Vector v0.48.0 release notes

The Vector team is excited to announce version 0.48.0!

This release new configuration options for various components. For example, VRL expressions can be used in HTTP query parameters.

Also, this release includes numerous bug fixes which should improve Vector’s reliability in production environments.

Upgrading Vector
When upgrading, we recommend stepping through minor versions as these can each contain breaking changes while Vector is pre-1.0. These breaking changes are noted in their respective upgrade guides.

Vector Changelog

7 new features

  • The kubernetes_logs source now includes a new max_merged_line_bytes configuration option. This setting enables users to cap the size of log lines after they’ve been combined using auto_partial_merge. Previously, the max_line_bytes field only restricted line sizes before merging, leaving no practical way to limit the length of merged lines—unless you set a size so tiny that it prevented merging altogether by stopping short of the continuation character. This new option gives you better control over merged line sizes.
    Thanks to ganelo for contributing this change!
  • Adds trace data type support to the Axiom sink allowing propagation of OpenTelemetry traces received via the opentelemetry or compatible trace emitting components.
    Thanks to darach for contributing this change!
  • Enabled URL path access in VRL scripts of custom auth strategy for server components.
    Thanks to byronwolfman for contributing this change!
  • Added rate_limit_num and rate_limit_duration_secs options to kafka sink, to enable rate limiting this sink.
    Thanks to esensar, Quad9DNS for contributing this change!
  • VRL programs can now read, write, and delete the interval_ms field in metric events.
    Thanks to thomasqueirozb for contributing this change!
  • Added vector uptime in seconds to vector top.
    Thanks to esensar, Quad9DNS for contributing this change!

  • The socket source with udp mode now supports joining multicast groups via the multicast_groups option of that source. This allows the source to receive multicast packets from the specified multicast groups.

    Note that in order to work properly, the socket address must be set to 0.0.0.0 and not to 127.0.0.1 (localhost) or any other specific IP address. If other IP address is used, the host’s interface will filter out the multicast packets as the packet target IP (multicast) would not match the host’s interface IP.


    Thanks to jorgehermo9 for contributing this change!

3 enhancements

  • The HTTP client source now supports VRL within query parameters.

    For example:

    sources:
	http:
		type: http_client
		endpoint: https://endpoint.com
		method: GET
		query:
			timestamp:
				 value: "now()"
				 type: "vrl"
			foo:
				 value: "bar"
				 type: "string"

    This means that HTTP requests can now be made with dynamic query parameters. This is particularly useful for generating unique timestamps or UUIDs per request.


    Thanks to benjamin-awd for contributing this change!
  • Updated the Splunk HEC source to accept requests that contain the header content-type with any value containing “application/json,” not the exact value of “application/json.” This matches the behavior of a true Splunk HEC. Allows sources from AWS to successfully send events to the Splunk HEC source without additional proxying to update headers.
    Thanks to Tot19 for contributing this change!
  • Adds support for session tokens in AWS authentication options. When using temporary credentials (access key, secret key, and session token), the session token is required. Temporary credentials can be provided by an external system and updated using the SECRET backend.
    Thanks to anil-db for contributing this change!

10 bug fixes

  • The amqp sink now attempts to re-connect to the AMQP broker when the channel has been disconnected. It will also create up to 4 channels in a pool (configurable with the max_channels setting) to improve throughput.
    Thanks to aramperes for contributing this change!
  • The dnstap source now correctly labels DNS response code 16 as BADVERS instead of BADSIG, which is reserved for TSIG RRs.
    Thanks to esensar, Quad9DNS for contributing this change!
  • Improved dnstap source TCP backpressure and load handling.
    Thanks to esensar, Quad9DNS for contributing this change!
  • Unknown fields in the tls config are now rejected so these fields now need to be removed for Vector to start successfully.
    Thanks to thomasqueirozb for contributing this change!
  • Fixed panic in opentelemetry source when a NaN float value is received. NaN values are now converted to null.
    Thanks to srstrickland for contributing this change!
  • Fix panic when dnstap parser encounters unusual timestamps.
    Thanks to wooffie for contributing this change!
  • The elasticsearch sink now encodes parameters such as index that contain characters that need to be escaped in JSON strings.
    Thanks to jszwedko for contributing this change!
  • Fix crash when dnstap source parses unexpected socket address values.”
    Thanks to wooffie for contributing this change!
  • Fix bug allowing invalid Prometheus timestamps; now properly rejected during parsing.
    Thanks to wooffie for contributing this change!
  • The aws_ecs_metrics source now skips over empty ECS metrics payloads. It previously failed to parse such payloads.
    Thanks to tustvold for contributing this change!

VRL Changelog

[0.25.0 (2025-06-26)]

Enhancements

  • Add support for decompressing lz4 frame compressed data.

authors: jimmystewpot (https://github.com/vectordotdev/vrl/pull/1367)

Download Version 0.48.0

Linux
tar.gz
ARM64 ARMv7 x86_64
Linux (deb)
deb
ARM64 ARMv7 x86_64
Linux (rpm)
rpm
ARM64 ARMv7 x86_64
macOS
tar.gz
x86_64 ARM64
Windows
zip
x86_64
Windows (MSI)
msi
x86_64
browse all files...