From b7f807fa855138353b61116d9bf4ee39ba9d2a57 Mon Sep 17 00:00:00 2001
From: Sam Calder-Mason <sam@puritydev.io>
Date: Tue, 12 May 2026 11:27:00 +1000
Subject: [PATCH 1/2] vector: ship logs to clickhouse logs-ingest instead of
 loki

Replaces the loki sink in the vector template config with a remap
transform + http sink that posts to platform's logs-external
clickhouse pipeline at logs-ingest.analytics.production.platform.ethpandaops.io.
Reuses secret_loki credentials since the same VMAuth backend fronts
both ingresses.

New devnets generated from this template will ship logs straight to
clickhouse. This mirrors the rollout already done in glamsterdam-devnet-3
(all hosts) and bal-devnet-6 (bootnode-1) where it has been verified
end-to-end.
---
 .../devnet-0/group_vars/all/all.yaml          | 42 ++++++++++++-------
 1 file changed, 26 insertions(+), 16 deletions(-)

diff --git a/ansible/inventories/devnet-0/group_vars/all/all.yaml b/ansible/inventories/devnet-0/group_vars/all/all.yaml
index 0a83f3d..0d429cc 100644
--- a/ansible/inventories/devnet-0/group_vars/all/all.yaml
+++ b/ansible/inventories/devnet-0/group_vars/all/all.yaml
@@ -274,6 +274,9 @@ docker_nginx_proxy_wildcard_cert_url: "http://cert.{{ network_server_subdomain }
 docker_nginx_proxy_wildcard_cert_psk: "{{ secret_cert_encryption_psk }}"
 
 # role: ethpandaops.general.vector
+# Ship docker logs to platform's ClickHouse logs-external pipeline.
+# Reuses secret_loki credentials — the same VMAuth backend fronts both ingresses.
+clickhouse_logs_endpoint: "https://logs-ingest.analytics.production.platform.ethpandaops.io"
 vector_config: |
   [sources.in]
     type = "docker_logs"
@@ -286,24 +289,31 @@ vector_config: |
       "snooper-",
     ]
 
-  [sinks.out]
-    type = "loki"
+  [transforms.clickhouse_shape]
+    type = "remap"
     inputs = ["in"]
-    out_of_order_action = "accept"
-    labels.forwarder = "vector"
-    labels.instance = "{{ inventory_hostname }}"
-    labels.network = "{{ ethereum_network_name }}"
-    labels.testnet = "{{ ethereum_network_name }}"
-    labels.ingress_user = "{{ secret_loki.username }}"
-    labels.container_name = "{{ '{{ container_name }}' }}"
-  {%- if ethereum_node_el is defined +%}
-    labels.ethereum_el = "{{ ethereum_node_el }}"
-  {%- endif +%}
-  {%- if ethereum_node_cl is defined +%}
-    labels.ethereum_cl = "{{ ethereum_node_cl }}"
-  {%- endif +%}
+    source = '''
+      .IngressUser = "{{ secret_loki.username }}"
+      .Namespace   = ""
+      .Pod         = ""
+      .Container   = string(.container_name) ?? ""
+      .Node        = "{{ inventory_hostname }}"
+      .Stream      = string(.stream) ?? ""
+      .Message     = string(.message) ?? ""
+      .Timestamp   = .timestamp
+      del(.container_name); del(.container_id); del(.container_created_at)
+      del(.image); del(.host); del(.label); del(.source_type)
+      del(.stream); del(.message); del(.timestamp)
+    '''
+
+  [sinks.clickhouse_logs]
+    type = "http"
+    inputs = ["clickhouse_shape"]
+    uri = "{{ clickhouse_logs_endpoint }}"
+    method = "post"
     encoding.codec = "json"
-    endpoint = "{{ secret_loki.endpoint }}"
     auth.strategy = "basic"
     auth.user = "{{ secret_loki.username }}"
     auth.password = "{{ secret_loki.password }}"
+    batch.max_events = 5000
+    batch.timeout_secs = 3

From 46a8c4aad11dd0cbf97aa553e16b6560a949f6ed Mon Sep 17 00:00:00 2001
From: Sam Calder-Mason <sam@puritydev.io>
Date: Tue, 12 May 2026 11:31:36 +1000
Subject: [PATCH 2/2] remove comments

---
 ansible/inventories/devnet-0/group_vars/all/all.yaml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/ansible/inventories/devnet-0/group_vars/all/all.yaml b/ansible/inventories/devnet-0/group_vars/all/all.yaml
index 0d429cc..0b68823 100644
--- a/ansible/inventories/devnet-0/group_vars/all/all.yaml
+++ b/ansible/inventories/devnet-0/group_vars/all/all.yaml
@@ -274,8 +274,6 @@ docker_nginx_proxy_wildcard_cert_url: "http://cert.{{ network_server_subdomain }
 docker_nginx_proxy_wildcard_cert_psk: "{{ secret_cert_encryption_psk }}"
 
 # role: ethpandaops.general.vector
-# Ship docker logs to platform's ClickHouse logs-external pipeline.
-# Reuses secret_loki credentials — the same VMAuth backend fronts both ingresses.
 clickhouse_logs_endpoint: "https://logs-ingest.analytics.production.platform.ethpandaops.io"
 vector_config: |
   [sources.in]