search
Knowledge BaseRelease NotesRequest Demo

Fluent Bit Onboarding Guide

Forward logs directly to Panther using Fluent Bit

hashtag
Overview

Fluent Bit is a flexible tool for pushing logs to Panther's HTTP endpoints. You can use Fluent Bit to stream logs to Panther HTTP sources.

hashtag
Panther-managed integrations using Fluent Bit

Panther offers managed log source integrations leveraging Fluent Bit. Panther manages the schemas associated with these log sources, and provides specialized onboarding instructions.

To onboard any of the below sources, follow the instructions on its page:

hashtag
How to set up a custom integration using Fluent Bit

If the Panther-managed integrations leveraging Fluent Bit don't fit your use case, you can set up a custom integration using Fluent Bit and a custom schema.

hashtag
Prerequisites

hashtag
Step 1: Create a custom schema in Panther

hashtag
Step 2: Create a HTTP source in Panther

hashtag
Step 3: Configure Fluent Bit to forward to the HTTP endpoint

  1. Create a new Fluent Bit configuration file by following Fluent Bit's documentationarrow-up-right.

    • Set [INPUT] variables.

    • Set [OUTPUT] variables:

      • Host: Enter your Panther URL.

        • Example: logs.instance-name.runpanther.net

      • URI: Enter the end of the HTTP Source ingest URL (generated in Step 2 of this process), starting with /http/.

        • Example: /http/cb015ee4-543c-4489-9f4b-testaa16d7a

      • Header: Enter the header name you created and the secret you generated while configuring your HTTP source in the Panther Console in Step 2.

      • Name: Set to http.

      • TLS: Set to ON.

      • Port: Set to 443.

  2. Start Fluent Bit, passing the path to your new configuration file.

PreviousCribl Onboarding GuideNextFluentd Onboarding Guide

Last updated

Was this helpful?