also it looks like the prometheus_exporter just ignores anything in the query URI providing it ends in

/metrics

- is this expected?

[aelwell@admiral ~]$ curl -s <http://127.0.0.1:2021/blah/randomshit../../../../../../../../metrics> | head
# HELP fluentbit_uptime Number of seconds that Fluent Bit has been running.
# TYPE fluentbit_uptime counter
fluentbit_uptime{hostname="admiral"} 122936
# HELP fluentbit_logger_logs_total Total number of logs
# TYPE fluentbit_logger_logs_total counter
fluentbit_logger_logs_total{message_type="error"} 0
fluentbit_logger_logs_total{message_type="warn"} 0
fluentbit_logger_logs_total{message_type="info"} 20
fluentbit_logger_logs_total{message_type="debug"} 0
fluentbit_logger_logs_total{message_type="trace"} 0

ah, there's a choice of only

static void cb_metrics(mk_request_t *request, void *data)
static void cb_root(mk_request_t *request, void *data)

Anyone experienced in compiling and testing on Mac with M2 (macos apple silicone)? I'm running this

cd build && cmake .. -DFLB_TESTS_RUNTIME=On && make

and getting lib_crypto issues:

Undefined symbols for architecture arm64:
  "_EVP_MD_size", referenced from:
      _flb_hmac_init in flb_hmac.c.o
      _flb_hash_init in flb_hash.c.o
  "_EVP_PKEY_size", referenced from:
      _flb_crypto_init in flb_crypto.c.o
ld: symbol(s) not found for architecture arm64
clang++: error: linker command failed with exit code 1 (use -v to see invocation)
make[2]: *** [lib/libfluent-bit.dylib] Error 1
make[1]: *** [src/CMakeFiles/fluent-bit-shared.dir/all] Error 2
make: *** [all] Error 2

Hi team, What is the general opinion in the community around using fluentbit for all telemetry including logs, specifically metrics? Do you know if people are more inclined to use otel-collector for metrics or is fluent-bit also used extensively?

hi team, We are facing data loss when fluent bit is restarted - the logs produced between stopping and starting of the fluent bit agent are lost, we noticed that the db entry gets deleted and recreated every time. Please find the details below Host : amazon linux 2 Architecture : x86_64 Fluent bit version : 3.2.10 Input config :

[INPUT]
    Name tail
    Path /var/log/cloud-init.log
    Buffer_Max_Size 128k
    Mem_Buf_Limit 16384k
    Skip_Long_Lines On
    Path_Key filePath
    Tag  cloud-init.log
    DB   /var/db/newrelic-infra/newrelic-integrations/logging/fb.db

[INPUT]
    Name tail
    Path /var/log/messages
    Buffer_Max_Size 128k
    Mem_Buf_Limit 16384k
    Skip_Long_Lines On
    Path_Key filePath
    Tag  messages
    DB   /var/db/newrelic-infra/newrelic-integrations/logging/fb.db

[INPUT]
    Name tail
    Path /var/log/secure
    Buffer_Max_Size 128k
    Mem_Buf_Limit 16384k
    Skip_Long_Lines On
    Path_Key filePath
    Tag  secure
    DB   /var/db/newrelic-infra/newrelic-integrations/logging/fb.db

[INPUT]
    Name tail
    Path /var/log/yum.log
    Buffer_Max_Size 128k
    Mem_Buf_Limit 16384k
    Skip_Long_Lines On
    Path_Key filePath
    Tag  yum.log
    DB   /var/db/newrelic-infra/newrelic-integrations/logging/fb.db

[INPUT]
    Name tail
    Path /root/.newrelic/newrelic-cli.log
    Buffer_Max_Size 128k
    Mem_Buf_Limit 16384k
    Skip_Long_Lines On
    Path_Key filePath
    Tag  newrelic-cli.log
    DB   /var/db/newrelic-infra/newrelic-integrations/logging/fb.db

Before Agent stops (fb.db):



sqlite> select * from in_tail_files where name = '/var/log/test.log';
id|name|offset|inode|created|rotated
33|/var/log/test.log|85|12713160|1762270005|0
After Infrastructure Agent starts (fb.db):


After Agent starts 

sqlite> select * from in_tail_files where name = '/var/log/test.log';
id|name|offset|inode|created|rotated
41|/var/log/test.log|114|12713160|1762271396|0

Please notice the change in created at time stamp We tried the same on other Operating Systems and architectures but they all seem to be working fine.

All - Ive posted a few blogs about recent features for Fluent Bit, with another coming today - https://blog.mp3monster.org/category/technology/fluentbit/

Fluentbit.io (including packages) is down because of cloudflare outage fyi. As far as understand not from every location but if you see issues heads up. https://www.cloudflarestatus.com/incidents/8gmgl950y3h7

Hi All, im new to fluent-bit and have maybe a total dumb question. It seems, that all file hashes of https://docs.fluentbit.io/manual/installation/downloads/windows#installation-packages are wrong. I double checked it with Virustotal (just for the hashes and to make sure, its not my local configuration): https://www.virustotal.com/gui/url/a7ae85576659a037af666cfe234cda369f9738977977929e217a7805a2395d8b/details It would be great if anyone can explain or confirm. Thanks Denis

Anyone else noticed systemd input causing fairly large increase in virtual memory used by the fluent-bit process? Without systemd-input:

USER         PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root      105637  0.3  1.1 133760 43556 ?        Ssl  08:51   0:00 /opt/fluent-bit/bin/fluent-bit -c /etc/fluent-bit/fluent-bit.yaml

With systemd-input

USER         PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root      105691  0.6  1.6 614252 63588 ?        Ssl  08:52   0:00 /opt/fluent-bit/bin/fluent-bit -c /etc/fluent-bit/fluent-bit.yaml

systemd-input configuration

pipeline:
  inputs:
    ...
    - name: systemd
      tag: 'log.systemd.*'
      db: /var/spool/fluent-bit/logs.db
      lowercase: true
      strip_underscores: true
      mem_buf_limit: 50MB
      storage.type: memory
    ...

hi

I try to read logs from systemd for vault.service .. but I'm not able to send output to Graylog / Victoria-logs. I don't see anything coming. I use something like: /insert/jsonline?_msg_field=log and Gelf_Short_Message_Key: log. Can it be, that I need to use something different?

