Knowledge BaseRelease NotesRequest Demo

Fluent Bit Configuration Examples

The examples on this page provide common methods to receive data with Fluent Bit and send logs to Panther via an HTTP Source or via an Amazon S3 Source.

In the examples below, log_level trace and output stdout are used to test and debug the configurations. These should be removed once the Fluent Bit configuration is working as expected.

Dummy to a Panther HTTP source

This example uses Fluent Bit's Dummy input to spawn one event per second. This is useful for testing output configurations and getting started with Fluent Bit.

Input: Dummy

Output: HTTP

[SERVICE]
    log_level trace

[INPUT]
    Name dummy
    Dummy {"message": "sample json message", "type": "json"}

[OUTPUT]
    Name       http
    Match      *
    Host       logs.{REDACTED}.runpanther.net
    Port       443
    URI        /http/{REDACTED}
    Header     x-sender-header {REDACTED}
    Format     json_lines
    TLS        On
    TLS.Verify On
    Json_Date_Key false

[OUTPUT]
    Name   stdout
    Match  *

This configuration results in the following:

Tail local file to Amazon S3

This example uses the Tail input to ingest a file locally sent to S3. Multiple files can be provided. See the path setting in the Fluent Bit Tail documentation for more information.

Input: Tail

Output: S3

In the OUTPUT plugin configuration:

  • Usejson_date_key false to disable the appended date key.

  • Use log_key log to specify Fluent Bit to only send the raw log.

With these two settings, the raw input from the log file is sent without Fluent Bit's appended JSON fields.

This configuration results in the following:

TCP to Amazon S3

This example uses the TCP input plugin. This plugin is useful if you need to ship syslog or JSON events to Fluent Bit over the network. The TCP plugin takes the raw payload it receives and forwards it to the Output configuration.

Input: TCP

Output: S3

This configuration results in the following:

TCP to HTTP (Panther)

This example configuration demonstrates receiving logs using the TCP input plugin and sending directly to Panther's HTTP ingest using Fluent Bit's HTTP output plugin.

Input: TCP

Output: HTTP

The use of filters in the configuration below is required in order to keep raw payload as-is when sending the log to the HTTP destination. See the Fluent Bit HTTP output documentation for more information.

This configuration results in the following:

PreviousFluent Bit Onboarding GuideNextFluentd Onboarding Guide

Last updated

Was this helpful?