headers via the
headersoption. This was primarily added to allow setting the
x-amzn-logs-formatheader when sending Embedded Metric Format logs to AWS CloudWatch Logs. Thanks to hencrice for contributing this change!
socketsource can now be configured to annotate events with the TLS client certificate of the connection the events came from via setting the
tls.peer_keyconfiguration option. Thanks to JustinKnueppel for contributing this change!
splunk_hec_logssink can now be configured to send to the Splunk HEC raw endpoint via the added
endpoint_targetoption. The default is still the event endpoint.
kubernetes_logssource no longer leaks resources (Tokio tasks) during configuration reload. Thanks to nabokihms for contributing this change!
vectorsource now reports the correct number of bytes received in
aws_ec2_metadatatransform now has a lower default request timeout, 1 second rather than 60 seconds, to allow Vector to fail more quickly if the IMDSv2 is unavailable. This can be configured via the new
tag_cardinality_limitnow corretly deserializes the
actionoption. Previously it would return an error when trying to configure this option.
There were some situations where VRL didn’t calculate the correct type definition of values which were fixed in this release. In some cases this can cause VRL compilation errors when upgrading if the code relied on the previous behavior due to unneeded type assertions. The VRL diagnostic error messages should guide you towards resolving them.
This affects the following:
|=) on objects that share keys with different types
See the upgrade guide for more details.
When end-to-end acknowledgements are enabled, the following sources now correctly handle negative acknowledgements by halting processing :
Previously these sources would continue processing, potentially resulting in dropped data.
datadog_tracessink now calculates statistics from incoming and forwards them to Datadog for use by the APM product.
datadog_agentsource now correctly parses the namespace of incoming metrics from the agent by looking for the first
.. For example a metric of
system.bytes_readwould have a namespace of
systemand a name of
bytes_read. This fixes interoperability issues with the
datadog_metricssink which is capable of adding a default namespace if the incoming metrics do not have one.
parse_aws_cloudwatch_log_subscription_messagetype definition was corrected so the
.eventsfield is correctly identified as an array of objects rather than an object.
parse_intfunction now correctly parses the string
0without setting the base. Previously it would return an error. Thanks to shenxn for contributing this change!
syslogcodec, and the
gcp_pubsubsource now sends heartbeats to the server to avoid inactivity timeouts. The default for this is 75 seconds but can be configured via the added
gcp_pubsubsource configuration options ending in
_secondswere renamed to end in
_secsto match other Vector configuration options that take a number of seconds. The original names are aliased, but deprecated so configuration should be updated to use the new names.
datadog_logssink now correctly retries requests due to aborted connections.
pulsarsink now sends the event timestamp as the message timestamp, if the event has one. Thanks to fantapsody for contributing this change!
syslogsource and VRL’s
parse_syslogstructured data fields were made consistent in their handling. See the upgrade guide for more details.
Sign up to receive emails on the latest Vector content and new releases
Thank you for joining our Updates Newsletter