bash -c "$(curl -L https://setup.vector.dev)"

cat <<EOF >/etc/yum.repos.d/vector.repo
[vector]
name = Vector
baseurl = https://yum.vector.dev/stable/vector-0/$basearch/
enabled=1
gpgcheck=1
repo_gpgcheck=1
priority=1
gpgkey=https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public
       https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public
       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public
EOF

yum install vector
#部分centos不支持高版本，我这里采用的yum install vector-0.39*

data_dir: /var/lib/vector
api:
  enabled: true
  address: 127.0.0.1:8686
  playground: false
sources:
  coredns_logs:
    type: docker_logs
    docker_host: "unix:///var/run/docker.sock"
transforms:
  logs_transform:
    type: remap
    inputs: [coredns_logs]
    drop_on_abort: true
    metric_tag_values: single
    source: |-
      .regex = parse_regex!(.message, r'^\[(?P<level>\w+)\] (?P<client_ip>[\d\.]+):\d+ - (?P<pid>\d+) "(?P<type>\w+) IN (?P<domain_name>[\w\-]+(?:\.[\w\-]+)*)\. udp \d+ (?P<is_public>\w+) \d+" (?P<response_code>\w+) (?P<message>.*)$')
      .level = .regex.level
      .client_ip = .regex.client_ip
      .pid = .regex.pid
      .type = .regex.type
      .domain_name = .regex.domain_name
      .is_public = .regex.is_public
      .response_code = .regex.response_code
      .message = .regex.message
      del(.regex)
      del(.source_type)
      del(.stream)
      del(.label)
sinks:
  elastic:
    type: elasticsearch
    inputs: [logs_transform]
    api_version: auto
    compression: none
    doc_type: _doc
    endpoints: ["https://d1-es.uenpay.com"]
    auth:
      strategy: basic
      user: "elastic"
      password: "elastic"
    id_key: id
    mode: bulk
    bulk:
      index: "coredns-d1-prod-%Y.%m.%d"