fluent-bit

Fast and Lightweight Logs and Metrics processor for Linux, BSD, OSX and Windows

5,723

1,557

5,723

626

View on GitHub

Top Related Projects

logstash

14,203

Logstash - transport and process your logs, events, or other data

prometheus

54,803

The Prometheus monitoring system and time series database.

telegraf

14,466

Agent for collecting, processing, aggregating, and writing metrics, logs, and other arbitrary data.

Quick Overview

Fluent Bit is a fast and lightweight log processor and forwarder. It's designed to collect data from multiple sources, enrich it with filters, and send it to various outputs. Fluent Bit is written in C, has a small memory footprint, and is highly performant, making it ideal for cloud and edge computing scenarios.

Pros

High performance and low resource usage
Supports a wide range of input sources and output destinations
Easily extensible with plugins
Cross-platform compatibility (Linux, macOS, Windows)

Cons

Less extensive documentation compared to some alternatives
Fewer community-contributed plugins than Fluentd
Configuration can be complex for advanced use cases
Limited built-in data transformation capabilities

Code Examples

Basic configuration to collect system logs and send to stdout:

[INPUT]
    Name   cpu
    Tag    cpu.local

[OUTPUT]
    Name   stdout
    Match  *

Collecting Docker logs and sending to Elasticsearch:

[INPUT]
    Name        docker
    Tag         docker.*

[OUTPUT]
    Name        es
    Match       docker.*
    Host        elasticsearch-host
    Port        9200
    Index       docker_logs
    Type        _doc

Using a filter to add Kubernetes metadata:

[INPUT]
    Name        tail
    Path        /var/log/containers/*.log
    Parser      docker

[FILTER]
    Name        kubernetes
    Match       kube.*
    Kube_URL    https://kubernetes.default.svc:443
    Kube_CA_File    /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
    Kube_Token_File /var/run/secrets/kubernetes.io/serviceaccount/token

[OUTPUT]
    Name        stdout
    Match       *

Getting Started

Install Fluent Bit:

# For Ubuntu/Debian
curl https://raw.githubusercontent.com/fluent/fluent-bit/master/install.sh | sh

Create a basic configuration file (fluent-bit.conf):

[INPUT]
    Name   cpu
    Tag    cpu.local

[OUTPUT]
    Name   stdout
    Match  *

Run Fluent Bit:
```
fluent-bit -c fluent-bit.conf
```

This will start Fluent Bit, collecting CPU metrics and printing them to stdout.

Competitor Comparisons

loki

23,621

Like Prometheus, but for logs.

Pros of Loki

Designed specifically for log aggregation and querying, with a focus on efficient storage and retrieval
Integrates seamlessly with other Grafana ecosystem tools, providing a unified observability platform
Supports LogQL, a powerful query language tailored for log analysis

Cons of Loki

Requires additional components (Promtail or other agents) for log collection, unlike Fluent Bit's all-in-one approach
May have a steeper learning curve for users not familiar with Grafana ecosystem or LogQL

Code Comparison

Loki (LogQL query):

{app="myapp"} |= "error" | json | rate[5m] > 100

Fluent Bit (configuration):

[INPUT]
    Name   tail
    Path   /var/log/myapp.log

[FILTER]
    Name   grep
    Match  *
    Regex  message error

[OUTPUT]
    Name   es
    Match  *
    Host   elasticsearch
    Port   9200

While Fluent Bit focuses on efficient log collection and forwarding with a simple configuration, Loki emphasizes powerful querying capabilities and integration with the Grafana ecosystem. Fluent Bit is more versatile in terms of input sources and output destinations, while Loki excels in log storage and analysis within the Grafana platform.

logstash

14,203

Logstash - transport and process your logs, events, or other data

Pros of Logstash

More extensive plugin ecosystem with a wide range of input, filter, and output options
Better integration with the Elastic Stack (Elasticsearch, Kibana, Beats)
Advanced data transformation capabilities with Grok patterns and conditional logic

Cons of Logstash

Higher resource consumption and slower performance compared to Fluent Bit
More complex configuration and setup process
Steeper learning curve for beginners

Code Comparison

Logstash configuration:

input {
  file {
    path => "/var/log/syslog"
    type => "syslog"
  }
}
filter {
  grok {
    match => { "message" => "%{SYSLOGLINE}" }
  }
}
output {
  elasticsearch {
    hosts => ["localhost:9200"]
  }
}

Fluent Bit configuration:

[INPUT]
    Name   tail
    Path   /var/log/syslog
    Tag    syslog

[OUTPUT]
    Name  es
    Match *
    Host  localhost
    Port  9200

Fluent Bit offers a more lightweight and efficient solution for log collection and forwarding, while Logstash provides more advanced data processing capabilities and better integration with the Elastic Stack. The choice between the two depends on specific use cases and resource constraints.

prometheus

54,803

The Prometheus monitoring system and time series database.

