Output Types
Support status lives in the YAML Reference. This page focuses on usage notes and examples.
Send logs as OpenTelemetry protobuf over HTTP or gRPC.
output: type: otlp endpoint: https://collector:4318/v1/logs protocol: http # http | grpc compression: zstd # zstd | gzip | none auth: bearer_token: "${OTEL_TOKEN}"The endpoint must include the full path (e.g. /v1/logs for HTTP). FastForward posts directly to this URL.
POST newline-delimited JSON to any HTTP endpoint. Each Arrow RecordBatch is serialized as one JSON object per row.
output: type: http endpoint: https://logging-service:9200 compression: zstd # zstd | gzip | none auth: headers: X-API-Key: "${API_KEY}"| Field | Type | Required | Default | Description |
|---|---|---|---|---|
endpoint | string | Yes | — | Full URL to POST logs to |
compression | enum | No | none | zstd, gzip, or none; invalid values are rejected while parsing config |
auth | object | No | — | Bearer token or custom headers |
Print to stdout for debugging/testing.
output: type: stdout format: console # console | json | text- console: Colored, human-readable (timestamp, level, message, key=value pairs)
- json: One JSON object per line (machine-parseable)
- text: Raw text (uses
bodycolumn if available)
Ship logs to Elasticsearch via the Bulk API.
output: type: elasticsearch endpoint: https://es-cluster:9200 index: logs # default: "logs" compression: gzip # gzip | none (optional) request_mode: buffered # buffered | streaming (optional, default buffered)- Bulk API: Per-document error handling with automatic retries.
- Batch splitting: Large payloads are split automatically to stay within Elasticsearch limits.
- Compression: Optional gzip compression for reduced network usage.
- Streaming mode: Experimental chunked HTTP request bodies for benchmarking against hosted/serverless clusters.
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
endpoint | string | Yes | — | Elasticsearch URL |
index | string | No | logs | Target index name |
compression | enum | No | none | gzip or none; zstd is rejected for Elasticsearch by validation |
request_mode | enum | No | buffered | buffered or experimental streaming; invalid values are rejected while parsing config (streaming currently requires compression: none) |
auth | object | No | — | Bearer token or custom headers |
Bulk payloads are split before they exceed 5242880 bytes (5 MiB). That limit is internal and is not a YAML field.
Push logs to Grafana Loki with automatic label grouping.
output: type: loki endpoint: http://loki:3100 tenant_id: team-a static_labels: app: ffwd env: prod label_columns: [service, level]When label_columns or static_labels are used, FastForward sanitizes label keys
into Loki-compatible names. Configurations are rejected if two source columns,
two static_labels entries, or a source column and a static_labels entry
would collapse to the same sanitized Loki label key.
| Field | Type | Required | Description |
|---|---|---|---|
endpoint | string | Yes | Loki base URL |
tenant_id | string | No | Optional X-Scope-OrgID value for multi-tenant Loki |
static_labels | map[string,string] | No | Static labels attached to every stream |
label_columns | array[string] | No | Log columns to include as labels |
auth | object | No | Bearer token or custom headers |
compression is not supported for Loki outputs.
Use the plural outputs key for fan-out to multiple destinations.
outputs: - name: collector type: otlp endpoint: https://collector:4318/v1/logs - name: debug type: stdout format: consoleThe same destination-only shape works with ff send for finite stdin workflows.