search
Knowledge BaseRelease NotesRequest Demo

Fluent Bit Configuration Examples

The examples on this page provide common methods to receive data with Fluent Bit and send logs to Panther via an HTTP Source or via an Amazon S3 Source.

circle-exclamation

In the examples below, log_level trace and output stdout are used to test and debug the configurations. These should be removed once the Fluent Bit configuration is working as expected.

hashtag
Dummy to a Panther HTTP source

This example uses Fluent Bit's Dummy inputarrow-up-right to spawn one event per second. This is useful for testing output configurations and getting started with Fluent Bit.

Input: Dummyarrow-up-right

Output: HTTParrow-up-right

[SERVICE]
    log_level trace

[INPUT]
    Name dummy
    Dummy {"message": "sample json message", "type": "json"}

[OUTPUT]
    Name       http
    Match      *
    Host       logs.{REDACTED}.runpanther.net
    Port       443
    URI        /http/{REDACTED}
    Header     x-sender-header {REDACTED}
    Format     json_lines
    TLS        On
    TLS.Verify On
    Json_Date_Key false

[OUTPUT]
    Name   stdout
    Match  *

This configuration results in the following:

hashtag
Tail local file to Amazon S3

This example uses the Tail input to ingest a file locally sent to S3. Multiple files can be provided. See the path setting in the Fluent Bit Tail documentationarrow-up-right for more information.

Input: Tailarrow-up-right

Output: S3arrow-up-right

circle-info

In the OUTPUT plugin configuration:

  • Usejson_date_key false to disable the appended date key.

  • Use log_key log to specify Fluent Bit to only send the raw log.

With these two settings, the raw input from the log file is sent without Fluent Bit's appended JSON fields.

This configuration results in the following:

hashtag
TCP to Amazon S3

This example uses the TCP input plugin. This plugin is useful if you need to ship syslog or JSON events to Fluent Bit over the network. The TCP plugin takes the raw payload it receives and forwards it to the Output configuration.

Input: TCParrow-up-right

Output: S3arrow-up-right

This configuration results in the following:

hashtag
TCP to HTTP (Panther)

This example configuration demonstrates receiving logs using the TCP input plugin and sending directly to Panther's HTTP ingest using Fluent Bit's HTTP output plugin.

Input: TCParrow-up-right

Output: HTTParrow-up-right

circle-info

The use of filters in the configuration below is required in order to keep raw payload as-is when sending the log to the HTTP destination. See the Fluent Bit HTTP output documentationarrow-up-right for more information.

This configuration results in the following:

PreviousFluent Bit Onboarding GuideNextFluentd Onboarding Guide

Last updated

Was this helpful?