Pros of Prometheus

More comprehensive monitoring solution with built-in alerting and visualization capabilities
Powerful query language (PromQL) for data analysis and aggregation
Extensive ecosystem with wide range of exporters and integrations

Cons of Prometheus

Higher resource consumption and complexity compared to Fluent Bit
Less suitable for log collection and forwarding scenarios
Steeper learning curve for setup and configuration

Code Comparison

Prometheus configuration (prometheus.yml):

global:
  scrape_interval: 15s

scrape_configs:
  - job_name: 'example'
    static_configs:
      - targets: ['localhost:8080']

Fluent Bit configuration (fluent-bit.conf):

[INPUT]
    Name   cpu
    Tag    cpu.local

[OUTPUT]
    Name   stdout
    Match  *

Prometheus focuses on metrics collection and monitoring, while Fluent Bit is designed for efficient log processing and forwarding. Prometheus uses a pull-based model, scraping metrics from targets, whereas Fluent Bit typically uses a push-based approach for log collection. The configuration syntax differs significantly between the two projects, reflecting their distinct purposes and architectures.

telegraf

14,466

Agent for collecting, processing, aggregating, and writing metrics, logs, and other arbitrary data.

Pros of Telegraf

Wider range of input plugins and integrations
Native support for InfluxDB and other time-series databases
More extensive data processing and aggregation capabilities

Cons of Telegraf

Higher resource consumption
Steeper learning curve for configuration
Less optimized for high-throughput log processing

Code Comparison

Fluent Bit configuration:

[INPUT]
    Name cpu
    Tag  cpu.stats

[OUTPUT]
    Name  stdout
    Match *

Telegraf configuration:

[[inputs.cpu]]
  percpu = true
  totalcpu = true

[[outputs.influxdb]]
  urls = ["http://localhost:8086"]

Summary

Telegraf offers a broader range of integrations and data processing capabilities, making it suitable for complex monitoring setups. It excels in collecting metrics and working with time-series databases. Fluent Bit, on the other hand, is more lightweight and efficient for log processing and forwarding. Telegraf's configuration is more verbose but offers greater flexibility, while Fluent Bit's configuration is simpler and more concise. Choose Telegraf for comprehensive metrics collection and processing, and Fluent Bit for efficient log handling in resource-constrained environments.

Convert designs to code with AI

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

CI Status

CI Workflow	Status
Unit Tests (master)
Integration Tests (master)
Arm builds
Latest release

About

Fluent Bit is a fast Log Processor and Forwarder for Linux, Windows, Embedded Linux, MacOS and BSD family operating systems. It's part of the Graduated Fluentd Ecosystem and a CNCF sub-project.

Fluent Bit allows to collect log events or metrics from different sources, process them and deliver them to different backends such as Fluentd, Elasticsearch, Splunk, DataDog, Kafka, New Relic, Azure services, AWS services, Google services, NATS, InfluxDB or any custom HTTP end-point.

Fluent Bit comes with full SQL Stream Processing capabilities: data manipulation and analytics using SQL queries.

Fluent Bit runs on x86_64, x86, arm32v7, and arm64v8 architectures.

Features

High Performance at low CPU and Memory footprint
Data Parsing
- Convert your unstructured messages using our parsers: JSON, Regex, LTSV and Logfmt
Reliability and Data Integrity
- Backpressure Handling
- Data Buffering in memory and file system
Networking
- Security: built-in TLS/SSL support
- Asynchronous I/O
Pluggable Architecture and Extensibility: Inputs, Filters and Outputs
- More than 70 built-in plugins available
- Extensibility
  - Write any input, filter or output plugin in C language
  - Write Filters in Lua or Output plugins in Golang
Monitoring: expose internal metrics over HTTP in JSON and Prometheus format
Stream Processing: Perform data selection and transformation using simple SQL queries
- Create new streams of data using query results
- Aggregation Windows
- Data analysis and prediction: Timeseries forecasting
Portable: runs on Linux, MacOS, Windows and BSD systems

Fluent Bit in Production

Fluent Bit is used widely in production environments. As of 2022, Fluent Bit surpasses 3 Billion downloads and continues to be deployed over 10 million times a day. The following is a preview of who uses Fluent Bit heavily in production:

If your company uses Fluent Bit and is not listed, feel free to open a GitHub issue and we will add the logo.

users

Documentation

Our official project documentation for installation, configuration, deployment and development topics is located here:

https://docs.fluentbit.io

Quick Start

Build from Scratch

If you aim to build Fluent Bit from sources, you can go ahead and start with the following commands.

cd build
cmake ..
make
bin/fluent-bit -i cpu -o stdout -f 1

If you are interested into more details, please refer to the Build & Install section.

