ansible-roles/roles/httpd_common/templates/vector.yml.j2

---

sources:
  in_logs_httpd:
    type: file
    include: ["/var/log/httpd/access_log", "/var/log/httpd/error_log"]

transforms:
  format_logs_httpd:
    type: remap
    inputs: ["in_logs_httpd"]
    source: |
      if (.file == "/var/log/httpd/access_log"){
        .http = parse_grok!(.message, "%{HOSTNAME:host} %{HTTPD_COMBINEDLOG}")
      }
      if (.file == "/var/log/httpd/error_log"){
        .http = parse_apache_log!(.message, format:"error")
      }
      .timestamp = parse_timestamp(del(.http.timestamp), format: "%d/%h/%Y:%H:%M:%S %z") ?? now()
      .service = "httpd"
      .group   = "web"
Update to 2025-07-04 09:00 2025-07-04 09:00:19 +02:00			`---`

			`sources:`
			`in_logs_httpd:`
			`type: file`
			`include: ["/var/log/httpd/access_log", "/var/log/httpd/error_log"]`

			`transforms:`
			`format_logs_httpd:`
			`type: remap`
			`inputs: ["in_logs_httpd"]`
			`source: \|`
			`if (.file == "/var/log/httpd/access_log"){`
			`.http = parse_grok!(.message, "%{HOSTNAME:host} %{HTTPD_COMBINEDLOG}")`
			`}`
			`if (.file == "/var/log/httpd/error_log"){`
			`.http = parse_apache_log!(.message, format:"error")`
			`}`
Update to 2025-07-28 13:00 2025-07-28 13:00:23 +02:00			`.timestamp = parse_timestamp(del(.http.timestamp), format: "%d/%h/%Y:%H:%M:%S %z") ?? now()`
Update to 2025-07-04 09:00 2025-07-04 09:00:19 +02:00			`.service = "httpd"`
			`.group = "web"`