Vector Config Generator
Build production-ready Vector pipelines with Sources, Transforms, Sinks, and VRL expressions.
Vector Pipeline
Global Options
Sources
Transforms
Sinks
Overview
The Vector Config Generator helps you build production-ready Vector pipeline configurations in TOML format. Vector is a high-performance observability data router written in Rust, capable of collecting, transforming, and routing logs, metrics, and traces with sub-millisecond latency.
Unlike legacy tools like Fluentd or Logstash, Vector operates as a unified data pipeline for all telemetry signals. Its Vector Remap Language (VRL) provides a safety-focused transformation language with compile-time error detection, deterministic error handling, and zero runtime panics. This generator produces syntactically correct vector.toml files with Sources, Transforms, and Sinks fully configured.
How It Works
1. Define Sources: Vector sources ingest data from various origins — files (file), stdin, exec commands, journald, Kafka topics, Docker logs, Kubernetes logs, S3 buckets, GCP Pub/Sub, HTTP endpoints, syslog, TCP/UDP sockets, and Vector's own internal metrics.
2. Add Transforms: Process and enrich data in-flight using transforms. Use remap for VRL-based field mapping, filter to drop unwanted events, route for conditional splitting, reduce for aggregation, dedupe to remove duplicates, sample for rate limiting, geoip for IP enrichment, and various parsers (parse_json, parse_regex).
3. Configure Sinks: Route processed data to destinations — Elasticsearch, Loki, Kafka, S3, Datadog, Splunk, Prometheus, ClickHouse, HTTP endpoints, Google Cloud Storage, AWS CloudWatch Logs, or chain to another Vector instance. Each sink supports encoding, batching, and healthchecks.
4. Tune Global Options: Set data_dir for persistent state and log_schema for default field names across the pipeline.
Best Practices
- Always set a dedicated data_dir for Vector's internal state to survive restarts without data loss.
- Use VRL's try() and assert!() patterns to validate data shapes at compile time rather than runtime.
- Configure healthcheck.enabled = true on all sinks to detect unreachable backends early.
- Use the Vector agent/aggregator split pattern: lightweight agents on each node forward to centralized aggregators.
- Enable batch configuration (batch.max_events, batch.timeout_secs) on sinks to optimize throughput.
Common Mistakes
- Forgetting to set data_dir, which causes Vector to fail when sinks need persistent buffer state.
- Using .message as a raw string instead of parsing JSON with parse_json!(), leading to unstructured data in downstream sinks.
- Not configuring acknowledgments, which can cause data loss when the downstream sink is temporarily unavailable.
- Over-configuring transform inputs without considering the DAG execution order, creating circular dependencies.
Security Recommendations
- Use environment variables for sensitive values like API keys and passwords — Vector supports ${ENV_VAR} syntax in TOML.
- Enable TLS on all network-facing sources (TCP, HTTP, syslog) and sinks to protect data in transit.
- Run Vector as a non-root user with minimal file system permissions on the data_dir directory.
- Restrict HTTP source endpoints to internal networks or use authentication plugins for public-facing endpoints.
Production Tips
- Deploy Vector as a DaemonSet in Kubernetes with the kubernetes_logs source for automatic pod log collection.
- Use the aggregator pattern with Vector sources to fan-in logs from multiple agents before routing to backends.
- Monitor Vector's own health via the internal_metrics source exposed through a Prometheus sink.
- Tune buffer.max_size and buffer.type (memory vs disk) based on your throughput requirements and acceptable latency.
- Use VRL's redact!() function to sanitize sensitive fields like passwords and tokens before shipping logs.