Fluent Bit Onboarding Guide
Forward logs directly to Panther using Fluent Bit
Overview
Fluent Bit is a flexible tool for pushing logs to Panther's HTTP endpoints. You can use Fluent Bit to stream logs to Panther HTTP sources.
Panther-managed integrations using Fluent Bit
Panther offers managed log source integrations leveraging Fluent Bit. Panther manages the schemas associated with these log sources, and provides specialized onboarding instructions.
To onboard any of the below sources, follow the instructions on its page:
How to set up a custom integration using Fluent Bit
If the Panther-managed integrations leveraging Fluent Bit don't fit your use case, you can set up a custom integration using Fluent Bit and a custom schema.
Prerequisites
Follow Fluent Bit's Getting Started with Fluent Bit documentation to set up account forwarding.
Fluent Bit can run on Linux, Windows, Mac, Kubernetes, Docker, and other environments.
Step 1: Create a custom schema in Panther
Follow Panther's instructions for creating a custom schema for your source's logs.
Step 2: Create a HTTP source in Panther
Follow Panther's instructions for configuring an HTTP Source.
For the authentication method, Shared Secret is recommended for its simplicity.
Step 3: Configure Fluent Bit to forward to the HTTP endpoint
Create a new Fluent Bit configuration file by following Fluent Bit's documentation.
Set
[INPUT]
variables.Set
[OUTPUT]
variables:Host: Enter your Panther URL.
Example:
logs.instance-name.runpanther.net
URI: Enter the end of the HTTP Source ingest URL (generated in Step 2 of this process), starting with
/http/
.Example:
/http/cb015ee4-543c-4489-9f4b-testaa16d7a
Header: Enter the header name you created and the secret you generated while configuring your HTTP source in the Panther Console in Step 2.
Name: Set to
http
.TLS: Set to
ON
.Port: Set to
443
.
Start Fluent Bit, passing the path to your new configuration file.
For more examples, see the documentation pages in Panther-managed integrations using Fluent Bit.
Last updated