fluent-bit
Fast and Lightweight Logs, Metrics and Traces processor for Linux, BSD, OSX and Windows
Top Related Projects
Like Prometheus, but for logs.
Logstash - transport and process your logs, events, or other data
The Prometheus monitoring system and time series database.
Agent for collecting, processing, aggregating, and writing metrics, logs, and other arbitrary data.
Quick Overview
Fluent Bit is a fast and lightweight log processor and forwarder. It's designed to collect data from multiple sources, enrich it with filters, and send it to various outputs. Fluent Bit is written in C, has a small memory footprint, and is highly performant, making it ideal for cloud and edge computing scenarios.
Pros
- High performance and low resource usage
- Supports a wide range of input sources and output destinations
- Easily extensible with plugins
- Cross-platform compatibility (Linux, macOS, Windows)
Cons
- Less extensive documentation compared to some alternatives
- Fewer community-contributed plugins than Fluentd
- Configuration can be complex for advanced use cases
- Limited built-in data transformation capabilities
Code Examples
- Basic configuration to collect system logs and send to stdout:
[INPUT]
Name cpu
Tag cpu.local
[OUTPUT]
Name stdout
Match *
- Collecting Docker logs and sending to Elasticsearch:
[INPUT]
Name docker
Tag docker.*
[OUTPUT]
Name es
Match docker.*
Host elasticsearch-host
Port 9200
Index docker_logs
Type _doc
- Using a filter to add Kubernetes metadata:
[INPUT]
Name tail
Path /var/log/containers/*.log
Parser docker
[FILTER]
Name kubernetes
Match kube.*
Kube_URL https://kubernetes.default.svc:443
Kube_CA_File /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
Kube_Token_File /var/run/secrets/kubernetes.io/serviceaccount/token
[OUTPUT]
Name stdout
Match *
Getting Started
-
Install Fluent Bit:
# For Ubuntu/Debian curl https://raw.githubusercontent.com/fluent/fluent-bit/master/install.sh | sh -
Create a basic configuration file (fluent-bit.conf):
[INPUT] Name cpu Tag cpu.local [OUTPUT] Name stdout Match * -
Run Fluent Bit:
fluent-bit -c fluent-bit.conf
This will start Fluent Bit, collecting CPU metrics and printing them to stdout.
Competitor Comparisons
Like Prometheus, but for logs.
Pros of Loki
- Designed specifically for log aggregation and querying, with a focus on efficient storage and retrieval
- Integrates seamlessly with other Grafana ecosystem tools, providing a unified observability platform
- Supports LogQL, a powerful query language tailored for log analysis
Cons of Loki
- Requires additional components (Promtail or other agents) for log collection, unlike Fluent Bit's all-in-one approach
- May have a steeper learning curve for users not familiar with Grafana ecosystem or LogQL
Code Comparison
Loki (LogQL query):
{app="myapp"} |= "error" | json | rate[5m] > 100
Fluent Bit (configuration):
[INPUT]
Name tail
Path /var/log/myapp.log
[FILTER]
Name grep
Match *
Regex message error
[OUTPUT]
Name es
Match *
Host elasticsearch
Port 9200
While Fluent Bit focuses on efficient log collection and forwarding with a simple configuration, Loki emphasizes powerful querying capabilities and integration with the Grafana ecosystem. Fluent Bit is more versatile in terms of input sources and output destinations, while Loki excels in log storage and analysis within the Grafana platform.
Logstash - transport and process your logs, events, or other data
Pros of Logstash
- More extensive plugin ecosystem with a wide range of input, filter, and output options
- Better integration with the Elastic Stack (Elasticsearch, Kibana, Beats)
- Advanced data transformation capabilities with Grok patterns and conditional logic
Cons of Logstash
- Higher resource consumption and slower performance compared to Fluent Bit
- More complex configuration and setup process
- Steeper learning curve for beginners
Code Comparison
Logstash configuration:
input {
file {
path => "/var/log/syslog"
type => "syslog"
}
}
filter {
grok {
match => { "message" => "%{SYSLOGLINE}" }
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
}
}
Fluent Bit configuration:
[INPUT]
Name tail
Path /var/log/syslog
Tag syslog
[OUTPUT]
Name es
Match *
Host localhost
Port 9200
Fluent Bit offers a more lightweight and efficient solution for log collection and forwarding, while Logstash provides more advanced data processing capabilities and better integration with the Elastic Stack. The choice between the two depends on specific use cases and resource constraints.
The Prometheus monitoring system and time series database.
