x unknown field `fingerprint`

Sometimes the playbook fails since Vector downloads an alternate config that's a little strange/confusing:

wings@bastion01:~$ cat /etc/vector/vector.toml 
#                                    __   __  __
#                                    \ \ / / / /
#                                     \ V / / /
#                                      \_/  \/
#
#                                    V E C T O R
#                                   Configuration
#
# ------------------------------------------------------------------------------
# Website: https://vector.dev
# Docs: https://vector.dev/docs
# Chat: https://chat.vector.dev
# ------------------------------------------------------------------------------

# Change this to use a non-default directory for Vector data storage:
# data_dir = "/var/lib/vector"

# Random Syslog-formatted logs
[sources.dummy_logs]
type = "demo_logs"
format = "syslog"
interval = 1

# Parse Syslog logs
# See the Vector Remap Language reference for more info: https://vrl.dev
[transforms.parse_logs]
type = "remap"
inputs = ["dummy_logs"]
source = '''
. = parse_syslog!(string!(.message))
'''

# Print parsed logs to stdout
[sinks.print]
type = "console"
inputs = ["parse_logs"]
encoding.codec = "json"

# Vector's GraphQL API (disabled by default)
# Uncomment to try it out with the `vector top` command or
# in your browser at http://localhost:8686
#[api]
#enabled = true
#address = "127.0.0.1:8686"
# BEGIN ANSIBLE MANAGED BLOCK
fingerprint.strategy = "device_and_inode"
include = [
  "/var/log/unattended-upgrades/*.log",
    "/var/log/dist-upgrade/*.log",
    "/var/log/apt/*.log",
    "/var/log/landscape/*.log",
    "/var/log/apache2/*.log",
    "/var/log/journal/*.log",
    "/var/log/journal/6ab79681acbc4e56ba1bf56202611d73/*.log",
    "/var/log/installer/*.log",
    "/var/log/installer/curtin-install/*.log",
    "/var/log/installer/block/*.log",
    "/var/log/*.log"]
# END ANSIBLE MANAGED BLOCK

Running disconnect.yml then connect.yml again against those hosts ends up fixing it. But why it's occurring is a question that remains.

it's the config that comes with the debian package, not "an alternate configuration that is confusing"

On Sun, May 28, 2023 at 4:39 PM Michael @.***> wrote:

Sometimes the playbook fails since Vector downloads an alternate config that's a little strange/confusing:

@.***:~$ cat /etc/vector/vector.toml

__

\ \ / / / /

\ V / / /

_/ \/

#

V E C T O R

Configuration

#

------------------------------------------------------------------------------

Website: https://vector.dev

Docs: https://vector.dev/docs

Chat: https://chat.vector.dev

------------------------------------------------------------------------------

Change this to use a non-default directory for Vector data storage:

data_dir = "/var/lib/vector"

Random Syslog-formatted logs

[sources.dummy_logs] type = "demo_logs" format = "syslog" interval = 1

Parse Syslog logs

See the Vector Remap Language reference for more info: https://vrl.dev

[transforms.parse_logs] type = "remap" inputs = ["dummy_logs"] source = ''' . = parse_syslog!(string!(.message)) '''

Print parsed logs to stdout

[sinks.print] type = "console" inputs = ["parse_logs"] encoding.codec = "json"

Vector's GraphQL API (disabled by default)

Uncomment to try it out with the vector top command or

in your browser at http://localhost:8686

[api]

enabled = true

address = "127.0.0.1:8686"

BEGIN ANSIBLE MANAGED BLOCK

fingerprint.strategy = "device_and_inode" include = [ "/var/log/unattended-upgrades/.log", "/var/log/dist-upgrade/.log", "/var/log/apt/.log", "/var/log/landscape/.log", "/var/log/apache2/.log", "/var/log/journal/.log", "/var/log/journal/6ab79681acbc4e56ba1bf56202611d73/.log", "/var/log/installer/.log", "/var/log/installer/curtin-install/.log", "/var/log/installer/block/.log", "/var/log/*.log"]

END ANSIBLE MANAGED BLOCK

Running disconnect.yml then connect.yml again against those hosts ends up fixing it. But why it's occurring is a question that remains.

— Reply to this email directly, view it on GitHub https://github.com/application-research/logtail-playbook/issues/1, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAKONLGZFCUOYBCYIKKSEYDXIMFL3ANCNFSM6AAAAAAYRWOXLQ . You are receiving this because you are subscribed to this thread.Message ID: @.***>

application-research / logtail-playbook

x unknown field `fingerprint` #1

__

\ \ / / / /

\ V / / /

_/ \/

V E C T O R

Configuration

------------------------------------------------------------------------------

Website: https://vector.dev

Docs: https://vector.dev/docs

Chat: https://chat.vector.dev

------------------------------------------------------------------------------

Change this to use a non-default directory for Vector data storage:

data_dir = "/var/lib/vector"

Random Syslog-formatted logs

Parse Syslog logs

See the Vector Remap Language reference for more info: https://vrl.dev

Print parsed logs to stdout

Vector's GraphQL API (disabled by default)

Uncomment to try it out with the `vector top` command or

in your browser at http://localhost:8686

[api]

enabled = true

address = "127.0.0.1:8686"

BEGIN ANSIBLE MANAGED BLOCK

END ANSIBLE MANAGED BLOCK

application-research / logtail-playbook

x unknown field `fingerprint` #1

__

\ \ / / / /

\ V / / /

_/ \/

V E C T O R

Configuration

------------------------------------------------------------------------------

Website: https://vector.dev

Docs: https://vector.dev/docs

Chat: https://chat.vector.dev

------------------------------------------------------------------------------

Change this to use a non-default directory for Vector data storage:

data_dir = "/var/lib/vector"

Random Syslog-formatted logs

Parse Syslog logs

See the Vector Remap Language reference for more info: https://vrl.dev

Print parsed logs to stdout

Vector's GraphQL API (disabled by default)

Uncomment to try it out with the vector top command or

in your browser at http://localhost:8686

[api]

enabled = true

address = "127.0.0.1:8686"

BEGIN ANSIBLE MANAGED BLOCK

END ANSIBLE MANAGED BLOCK

Uncomment to try it out with the `vector top` command or