#                                    __   __  __
#                                    \ \ / / / /
#                                     \ V / / /
#                                      \_/  \/
#
#                                    V E C T O R
#                                   Configuration
#
# ------------------------------------------------------------------------------
# Website: https://vector.dev
# Docs: https://vector.dev/docs
# Chat: https://chat.vector.dev
# ------------------------------------------------------------------------------

# Change this to use a non-default directory for Vector data storage:
# data_dir = "/var/lib/vector"
#>GNUNUX
data_dir = "/srv/vector"
#<GNUNUX

# Random Syslog-formatted logs
#>GNUNUX
#[sources.dummy_logs]
#type = "demo_logs"
#format = "syslog"
#interval = 1
{% if general.vector.client_addresses %}
#from journal
[sources.vector_client]
type = "vector"
{% for address in general.vector.listen_addresses %}
address = "{{ address }}:8686"
{% endfor %}
{% endif %}

[sources.remote_journal]
type = "journald"
#journal_directory = "/var/log/journal/remote/"
journalctl_path = "/usr/local/lib/sbin/vector_journalctl"
current_boot_only = false
#<GNUNUX

# Parse Syslog logs
# See the Vector Remap Language reference for more info: https://vrl.dev
#>GNUNUX
#[transforms.parse_logs]
#type = "remap"
#inputs = ["dummy_logs"]
#source = '''
#. = parse_syslog!(string!(.message))
#'''
[transforms.filter_logs]
type = "filter"
{% if general.vector.client_addresses %}
inputs = ["vector_client", "remote_journal"]
{% else %}
inputs = ["remote_journal"]
{% endif %}
condition = '{{ accounts.vector_conditions }}'

[transforms.parse_logs]
type = "remap"
inputs = ["filter_logs"]
#    "syslog_identifier": .SYSLOG_IDENTIFIER,
source = '''
if is_null(.SYSLOG_IDENTIFIER) {
  .SYSLOG_IDENTIFIER = ._SYSTEMD_UNIT
}
. = {
    "message" : .message,
    "timestamp": .timestamp,
    "hostname" : .host,
    "priority": .PRIORITY,
    "identifier": .SYSLOG_IDENTIFIER,
    "uid": ._UID,
    "gid": ._GID,
    "pid": ._PID,
    "severity": to_syslog_level(to_int(.PRIORITY) ?? 0) ?? ""
}
'''
#<GNUNUX

# Print parsed logs to stdout
#>GNUNUX
#[sinks.print]
#type = "console"
#inputs = ["parse_logs"]
#encoding.codec = "json"
#[sinks.file_text_output]
#type = "file"
#inputs = ["parse_logs"]
#encoding.codec = "json"
#{% raw %}path = "/srv/vector/logs/by-host/{{ hostname }}/%Y-%m-%d.log"{% endraw %}

[sinks.loki_output]
type = "loki"
inputs = ["parse_logs"]
endpoint = "http://{{ general.loki.server_domainname }}:3100"
encoding.codec = "json"
{%- raw %}
labels = {app="{{ identifier }}", host=" {{ hostname }}", severity="{{ severity }}"}
{% endraw -%}
#<GNUNUX

# Vector's GraphQL API (disabled by default)
# Uncomment to try it out with the `vector top` command or
# in your browser at http://localhost:8686
#[api]
#enabled = true
#address = "127.0.0.1:8686"
#>GNUNUX
[api]
enabled = true
address = "127.0.0.1:8686"
#<GNUNUX