Skip to content

OpenObserve Documentation

Vector

openobserve/openobserve

OpenObserve Documentation

openobserve/openobserve

Introduction
Getting started
Screenshots
Quickstart
Releases
Example Queries
Architecture
HA Deployment
Environment Variables
Storage
User Guide
User Guide
- Concepts
- Log Search
  Log Search
  - Log Search
- Real User Monitoring (RUM)
- Organizations
- Users
- Streams
- Ingestion
- Alerts
  Alerts
- Dashboards
  Dashboards
  - Index
  - Static variables
- Functions
  Functions
- Migration
  Migration
  - v0.5.2 to v0.5.3
Operator Guide
Operator Guide
Performance Optimization
How To
How To
- Ingest Amazon Cloudwatch logs in OpenObserve
- Ingest logs from Amazon ECS using AWS firelens
API Reference
API Reference
- Streams
  Streams
  - Schema
  - Settings
  - List
  - Delete
- Ingestion
  Ingestion
  - Logs
    Logs
    
    JSON
    
    Bulk
    
    Multi
  - Metrics
    Metrics
    
    Prometheus
    
    JSON
  - Traces
    Traces
    
    OTLP
- Search
  Search
  - Search
  - Around
- Functions
  Functions
  - Ingestion
    Ingestion
    
    Create
    
    Delete
    
    List
    
    Examples
  - Query
    Query
    
    Create
    
    Delete
    
    List
- Users
  Users
  - Create
  - Update
  - Add to org
  - Remove from org
  - List
Ingestion
Ingestion
- Index
- Logs
  Logs
  - otel-collector
  - Vector Vector
    Table of contents
    
    HTTP output
    
    Elasticsearch output
  - Filebeat
  - Fluent-bit
  - Fluentd
  - Kinesis Firehose
  - Syslog
  - Python
  - Go
  - Curl
- Metrics
  Metrics
- Traces
  Traces
  - Index
  - OpenTelemetry
  - Typescript
  - Node.js
  - Python
  - Go
  - Rust
Migration
SQL functions reference
Monitoring OpenObserve
Telemetry
Open API Specifications
zPlane
SSO (Single Sign On)

Vector

( .toml format)

HTTP output

[sinks.openobserve]
type = "http"
inputs = [ source or transform id ]
uri = "http://localhost:5080/api/{organization}/{stream}/_json"
method = "post"
auth.strategy = "basic"
auth.user = "root@example.com"
auth.password = "password"
compression = "gzip"
encoding.codec = "json"
encoding.timestamp_format = "rfc3339"
healthcheck.enabled = false

Elasticsearch output

[sinks.openobserve]
type = "elasticsearch"
inputs = [ source or transform id ]
endpoints = ["http://localhost:5080/api/{organization}/"]
bulk.index = "default"
auth.strategy = "basic"
auth.user = "root@example.com"
auth.password = "password"
compression = "gzip"
healthcheck.enabled = false