Logging Made Easy with Docker + Vector

By /

Modern applications generate tons of logs. Efficient log collection, transformation, and forwarding are essential — and that’s where Vector comes in. This blog walks you through setting up Vector inside Docker to collect logs from containers and ship them to a destination like a file or Elasticsearch.

What is Vector?

Vector is a high-performance observability data pipeline that allows you to collect logs, transform them, and send them anywhere — all with minimal resource usage.

Key features:

  • Lightweight and fast (written in Rust)
  • Works with logs and metrics
  • Can run as an agent (on each host) or aggregator (central collector)

Why Use Vector with Docker?

  • Automatically collect container logs
  • Easily scale in containerized environments
  • Consistent logging configuration for all containers

Setup: Vector with Docker

Step 1: Create vector.toml Configuration

# vector.toml
[sources.docker_logs]
type = "docker_logs"

[transforms.json_parser]
type = "remap"
inputs = ["docker_logs"]
source = '''
structured = parse_json!(.message) ?? {}
'''

[sinks.console]
type = "console"
inputs = ["json_parser"]
encoding.codec = "json"

This config:

  • Pulls logs from Docker containers
  • Parses JSON if present
  • Prints logs to the console (you can change this to a file, Elasticsearch, etc.)

Step 2: Run Vector in Docker

docker run -d --name vector \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v $(pwd)/vector.toml:/etc/vector/vector.toml:ro \
  timberio/vector:latest

docker.sock allows Vector to collect logs from running containers.

The vector.toml file is mounted as read-only into the container.

Test It Out

Spin up another container that generates logs:

docker run --rm busybox sh -c "while true; do echo '{\"message\":\"Hello from BusyBox\"}'; sleep 1; done"

Now check the logs:

docker logs -f vector

You should see structured JSON logs!

Real-World Sink Options

You can replace the console sink with:

  • file — Store logs on disk
  • elasticsearch — Forward logs for search & analytics
  • kafka or clickhouse — For big data pipelines

Conclusion

Vector + Docker is a powerful combo for scalable, lightweight log collection and processing. You can extend this setup with transforms, multiple sinks, and even metrics collection.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top