ansible-roles/roles/vector/defaults/main.yml

---

vector_base_conf:
  data_dir: /var/lib/vector
  wildcard_matching: relaxed
  sources:
    in_logs_journald:
      type: journald

  transforms:
    route_journald:
      type: route
      inputs: ["in_logs_journald"]
      route:
        dummy: exists(.dummy) && .dummy == "true"
        iptables: exists(._TRANSPORT) && ._TRANSPORT == "kernel" && starts_with(string!(.message), "Firewall:")

    parse_journald_dummy:
      type: remap
      inputs: ["route_journald.dummy"]
      source: |
        # Nothing to do

    parse_journald_iptables:
      type: remap
      inputs: ["route_journald.iptables"]
      source: |
        msg = string!(.message)
        msg = replace(msg, "Firewall: ", "")
        .iptables = parse_key_value!(msg, whitespace:"strict")

    format_logs_journald:
      type: remap
      inputs: ["route_journald._unmatched", "parse_journald_*"]
      source: |
        .group = "system"

    logs_out:
      type: remap
      inputs: ['format_logs_*', 'route_*._unmatched']
      source: |
        # Nothing to do

  sinks:
    sink_blackhole:
      type: blackhole
      inputs:
        - format_logs_out

vector_extra_conf: {}
vector_host_conf: {}
vector_conf: "{{ vector_base_conf | combine(vector_extra_conf, recursive=true) | combine(vector_host_conf, recursive=true)}}"