I’m looking to implement an inline hostname-to-IP mapping inside Fluent Bit. For example: Device = {"mylaptop": "192.168.0.100"} The goal is to enrich incoming logs by injecting a device_ip field based on this lookup. What’s the most efficient and scalable approach to achieve this—is there a more optimal native method within Fluent Bit’s pipeline?

Next question 🙂 My default input is also syslog and I see, that I also get logs from haproxy in it, which I'm reading already via tail .. what is the best way to drop messages with "tag: haproxy" ? Input is:

pipeline:
  inputs:
    - name: syslog
      listen: 127.0.0.1
      port: 5140
      parser: syslog_rfc3339
      tag: syslog
      mode: udp
      buffer_chunk_size: 32000
      buffer_max_size: 64000
      receive_buffer_size: 512000

?

Hello all, I am deploying FluentBit on an Azure Kubernetes Service cluster, aiming to collect logs per namespace. The deployment is via Terragrunt, Terraform and HELM. Currently I am able to deliver with OUTPUT "azure", but that only records to Analytics tables in the Log Analytics. Hence, the aim is that FluentBit directs its logs to Basic tables within particular Log Analytics instances. My struggles: • Lowering the volumes and amounts of unwanted data (metadata) to be delivered - may be my FILTER is weak? Or the PARSER?! • Delivering to Basic tables within a Log Analytics - I am trying to use the "azure_logs_ingestion" OUTPUT, but for some reason I am receiving the errors per the screenshot. Any help will be highly valuable and if by any chance I get to speak to someone. P.S. I am new to Slack, so please have it in mind. Thank you all in advance! 🙂

My first Fluent Bit code PR ready for review: https://github.com/fluent/fluent-bit/pull/11192

<!here> 🚨 Fluent Bit Community Meetup – is starting now! Come join us for a casual meetup where we’ll cover: • KubeCon + CloudNativeCon NA 2025 • Highlights from sessions and demos • Fluent Bit v4.2 updates & what’s next • Real-world lessons from the community Bring your stories, questions, and curiosity—see you there! 🎉 📍 https://chronosphere-io.zoom.us/j/83395081381?pwd=CHTz2UNyyBOzC4giPDBeGljbzVPvpg.1

On a bit of a roll, dealing with issues (closing) now that I’m back in my home office: • https://github.com/fluent/fluent-bit-docs/issues/2181 • https://github.com/fluent/fluent-bit-docs/issues/2184 (also back ported to 4.1) • https://github.com/fluent/fluent-bit-docs/issues/2185

Just a note, we recently released AWS for Fluent Bit 3.1.0 which includes fluent-bit 4.2.0

Took a swing at adding rather extensive documentation for the new Fluent Bit 4.2 conditional routing features alongside the traditional tag-based routing, see what you think or if I am missing anything (it covers examples for all supported telemetry types): https://docs.fluentbit.io/manual/data-pipeline/router

Raised an issue (https://github.com/fluent/fluent-bit/issues/11204) and provided corresponding code PR for review: https://github.com/fluent/fluent-bit/pull/11206

Good morning, I have issues with GELF output, and for some messages I get that short_message is missing, or

Unrecognized character escape 'C' (code 67)

and I have no idea .. which messages, because Graylog dropping them. So I need a way to get the exact output, which the Graylog gets. I tried TCPdump, but because the host gets so many messages, that I can't see, which one is the problematic one.

Starting to track the docs updates with a Fluent Bit 4.2 milestone, follow along and jump in if you like on any of the open issues!

During Fluent Bit Docs work I ran across in_ebpf missing descriptions for configuration parameters, submitted PR: https://github.com/fluent/fluent-bit/pull/11222 for review. Found another one in_elasticsearch, submitted PR: https://github.com/fluent/fluent-bit/pull/11226 for review!

Wasi input plugin bug fix PR for review: https://github.com/fluent/fluent-bit/pull/11233

Hi, I recently had this PR approved. Can someone help me get this merged or provide a timeline for merge and eventually release?

is the general consensus that if you're using fluentd, you should migrate to fluent bit?

Fixed more config parameter issues in Forward input plugin, PR for review: https://github.com/fluent/fluent-bit/pull/11235

Improvements to GPU Metrics input plugin config parameters, PR for review: https://github.com/fluent/fluent-bit/pull/11237

Fixed config parameter issues for HTTP input plugin, PR for review: https://github.com/fluent/fluent-bit/pull/11240

Hi, I'm using fluentbit v4.1.1. I see the below log entry in kernel logs. Is this expected and how to fix or get rid of this?

kern.warning <4> Nov 20 06:36:25 <kernel:> [  566.350059][T21501] process '/fluent-bit/bin/fluent-bit' started with executable stack

hi team, I noticed that the latest version available for Windows 2019 docker image is fluentbit 4.0.3. And recently some CVEs were patched in fluent bit 4.2.0. Are there any plans to release an image for this?