Wanted to share and invite contributions to the following set of new documentation issues (numbers 2079-2093) we’ve raised around the latest Fluent Bit 4.1 release. Just tag me on anything you want to contribute to and I’d be happy to help you get started! @Pat @k8tgreenley @eduardo @lecaros

From doc it seems that it should not be an issue but fluentbit errors out saying indentation too low

Hey team Can someone review this PR https://github.com/fluent/fluent-bit/pull/10990

Hello ..... if I'm not mistaken, fluent-bit 4.0.x and 4.1.x rpm packages for rhel10/centos10 (ref: https://packages.fluentbit.io/centos/10/) are broken. It looks like they have a dependency to openssl 3.4.0, when the latest openssl version available and delivered by rhel10 is 3.2.2-16. I get this error when trying to start fluent-bit:

/opt/fluent-bit/bin/fluent-bit: symbol lookup error: /opt/fluent-bit/bin/fluent-bit: undefined symbol: EVP_MD_CTX_get_size_ex, version OPENSSL_3.4.0

Anyone with the same problem? Thanks in advance.

Hello! Is there some description on how opentelemetry output treats all non-special JSON fields? Are all of them automatically packed as attributes? Thanks

hello, I have one review and now looking to get https://github.com/fluent/fluent-bit/pull/10949#issuecomment-3376778091 labeled and merged in, can someone take a look?

a8ht66.jpg

Hello everyone, i dont now if it the right place to ask but is there any easy way to parse out all the sysmon fields that in the StringInserts or Message field (using winevtlog input plugin) ?

Hi Team, Fluent-bit pod fails to start, in case syslog output plugin is configured with a non resolvable host. looks like a defect, it should stop whole fluent-bit in case a user configures a invalid syslog. Specially when fluent-bit is doing much more than just a syslog output. [2025/10/09 111004] [ info] [fluent bit] version=4.0.5, commit=d9be919eab, pid=1 [2025/10/09 111004] [ info] [storage] ver=1.5.3, type=memory, sync=normal, checksum=off, max_chunks_up=128 [2025/10/09 111004] [ info] [simd ] SSE2 [2025/10/09 111004] [ info] [cmetrics] version=1.0.4 [2025/10/09 111004] [ info] [ctraces ] version=0.6.6 [2025/10/09 111004] [ info] [inputtailtail.0] initializing [2025/10/09 111004] [ info] [inputtailtail.0] storage_strategy='memory' (memory only) [2025/10/09 111004] [ info] [inputtailtail.0] multiline core started [2025/10/09 111004] [ info] [filterkuberneteskubernetes.0] https=1 host=kubernetes.default.svc port=443 [2025/10/09 111004] [ info] [filterkuberneteskubernetes.0] token updated [2025/10/09 111004] [ info] [filterkuberneteskubernetes.0] local POD info OK [2025/10/09 111004] [ info] [filterkuberneteskubernetes.0] testing connectivity with API server... [2025/10/09 111004] [ info] [filterkuberneteskubernetes.0] connectivity OK [2025/10/09 111004] [ info] [inputemitterk8s_tag_rewriter] initializing [2025/10/09 111004] [ info] [inputemitterk8s_tag_rewriter] storage_strategy='memory' (memory only) [2025/10/09 111004] [ info] [outputstdoutstdout.0] worker #0 started [2025/10/09 111004] [ info] [outputfilefile.1] worker #0 started [2025/10/09 111004] [ warn] net]: getaddrinfo(host='2.2.2.coma'): No address associated with hostname [2025/10/09 111004] [error] [output] failed to initialize 'syslog' plugin [2025/10/09 111004] [error] [engine] output initialization failed [2025/10/09 111005] [ info] [input] pausing tail.0 [2025/10/09 111005] [ info] [input] pausing k8s_tag_rewriter [2025/10/09 111005] [ info] [outputstdoutstdout.0] thread worker #0 stopping... [2025/10/09 111005] [ info] [outputstdoutstdout.0] thread worker #0 stopped [2025/10/09 111005] [ info] [outputfilefile.1] thread worker #0 stopping... [2025/10/09 111005] [ info] [outputfilefile.1] thread worker #0 stopped

Fluent Bit v4.1.1 is out! Release notes: https://fluentbit.io/announcements/v4.1.1/

@eduardo https://docs.fluentbit.io/manual/installation/downloads/windows#installing-from-zip-archive is still referencing the 4.0 release, not 4.1

Hello everybody

Hello, I need to carry out a POC using Grafana Loki, Grafana, and Fluent Bit agents. I need to open the data transfer flows. Does anyone have a diagram showing the ports and protocols used?

Hi I am currently working on consolidating all the telemetry in my project to use fluent-bit and am looking to add support for metric output golang plugins. I have added a GH Issue and have opened up PRs on both the fluent-bit and the fluent-bit-go repositories for adding this support. I would appreciate if I could get a review/feedback on this, and would be happy to discuss any other patterns of support or designs as needed to get this functionality added! Thanks everyone!

