Skip to main content
The http_server source (also available as http) creates an HTTP server that accepts log data via POST requests. It supports authentication, TLS, compression, and multiple encoding formats.

Configuration

[sources.http_endpoint]
type = "http_server"
address = "0.0.0.0:8080"

Parameters

address
string
required
Socket address to listen on. Must include a port.
address = "0.0.0.0:80"
# or
address = "localhost:8080"
path
string
default:"/"
URL path on which to accept requests.
path = "/logs"
strict_path
boolean
default:"true"
Whether to treat the path as absolute or prefix-based.When false, requests to any path starting with path are accepted.
strict_path = false
path = "/api"
# Accepts /api/v1/logs, /api/v2/logs, etc.
method
string
default:"POST"
HTTP method to accept.Options: GET, POST
method = "POST"
response_code
integer
default:"200"
HTTP status code to return on successful requests.
response_code = 202
headers
array
default:"[]"
List of HTTP headers to include in log events. Supports wildcards.
headers = ["User-Agent", "X-Custom-*", "*"]
query_parameters
array
default:"[]"
List of URL query parameters to include in log events. Supports wildcards.
query_parameters = ["source", "environment", "*"]
path_key
string
default:"path"
Field name for the request URL path.
path_key = "request_path"
host_key
string
Field name for the remote IP address.
host_key = "client_ip"
framing
object
Framing configuration for splitting byte streams.
[sources.http.framing]
method = "newline_delimited"
decoding
object
Decoding configuration for parsing messages.
[sources.http.decoding]
codec = "json"
auth
object
HTTP authentication configuration.
[sources.http.auth]
username = "admin"
password = "secret"
tls
object
TLS configuration for HTTPS.
[sources.http.tls]
enabled = true
crt_file = "/path/to/cert.pem"
key_file = "/path/to/key.pem"
acknowledgements
boolean
default:"false"
Enable end-to-end acknowledgements.
acknowledgements = true

Output Schema

The HTTP source produces log events with the following fields:
FieldTypeDescription
messagestringThe decoded request body
pathstringRequest URL path
hoststringClient IP address (if host_key is set)
timestamptimestampWhen the request was received
source_typestringAlways “http_server”
Custom headersvariesHeaders matching the headers configuration
Query parametersvariesParameters matching the query_parameters configuration

Examples

Basic HTTP Server

[sources.http_logs]
type = "http_server"
address = "0.0.0.0:8080"
path = "/logs"

HTTPS with Authentication

[sources.secure_http]
type = "http_server"
address = "0.0.0.0:8443"
path = "/v1/logs"

[sources.secure_http.auth]
username = "vector"
password = "${HTTP_PASSWORD}"

[sources.secure_http.tls]
enabled = true
crt_file = "/etc/vector/tls/server.crt"
key_file = "/etc/vector/tls/server.key"

JSON Decoding with Headers

[sources.json_http]
type = "http_server"
address = "0.0.0.0:8080"
headers = ["User-Agent", "X-Request-ID", "X-Forwarded-For"]

[sources.json_http.decoding]
codec = "json"

Query Parameter Extraction

[sources.parameterized]
type = "http_server"
address = "0.0.0.0:8080"
query_parameters = ["application", "environment", "version"]
path_key = "endpoint"

Multiple Paths with Wildcards

[sources.flexible_http]
type = "http_server"
address = "0.0.0.0:8080"
path = "/api"
strict_path = false
headers = ["*"]
query_parameters = ["*"]

Newline-Delimited Text

[sources.text_http]
type = "http_server"
address = "0.0.0.0:8080"

[sources.text_http.framing]
method = "newline_delimited"

[sources.text_http.decoding]
codec = "bytes"

Custom Response Code

[sources.async_http]
type = "http_server"
address = "0.0.0.0:8080"
response_code = 202
acknowledgements = true

How It Works

Request Processing

  1. Client sends HTTP POST request to the configured path
  2. Vector authenticates the request (if auth is configured)
  3. Request body is decompressed (if Content-Encoding header is present)
  4. Body is decoded according to the framing and decoding configuration
  5. Metadata (headers, query params, path) is added to each event
  6. Events are sent through the pipeline
  7. HTTP response is returned (200 or configured response_code)

Compression

The source automatically decompresses requests with:
  • Content-Encoding: gzip
  • Content-Encoding: deflate
  • Content-Encoding: gzip, deflate (multiple encodings)

Authentication

Basic HTTP authentication is supported: 
Authorization: Basic <base64(username:password)>
Unauthorized requests receive a 401 response.

Acknowledgements

When acknowledgements are enabled:
  • Vector waits for events to be delivered to sinks before responding
  • Failed deliveries result in 400 response
  • Successful deliveries result in configured response_code

Performance

  • Can handle thousands of requests per second
  • Performance depends on request size and decoding complexity
  • Consider using a load balancer for high-traffic scenarios
  • Keep-alive connections improve throughput

Best Practices

  1. Use HTTPS in production with valid certificates
  2. Enable authentication for public-facing endpoints
  3. Configure specific paths rather than accepting all paths
  4. Use acknowledgements = true for critical data
  5. Monitor HTTP error rates via Vector’s internal metrics
  6. Set appropriate response_code for async processing (e.g., 202)
  7. Use wildcard header/query extraction sparingly
  8. Configure rate limiting at the load balancer level
  9. Test failure scenarios to ensure proper error handling
  10. Use structured logging (JSON) for better downstream processing

Sending Data

Using curl

# Plain text
curl -X POST http://localhost:8080/logs \
  -d "This is a log line"

# JSON
curl -X POST http://localhost:8080/logs \
  -H "Content-Type: application/json" \
  -d '{"message": "Hello", "level": "info"}'

# Multiple lines
curl -X POST http://localhost:8080/logs \
  -d "Line 1\nLine 2\nLine 3"

# With authentication
curl -X POST http://localhost:8080/logs \
  -u "username:password" \
  -d "Authenticated log"

Build docs developers (and LLMs) love

Get started for freeTalk to us