Sinks (sinks)

The sinks block configures the sinks (where the data will be sent) that are used by the source or sources.

Note

When syslog is the data source, only one sink can be configured per syslog data source.

yaml
sinks:
  my_other_humio_instance:
    type: humio
    token: <ingest-token_repo1>
    url: https://cloud.us.humio.com
  my_humio_instance:
    type: humio
    token: <ingest-token-repo2> or an environment variable
    url: https://cloud.us.humio.com
    # maxEventSize (default 1MB) sets the max allowed size of a single event in bytes, if exceeded the event will be truncated.
    maxEventSize: 1048576

    # maxBatchSize (default: 16 MB), sets the maximum size in bytes of a batch which is sent to the configured sink.
    # This includes fields as well as event data. If exceeded data will be sent in a subsequent batch.
    maxBatchSize: 16777216

    # auto, none, gzip, deflate, none. Default: auto
    compression: gzip

    # Number between: 1 ... 9.
    #   1 = highest speed
    #   9 = highest compression
    # If unspecified or 0 the default value for the compression algorithm specified in compression is used
    compressionLevel: 9

    # Override default tls configuration
    # Only one of the following options should be used at a time.
    # If multiple are given, the precedence is: 'insecure', 'caCert', 'caFile'.
    tls:
      # Specify insecure to skip certificate validation
      insecure: false

      # Specify caCert to load a PEM certificate from the config file
      caCert: |
        -----BEGIN CERTIFICATE-----
        ...
        -----END CERTIFICATE-----

      # Specify caFile to load PEM certificate from an external file.
      caFile: /etc/ssl/cert.pem
    # Override proxy configuration for the sink. Must be set to 'none' for Windows Server and fleet management.
    # Accepted values: 'system', 'none' or a URL such as: http://127.0.0.1:3129 for an http proxy.
    # Defaults to system, which will try to determine the appropriate proxy or fallback to none.
    proxy: none

The MySinksName is a top level element which contains each of your sink configurations.

Table: Sinks

ParameterTypeRequiredDefault ValueDescription
My Sink Name/sstringoptional[a]  The user defined name for each sink configuration. This name will be referenced in your sources.

[a] Optional parameters use their default value unless explicitly set.


The elements listed in this table define how each sink is configured.

Table: MySinkName

ParameterTypeRequiredDefault ValueDescription
compressionstringoptional[a]auto Specify the type of data compression, possible values: auto, none, gzip, deflate.
compressionLevelintegeroptional[a]false Specify the level of compression where 1 is best speed and 9 is best compression, if set to undefined or 0 the default value for the compression algorithm, specified in compression, is applied.
maxBatchSizeintegeroptional[a]16MB Specifies the max size of batch (default 16MB) and works along with the maximum events per request. The limits are also propagated to all the sources that reference the sink.
maxEventSizeintegeroptional[a]1MB This sets the maximum allowed single event size to 1 MB;larger messages will be truncated.Syslog and syslog TLS logs sources only, if maxEventSize is also defined at source level the lower of the two values will be applied.
proxystringoptional[a]system Set to none for Windows Server or you can specify, if required, an override proxy configuration for the sink, possible values: system, none or a URL such as: http://127.0.0.1:3129 for a http proxy. The default is system, which will try to determine the appropriate proxy or fallback to none.
tlsstringoptional[a]  This object contains details on the PEM certificates. this section allows you to override the defaults. Only one of the following options should be specified:
   Valid Values
   caCertSpecify this key to load a certificate from the config file.
   caFileSpecify this key to load the PEM certificate from an external file.
   insecureSpecify if certificate validation is needed, if set to true the certificate validation is skipped.
tokenstringoptional[a]  Specify the Ingest Tokens for your LogScale repository or an environment variable.
typestringoptional[a]  Specify the type of sink. This can be set to humio or logscale.
   Valid Values
   humio
urlstringoptional[a]  Specify the url of your LogScale account for example https://cloud.humio.com.
workersstringoptional[a]4 Specifies how many workers to use to send to LogScale, under normal circumstances leave this at the default setting, for details refer to Sink Workers

[a] Optional parameters use their default value unless explicitly set.