Configuration

Reveald is configured with a single JSON file. The file uses HUJSON format, which extends JSON with support for comments and trailing commas.

Config file structure

A reveald config has two top-level keys: sources and destinations. Both are maps where each entry has a unique name and a type field that determines which source or destination is used.

{
  // Sources collect logs from the host
  "sources": {
    "my-source-name": {
      "type": "file",
      "path": "/var/log/app/",
      "extension": ".log"
    }
  },
  // Destinations forward collected events
  "destinations": {
    "my-destination-name": {
      "type": "runreveal",
      "webhookURL": "https://api.runreveal.com/sources/reveald/webhook/..."
    }
  }
}

The source and destination names (e.g. "my-source-name") are identifiers used in logging and metrics. Choose descriptive names.

Every source feeds every destination --- all events from all sources are delivered to all configured destinations.

Environment variables

Sensitive values like webhook URLs and API keys can be referenced as environment variables. Prefix the value with $ and use a valid environment variable name:

{
  "destinations": {
    "runreveal": {
      "type": "runreveal",
      "webhookURL": "$WEBHOOK_URL"
    }
  }
}

Then set the variable before running reveald:

export WEBHOOK_URL="https://api.runreveal.com/sources/reveald/webhook/..."
reveald run --config config.json

Environment variable substitution requires the entire value to be a $VARIABLE reference. Inline interpolation like "https://host/$PATH" is not supported.

Default config path

The default config path is /etc/reveald/config.json. Override it with the --config or -c flag:

reveald run --config /opt/reveald/config.json
reveald run -c ./config.json

Debug logging

Set the RUNREVEAL_DEBUG environment variable to enable debug-level logging:

RUNREVEAL_DEBUG=1 reveald run --config config.json

Multiple sources and destinations

You can define as many sources and destinations as needed. Each runs concurrently:

{
  "sources": {
    "kubernetes-pods": {
      "type": "file",
      "path": "/var/log/pods/",
      "extension": ".log",
      "recursive": true
    },
    "system-journal": {
      "type": "journald"
    },
    "nginx": {
      "type": "nginx_syslog",
      "addr": "0.0.0.0:5514"
    }
  },
  "destinations": {
    "runreveal": {
      "type": "runreveal",
      "webhookURL": "$WEBHOOK_URL",
      "batchSize": 200,
      "flushFreq": "10s"
    },
    "archive": {
      "type": "s3",
      "bucketName": "my-log-archive",
      "bucketRegion": "us-west-2"
    }
  }
}

High-watermark files

Reveald persists read positions so it can resume after restarts without reprocessing logs:

Source	Watermark file
`file`	`~/.config/reveald/watcher-hwm.json`
`cri`	`~/.config/reveald/cri-hwm.json`
`journald`	`~/.config/reveald/kawad-journald-hwm`

These files are created automatically. If you need a clean start, stop reveald and delete the relevant watermark file.

Full example

Here is a production-ready configuration collecting from multiple sources:

{
  // Collect application logs, journald, and nginx access logs
  "sources": {
    "app": {
      "type": "file",
      "path": "/var/log/app/",
      "extension": ".log",
    },
    "journal": {
      "type": "journald",
    },
    "nginx": {
      "type": "nginx_syslog",
      "addr": "0.0.0.0:5514",
    },
  },
  "destinations": {
    "runreveal": {
      "type": "runreveal",
      "webhookURL": "$WEBHOOK_URL",
      "batchSize": 100,
      "flushFreq": "15s",
    },
  },
}

Sources --- All source type options
Destinations --- All destination type options
Processors --- Transform events before forwarding

On this page