Hi, I want a fluentbit filter that would drop only INFO level records that contains keyword "healthcheck" (will apply regex here). Appreciate the help! Sample log

{
  "@timestamp": "2025-10-08T17:47:06.0808Z",
  "level": "DEBUG",
  "message": "healthcheck"
}
{
  "@timestamp": "2025-10-08T17:47:07.1234Z",
  "level": "INFO",
  "message": "healthcheck Application started successfully"
}
{
  "@timestamp": "2025-10-08T17:47:07.1234Z",
  "level": "INFO",
  "message": "health-check test Application started successfully"
}

Expected Output

[0] tail.0: [1760122642.884274043, {"log"=>"{"}]
[1] tail.0: [1760122642.885037709, {"log"=>"  "@timestamp": "2025-10-08T17:47:06.0808Z","}]
[2] tail.0: [1760122642.885040918, {"log"=>"  "level": "DEBUG","}]
[3] tail.0: [1760122642.885042001, {"log"=>"  "message": "healthcheck""}]

fluent-bit.conf

[INPUT]
    Name            tail
    Path            /fluent-bit/etc/log
    Inotify_Watcher false
    Read_from_Head  True

[FILTER]
    Name   grep
    Match  *
    Regex  level  ^INFO$

[FILTER]
    Name    grep
    Match   *
    Exclude message (?i)(healthcheck)

[OUTPUT]
    Name    stdout
    Match   *

Hello guys, I use fluentbit to send audit logs into azureblob storage, when it comes to compression i have to use the

blockblob

type to use blob compression but it sends chuncks of 2.16 KB into the container, so that creates a huge spam? isn't there a way to get less of them with a bugger size ?

Hi All. Is there way we can know the output s3 storage path storage.total_limit_size reaching its limit

If anyone is going to KCD UK next week I'll be presenting so be good to catch up with any FB folks in real life 🙂 kcduk.io

Is it possible to configure fluent-bit to log its own logs (warn/info/debug/etc) to a specific file, instead of stderr, or is output redirection at startup time the only way?

Can someone please help me with multiline parser for these logs. Not able to generate proper multiline parser for same. Its a node service in EKS

Hey folks, I’am facing an issue We started to see drop in logs when there is high traffic when we started to investigate got to know that our log files in /var/log/container is being rotated very frequently by kubelet as kubelet has a policy to rotate log files if it reaches 10Mi, so I’m suspecting when fluentbit is currently reading the file its getting rotated and log is not being forwarded, is there any plugin or config to tackle the issue at scale to read the logs before it gets rotated

With old config format, it was possible tu uses wildcard characters :

@INCLUDE input_*.conf

With new one (yaml) it seem's not. It will be great to have this capabilitie ?

Hey Team, I have a quick question. I’m planning to enable log compression in the fluentbit config and will this switch increase or decrease the memory footprint? I’m factoring in the backpressure as well here. Do let me know. I wanted to hear your thoughts/suggestions.

Hi, or good morning (around CET) 🙂

We have on all nodes (Debian) rsyslog running, which forward logs to fluent-bit and fluent-bit needs to forward logs to a remote rsyslog / graylog / victoriaLogs

Hi,

{
  "timestamp": "2025-10-16 10:27:41.799",
  "level": "INFO",
  "log_session_id": "fbcbcaf7-9172-479f-b1cb-b5f2e1cbc394",
  "fn_id": "LIST_IMAGES",
  "location": "logger.info:152",
  "vm_id": "abc",
  "message": "All records fetched successfully.",
  "time": "2025-10-16T10:27:41.799732772+00:00",
  "stream": "stdout",
  "logtag": "F",
  "kubernetes_pod_name": "bl-db-o-r-pod-59d854848c-gzzgx",
  "kubernetes_namespace_name": "bl-db-o-r",
  "kubernetes_container_name": "bl-db-o-r-pod",
  "tenancy": "child1"
} 

this a log sample that is seen in grafana explore

Below is my fluent bit config

outputs:
        - name: loki
          match: kube*
          host: 10.251.0.55
          port: 80
          labels: service=biz_pod_logs,cluster=$tenancy,sss_status=$sss_status,level=$level
          structured_metadata: pod_name=$kubernetes_pod_name,namespace=$kubernetes_namespace_name,host_ip=${HOST_IP},request_path=$request_path,user_uuid=$user_uuid,vm_id=$vm_id,fn_id=$fn_id
          line_format: json

I see only few of the fields are gettind added as structured metadata specifically these pod_name=$kubernetes_pod_name,namespace=$kubernetes_namespace_name,host_ip=${HOST_IP} when i visit drill down i only see above fileds in structured metadata and rest are missing in both structured metadata and json fields. Am i configuring it wrong or missing something while trying to capture it as structured metadata. Thanks

hi, again

I have the same issue, with tail, but for "normal" logs, created by rsyslog. I want to send also all logs to Graylog, but I was not able to get it working, neither via systemd, nor over tail and /var/log/*.log ...