Ingesting logs using Vector

Vector collects, transforms, and sends your logs to multiple destinations including Uptrace. It is blazingly fast and memory efficient.

Configuration

To configure Vector to send logs to Uptrace, use the HTTP sink and pass your project DSN via HTTP headers.

For example, to collect syslog messages, you can create the following Vector config:

[sources.syslog]
type = "file"
include = ["/var/log/syslog"]

[transforms.parse_syslog]
type = "remap"
inputs = ["syslog"]
source = '''
. = parse_syslog!(string!(.message))
'''

[sinks.uptrace]
type = "http"
inputs = ["parse_syslog"]
encoding.codec = "json"
framing.method = "newline_delimited"
compression = "gzip"
uri = "http://localhost:14318/api/v1/vector/logs"
#uri = "https://api.uptrace.dev/api/v1/vector/logs"
request.headers.uptrace-dsn = "http://project2_secret_token@localhost:14317/2"

Copy the config above to vector.toml and then start Vector:

vector --config=vector.toml

See vector-logs example for details.

Converting logs to spans

When parsing HTTP or SQL logs, it might be useful to convert logs into spans by providing span name, duration, and some other fields.

For example, you can set attributes using remap transformation:

[transforms.span_attrs]
type = "remap"
inputs = ["in"]
source = '''
.span_name = "<span name>"
.span_event_name = "span"
.span_kind = "server"
.span_duration = 12345 # nanoseconds
'''

Uptrace recognizes the following span attributes:

• span_id is the id of the parent span.
• span_name. Optional.
• span_event_name must be set to span.
• span_kind.
• span_duration in nanoseconds.
• service.name or service_name.
• db_system or db.system.
• db_statement or db.statement.
• http_method or http.method.
• http_route or http.route.

Fly logs

You can ship logs from Fly.io apps to Uptrace using NATS and Vector.