Skip to main content
Get Vector installed and processing your first events in just a few minutes.

Install Vector

The fastest way to get started:
curl --proto '=https' --tlsv1.2 -sSfL https://sh.vector.dev | bash
This script automatically detects your platform and installs the appropriate package.
See the Installation guide for more installation methods including Kubernetes, APT, YUM, and systemd.

Create Your First Pipeline

Create a file named vector.yaml with this basic configuration:
vector.yaml
# Data source: Generate demo logs
sources:
  demo_logs:
    type: demo_logs
    format: syslog
    interval: 1

# Transform: Parse syslog format
transforms:
  parse_logs:
    type: remap
    inputs:
      - demo_logs
    source: |
      . = parse_syslog!(string!(.message))
      .timestamp = now()

# Data destination: Print to console
sinks:
  console:
    type: console
    inputs:
      - parse_logs
    encoding:
      codec: json
This configuration:
  1. Generates demo syslog data every second
  2. Parses the syslog format into structured JSON
  3. Outputs the results to your console

Run Vector

Start Vector with your configuration: 
vector --config vector.yaml
You should see structured log events being printed to your console: 
{
  "appname": "benefritz",
  "facility": "local1",
  "hostname": "some.machine.com",
  "message": "Hello world",
  "msgid": "ID31",
  "severity": "notice",
  "timestamp": "2024-03-05T10:30:00.000Z"
}
Press Ctrl+C to stop Vector.

Next Steps

Now that you have Vector running, explore these key features:

Core Concepts

Learn about sources, transforms, and sinks

Configuration

Configure Vector for your use case

VRL Basics

Master the Vector Remap Language

Deployment

Deploy Vector in production

Common First Steps

Replace the demo_logs source with a real source like file:
sources:
  app_logs:
    type: file
    include:
      - /var/log/app/*.log
See Sources for all available sources.
Replace the console sink with a production destination:
sinks:
  elasticsearch:
    type: elasticsearch
    inputs:
      - parse_logs
    endpoint: "https://elasticsearch.example.com"
    index: "logs-%Y.%m.%d"
See Sinks for all available sinks.
Enhance your data with additional fields:
transforms:
  enrich:
    type: remap
    inputs:
      - parse_logs
    source: |
      .environment = "production"
      .datacenter = get_hostname()
      .app_version = "2.0.1"
Learn more in the VRL Guide.
Check your configuration before deploying:
vector validate vector.yaml
See Validation for more testing options.

Getting Help

Documentation

Browse the full configuration guide

Community Chat

Join our Discord community

GitHub Issues

Report bugs or request features

Examples

Browse configuration examples

Build docs developers (and LLMs) love

Get started for freeTalk to us