Requirements

CMake >= 3.0
Flex
Bison
YAML library/headers
OpenSSL library/headers

Linux Packages

We provide packages for most common Linux distributions:

Linux / Docker Container Images

Our Linux containers images are the most common deployment model, thousands of new installation happen every day, learn more about the available images and tags here.

Windows Packages

Fluent Bit is fully supported on Windows environments, get started with these instructions.

Running on s390x

Fluent Bit runs on Linux on IBM Z(s390x), but the WASM filter plugin is not. For the LUA filter plugin, it runs when libluajit is installed on the system and fluent bit is built with FLB_LUAJIT and FLB_PREFER_SYSTEM_LIB_LUAJIT on.

Plugins: Inputs, Filters and Outputs

Fluent Bit is based in a pluggable architecture where different plugins plays a major role in the data pipeline:

Input Plugins

name	title	description
collectd	Collectd	Listen for UDP packets from Collectd.
cpu	CPU Usage	measure total CPU usage of the system.
disk	Disk Usage	measure Disk I/Os.
dummy	Dummy	generate dummy event.
exec	Exec	executes external program and collects event logs.
forward	Forward	Fluentd forward protocol.
head	Head	read first part of files.
health	Health	Check health of TCP services.
kmsg	Kernel Log Buffer	read the Linux Kernel log buffer messages.
mem	Memory Usage	measure the total amount of memory used on the system.
mqtt	MQTT	start a MQTT server and receive publish messages.
netif	Network Traffic	measure network traffic.
proc	Process	Check health of Process.
random	Random	Generate Random samples.
serial	Serial Interface	read data information from the serial interface.
stdin	Standard Input	read data from the standard input.
syslog	Syslog	read syslog messages from a Unix socket.
systemd	Systemd	read logs from Systemd/Journald.
tail	Tail	Tail log files.
tcp	TCP	Listen for JSON messages over TCP.
thermal	Thermal	measure system temperature(s).

Filter Plugins

name	title	description
aws	AWS Metadata	Enrich logs with AWS Metadata.
expect	Expect	Validate records match certain criteria in structure.
grep	Grep	Match or exclude specific records by patterns.
kubernetes	Kubernetes	Enrich logs with Kubernetes Metadata.
lua	Lua	Filter records using Lua Scripts.
parser	Parser	Parse record.
record_modifier	Record Modifier	Modify record.
rewrite_tag	Rewrite Tag	Re-emit records under new tag.
stdout	Stdout	Print records to the standard output interface.
throttle	Throttle	Apply rate limit to event flow.
nest	Nest	Nest records under a specified key
modify	Modify	Modifications to record.

Output Plugins

name	title	description
azure	Azure Log Analytics	Ingest records into Azure Log Analytics
bigquery	BigQuery	Ingest records into Google BigQuery
counter	Count Records	Simple records counter.
datadog	Datadog	Ingest logs into Datadog.
es	Elasticsearch	flush records to a Elasticsearch server.
file	File	Flush records to a file.
flowcounter	FlowCounter	Count records.
forward	Forward	Fluentd forward protocol.
gelf	GELF	Flush records to Graylog
http	HTTP	Flush records to an HTTP end point.
influxdb	InfluxDB	Flush records to InfluxDB time series database.
kafka	Apache Kafka	Flush records to Apache Kafka
kafka-rest	Kafka REST Proxy	Flush records to a Kafka REST Proxy server.
loki	Loki	Flush records to Loki server.
nats	NATS	Flush records to a NATS server.
null	NULL	Throw away events.
s3	S3	Flush records to s3
stackdriver	Google Stackdriver Logging	Flush records to Google Stackdriver Logging service.
stdout	Standard Output	Flush records to the standard output.
splunk	Splunk	Flush records to a Splunk Enterprise service
tcp	TCP & TLS	Flush records to a TCP server.
td	Treasure Data	Flush records to the Treasure Data cloud service for analytics.

Contributing

Fluent Bit is an open project, several individuals and companies contribute in different forms like coding, documenting, testing, spreading the word at events within others. If you want to learn more about contributing opportunities please reach out to us through our Community Channels.

If you are interested in contributing to Fluent bit with bug fixes, new features or coding in general, please refer to the code CONTRIBUTING guidelines. You can also refer the Beginners Guide to contributing to Fluent Bit here.

Community & Contact

Feel free to join us on our Slack channel, Mailing List or IRC:

Slack (#fluent-bit channel)
Twitter

License

This program is under the terms of the Apache License v2.0.

Authors

Fluent Bit is sponsored and maintained by several companies in the Cloud Native community, including all the major cloud providers.

You can see a list of contributors here.

Top Related Projects

Convert designs to code with AI

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot