John Todd

Does the first filter action remove domains from the processing queue to be considered by the second filter? This gets to one of the points I think I was not...

This is good - I'll look at it on Tuesday when I'm back from travel. Thank you for the quick code changes! I'm not quite clear why the "file-kind" definition...

Hi! Good to understand what you're using for ingestion, though it doesn't look like vector does much with the DNS data itself (the manual doesn't seem to reference any native...

I see a few items embedded here that maybe need taking apart as possible discrete methods to mitigate attacks or misconfiguration fault events. There is the concept of purely volumetric...

Hitting the same problem here, doing the same thing. MMDB->JSON->MMDB. JSON file has ~15m routes/prefixes. Un-possible thus far on any of the systems we have here (512G is max) to...

@james-stevens Sorry if you've already covered this, but what happens if you have multiple dnsdist servers sending traffic at high volumes? What happens if you do an aggregation on input?...

The limit of 600K events/s seems to indicate you've hit some other bottleneck on the system that is outside of Vector. However, the tests you've done do seem to imply...

> Hey John, what's the `dnstap` source ? > > `error=bytes remaining on stream` sounds to me like vector thought there were errors in the frame format The source is...

Update: In my last event instance today, "systemctl restart vector" did clear the error condition.

Another point to notice that I haven't mentioned: the number of errors, once started, seems to be remarkably "flat" despite the number of events being sent to the DNSTAP source...