vector-aggregator-conf.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: vector-aggregator-conf
  namespace: vector
data:
  vector.toml: |2+

    data_dir                                = "/var/lib/vector"


    [api]
      enabled                               = true
      address                               = "127.0.0.1:8686"
      playground                            = true


    [sources.vector_tcp]
      type                                 = "vector"
      address                              = "0.0.0.0:9000"


    [transforms.swimlanes]
      type                                 = "swimlanes"
      inputs                               = ["vector_tcp"]


    [transforms.swimlanes.lanes.audit_logs]
      type                                 = "check_fields"
      "file.ends_with"                     = "apiserver/audit.log"


    [transforms.parse_audit_logs]
      type                                 = "json_parser"
      inputs                               = ["swimlanes.audit_logs"]


    [transforms.swimlanes.lanes.kubernetes_logs]
      type                                 = "check_fields"
      "file.starts_with"                   = "/var/log/pods/"


    [sinks.elasticsearch]
      type                                 = "elasticsearch"
      inputs                               = ["swimlanes.kubernetes_logs", "parse_audit_logs"]
      compression                          = "none"
      endpoint                             = "https://xxxxxxxxxx"
      auth.user                            = "xxxxxxx"
      auth.password                        = "xxxxxxx"
      auth.strategy                        = "basic"
      index                                = "{{ kubernetes.pod_namespace }}-%Y-%m-%d"