timezone = "Asia/Shanghai"

[api]
enabled = true
address = "0.0.0.0:8686"

[sources.docker]
type = "docker_logs"
include_containers = ["proxy-server-dev-service"]

[transforms.parse]
inputs = ["docker"]
type = "remap"
source = '''
. = parse_json!(.message)
.time, err = format_timestamp(parse_timestamp!(.time, "%+"), "%Y-%m-%dT%H:%M:%S", "Asia/Shanghai")
if err != null {
    log("Unable to parse JSON: " + err, level: "error")
    abort
}
'''

# ===============
# 用户访问记录
# ===============

[transforms.destinations]
inputs = ["parse"]
type = "filter"
condition = ".msg == \"用户访问记录\""

[sinks.file_out]
inputs = ["destinations"]
type = "file"
path = "/temp/vector/service-destinations/%Y-%m-%d.log"
encoding.codec = "csv"
encoding.csv.fields = ["time", "uid", "user", "proxy", "node", "proto", "dest", "domain"]
buffer.type = "disk"
buffer.max_size = 268435488

# ===============
# errors
# ===============

[transforms.errors]
inputs = ["parse"]
type = "filter"
condition = ".level == \"ERROR\""

[sinks.file_errors]
inputs = ["errors"]
type = "file"
path = "/temp/vector/service-errors/%Y-%m-%d.log"
encoding.codec = "json"
buffer.type = "disk"
buffer.max_size = 268435488