Prometheus remote write

Deliver metric data to a Prometheus remote write endpoint

status: beta delivery: at-least-once egress: batch state: stateless

Warnings

High cardinality metric names and labels are discouraged by Prometheus as they can provide performance and reliability problems. You should consider alternative strategies to reduce the cardinality. Vector offers a tag_cardinality_limit transform as a way to protect against this.

Configuration

Example configurations

{
  "sinks": {
    "my_sink_id": {
      "type": "prometheus_remote_write",
      "inputs": "my-source-or-transform-id",
      "endpoint": "https://localhost:8087/",
      "default_namespace": "service"
    }
  }
}
[sinks.my_sink_id]
type = "prometheus_remote_write"
inputs = "my-source-or-transform-id"
endpoint = "https://localhost:8087/"
default_namespace = "service"
---
sinks:
  my_sink_id:
    type: prometheus_remote_write
    inputs: my-source-or-transform-id
    endpoint: https://localhost:8087/
    default_namespace: service
    healthcheck: null
{
  "sinks": {
    "my_sink_id": {
      "type": "prometheus_remote_write",
      "inputs": "my-source-or-transform-id",
      "endpoint": "https://localhost:8087/",
      "default_namespace": "service",
      "buckets": 0.005,
      "quantiles": 0.5,
      "tenant_id": "my-domain"
    }
  }
}
[sinks.my_sink_id]
type = "prometheus_remote_write"
inputs = "my-source-or-transform-id"
endpoint = "https://localhost:8087/"
default_namespace = "service"
buckets = 0.005
quantiles = 0.5
tenant_id = "my-domain"
---
sinks:
  my_sink_id:
    type: prometheus_remote_write
    inputs: my-source-or-transform-id
    endpoint: https://localhost:8087/
    auth: null
    default_namespace: service
    buckets: 0.005
    quantiles: 0.5
    batch: null
    healthcheck: null
    request: null
    tls: null
    proxy: null
    tenant_id: my-domain

auth

optional object
Configures the authentication strategy.

auth.password

required string literal
The basic authentication password.

auth.strategy

required string enum literal
The authentication strategy to use.
Enum options
OptionDescription
basicThe basic authentication strategy.
bearerThe bearer token authentication strategy.

auth.token

required string literal
The token to use for bearer authentication

auth.user

required string literal
The basic authentication user name.

batch

optional object
Configures the sink batching behavior.

batch.max_events

optional uint
The maximum size of a batch, in events, before it is flushed.
default: 1000 (events)

batch.timeout_secs

optional uint
The maximum age of a batch before it is flushed.
default: 1 (seconds)

buckets

optional [float]
Default buckets to use for aggregating distribution metrics into histograms.
Array float
Examples
[
  0.005,
  0.01
]
default: [0.005 0.01 0.025 0.05 0.1 0.25 0.5 1 2.5 5 10]

default_namespace

common optional string
Used as a namespace for metrics that don’t have it. A namespace will be prefixed to a metric’s name. It should follow Prometheus naming conventions.

endpoint

required string
The endpoint URL to send data to.

healthcheck

common optional object
Health check options for the sink.

healthcheck.enabled

optional bool
Enables/disables the healthcheck upon Vector boot.
default: true

inputs

required [string]

A list of upstream source or transform IDs. Wildcards (*) are supported but must be the last character in the ID.

See configuration for more info.

Array string literal
Examples
[
  "my-source-or-transform-id",
  "prefix-*"
]

proxy

optional object
Configures an HTTP(S) proxy for Vector to use.

proxy.enabled

optional bool
If false the proxy will be disabled.
default: true

proxy.http

optional string literal
The URL to proxy HTTP requests through.

proxy.https

optional string literal
The URL to proxy HTTPS requests through.

proxy.no_proxy

optional array

List of hosts to avoid proxying globally.

Allowed patterns here include: - Domain names. For example, example.com will match requests to to example.com - Wildcard domains. For example, .example.com will match requests to example.com and its subdomains - IP addresses. For example, 127.0.0.1 will match requests to 127.0.0.1 - CIDR blocks. For example, 192.168.0.0./16 will match requests to any IP addresses in this range - * will match all hosts

quantiles

optional [float]
Quantiles to use for aggregating distribution metrics into a summary.
Array float
Examples
[
  0.5,
  0.75,
  0.9,
  0.95,
  0.99
]
default: [0.5 0.75 0.9 0.95 0.99]

request

optional object
Configures the sink request behavior.

request.adaptive_concurrency

optional object
Configure the adaptive concurrency algorithms. These values have been tuned by optimizing simulated results. In general you should not need to adjust these.

request.concurrency

optional uint
The maximum number of in-flight requests allowed at any given time.
default: 5 (requests)

request.rate_limit_duration_secs

optional uint
The time window, in seconds, used for the rate_limit_num option.
default: 1 (seconds)

request.rate_limit_num

optional uint
The maximum number of requests allowed within the rate_limit_duration_secs time window.
default: 5

request.retry_attempts

optional uint
The maximum number of retries to make for failed requests. The default, for all intents and purposes, represents an infinite number of retries.
default: 1.8446744073709552e+19

request.retry_initial_backoff_secs

optional uint
The amount of time to wait before attempting the first retry for a failed request. Once, the first retry has failed the fibonacci sequence will be used to select future backoffs.
default: 1 (seconds)

request.retry_max_duration_secs

optional uint
The maximum amount of time, in seconds, to wait between retries.
default: 10 (seconds)

request.timeout_secs

optional uint
The maximum time a request can take before being aborted. It is highly recommended that you do not lower this value below the service’s internal timeout, as this could create orphaned requests, pile on retries, and result in duplicate data downstream.
default: 60 (seconds)

tenant_id

optional string
If set, a header named X-Scope-OrgID will be added to outgoing requests with the text of this setting. This may be used by Cortex or other remote services to identify the tenant making the request.

tls

optional object
Configures the TLS options for incoming connections.

tls.ca_file

optional string literal
Absolute path to an additional CA certificate file, in DER or PEM format (X.509), or an inline CA certificate in PEM format.

tls.crt_file

optional string literal
Absolute path to a certificate file used to identify this connection, in DER or PEM format (X.509) or PKCS#12, or an inline certificate in PEM format. If this is set and is not a PKCS#12 archive, key_file must also be set.

tls.key_file

optional string literal
Absolute path to a private key file used to identify this connection, in DER or PEM format (PKCS#8), or an inline private key in PEM format. If this is set, crt_file must also be set.

tls.key_pass

optional string literal
Pass phrase used to unlock the encrypted key file. This has no effect unless key_file is set.

tls.verify_hostname

optional bool
If true (the default), Vector will validate the configured remote host name against the remote host’s TLS certificate. Do NOT set this to false unless you understand the risks of not verifying the remote hostname.
default: true

Telemetry

Metrics

link

events_in_total

counter
The number of events accepted by this component either from tagged origin like file and uri, or cumulatively from other origins.
component_kind required
The Vector component kind.
component_name required
The Vector component name.
component_type required
The Vector component type.
container_name optional
The name of the container from which the event originates.
file optional
The file from which the event originates.
host required
The hostname of the system Vector is running on.
mode optional
The connection mode used by the component.
peer_addr optional
The IP from which the event originates.
peer_path optional
The pathname from which the event originates.
pid required
The process ID of the Vector instance.
pod_name optional
The name of the pod from which the event originates.
uri optional
The sanitized URI from which the event originates.

events_out_total

counter
The total number of events emitted by this component.
component_kind required
The Vector component kind.
component_name required
The Vector component name.
component_type required
The Vector component type.
host required
The hostname of the system Vector is running on.
pid required
The process ID of the Vector instance.

processing_errors_total

counter
The total number of processing errors encountered by this component.
component_kind required
The Vector component kind.
component_name required
The Vector component name.
component_type required
The Vector component type.
error_type required
The type of the error
host required
The hostname of the system Vector is running on.
pid required
The process ID of the Vector instance.

How it works

Health checks

Health checks ensure that the downstream service is accessible and ready to accept data. This check is performed upon sink initialization. If the health check fails an error will be logged and Vector will proceed to start.

Require health checks

If you’d like to exit immediately upon a health check failure, you can pass the --require-healthy flag:

vector --config /etc/vector/vector.toml --require-healthy

Disable health checks

If you’d like to disable health checks for this sink you can set the healthcheck option to false.

Partitioning

Vector supports dynamic configuration values through a simple template syntax. If an option supports templating, it will be noted with a badge and you can use event fields to create dynamic values. For example:

[sinks.my-sink]
dynamic_option = "application={{ application_id }}"

In the above example, the application_id for each event will be used to partition outgoing data.

Rate limits & adapative concurrency

Adaptive Request Concurrency (ARC)

Adaptive Requst Concurrency is a feature of Vector that does away with static rate limits and automatically optimizes HTTP concurrency limits based on downstream service responses. The underlying mechanism is a feedback loop inspired by TCP congestion control algorithms. Checkout the announcement blog post,

We highly recommend enabling this feature as it improves performance and reliability of Vector and the systems it communicates with.

To enable, set the request.concurrency option to adaptive:

[sinks.my-sink]
  request.concurrency = "adaptive"

Static rate limits

If Adaptive Request Concurrency is not for you, you can manually set static rate limits with the request.rate_limit_duration_secs, request.rate_limit_num, and request.concurrency options:

[sinks.my-sink]
  request.rate_limit_duration_secs = 1
  request.rate_limit_num = 10
  request.concurrency = 10

Retry policy

Vector will retry failed requests (status == 429, >= 500, and != 501). Other responses will not be retried. You can control the number of retry attempts and backoff rate with the request.retry_attempts and request.retry_backoff_secs options.

State

This component is stateless, meaning its behavior is consistent across each input.

Transport Layer Security (TLS)

Vector uses OpenSSL for TLS protocols due to OpenSSL’s maturity. You can enable and adjust TLS behavior using the tls.* options.