Pros of Prometheus
- More comprehensive monitoring solution with built-in alerting and visualization capabilities
- Powerful query language (PromQL) for data analysis and aggregation
- Extensive ecosystem with wide range of exporters and integrations
Cons of Prometheus
- Higher resource consumption and complexity compared to Fluent Bit
- Less suitable for log collection and forwarding scenarios
- Steeper learning curve for setup and configuration
Code Comparison
Prometheus configuration (prometheus.yml):
global:
scrape_interval: 15s
scrape_configs:
- job_name: 'example'
static_configs:
- targets: ['localhost:8080']
Fluent Bit configuration (fluent-bit.conf):
[INPUT]
Name cpu
Tag cpu.local
[OUTPUT]
Name stdout
Match *
Prometheus focuses on metrics collection and monitoring, while Fluent Bit is designed for efficient log processing and forwarding. Prometheus uses a pull-based model, scraping metrics from targets, whereas Fluent Bit typically uses a push-based approach for log collection. The configuration syntax differs significantly between the two projects, reflecting their distinct purposes and architectures.
Agent for collecting, processing, aggregating, and writing metrics, logs, and other arbitrary data.
Pros of Telegraf
- Wider range of input plugins and integrations
- Native support for InfluxDB and other time-series databases
- More extensive data processing and aggregation capabilities
Cons of Telegraf
- Higher resource consumption
- Steeper learning curve for configuration
- Less optimized for high-throughput log processing
Code Comparison
Fluent Bit configuration:
[INPUT]
Name cpu
Tag cpu.stats
[OUTPUT]
Name stdout
Match *
Telegraf configuration:
[[inputs.cpu]]
percpu = true
totalcpu = true
[[outputs.influxdb]]
urls = ["http://localhost:8086"]
Summary
Telegraf offers a broader range of integrations and data processing capabilities, making it suitable for complex monitoring setups. It excels in collecting metrics and working with time-series databases. Fluent Bit, on the other hand, is more lightweight and efficient for log processing and forwarding. Telegraf's configuration is more verbose but offers greater flexibility, while Fluent Bit's configuration is simpler and more concise. Choose Telegraf for comprehensive metrics collection and processing, and Fluent Bit for efficient log handling in resource-constrained environments.
Convert 
designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
CI Status
| CI Workflow | Status |
|---|---|
Unit Tests (master) |  |
| Integration Tests |  |
| Arm builds |  |
| Latest Release Pipeline |  |
About
Fluent Bit is a lightweight and high-performance Telemetry Agent designed to collect, process, and forward Logs, Metrics, and Traces from any source to any destination.
It's part of the Graduated Fluentd Ecosystem and a CNCF Cloud Native Computing Foundation project.
Fluent Bit supports a wide array of platforms, including Linux, Windows, MacOS, BSD, and Embedded environments, and is built for maximum efficiency with minimal CPU and memory footprint.
ð Roadmap & Maintenance
We follow a fast-paced development cycle, with major releases every 3â4 months.
The active development branch (master) is currently focused on v4.1.
For version-specific maintenance timelines and policies, see our MAINTENANCE.md.
To track upcoming milestones, visit the project roadmap.
Key Features
- â¡ High Performance with low memory footprint
- ð¦ Pluggable Architecture: 70+ built-in plugins for Inputs, Filters, and Outputs
- ð§ SQL Stream Processing: Perform analytics and transformations with SQL queries
- ð Secure Networking: Built-in TLS/SSL support and async I/O
- ð Monitoring: Expose internal metrics over HTTP/Prometheus
- 𧩠Extensibility:
- Write plugins in C, filters in Lua, and outputs in Go
- ð Supports Logs, Metrics, and Traces with unified processing and delivery
Documentation
Our official documentation includes installation guides, plugin usage, developer resources, and more:
ð https://docs.fluentbit.io
Quick Start
Build from source:
cd build
cmake ..
make
bin/fluent-bit -i cpu -o stdout -f 1
More details: Build & Install
Requirements
- CMake >= 3.0
- Flex & Bison
- YAML and OpenSSL headers
Install Fluent Bit
Plugins: Inputs, Filters, Outputs
Fluent Bit is fully modular. It supports:
- Input Plugins: collect logs/metrics/traces
- Filter Plugins: enrich and transform data
- Output Plugins: deliver data to external services
See the full plugin list in our documentation.
ð Production Usage
Fluent Bit is deployed over 10 million times daily and has surpassed 15 billion downloads.
Used by companies like:
Want to add your logo? Open an issue.
Contributing
Fluent Bit is open to community contributions!
- ð¤ Join our community
- ð CONTRIBUTING.md
- ð Developer Guide
Community & Contact
License
Authors
Fluent Bit is a CNCF sub-project, sponsored and maintained by major cloud providers and a growing community of contributors and maintainers from across the Cloud Native ecosystem.
ð See Contributors
Top Related Projects
Like Prometheus, but for logs.
Logstash - transport and process your logs, events, or other data
The Prometheus monitoring system and time series database.
Agent for collecting, processing, aggregating, and writing metrics, logs, and other arbitrary data.
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot