1 of 12

Configuring Fluent Bit

Currently, Fluent Bit supports two configuration formats:

Classic mode.
Yaml. (YAML configuration is production ready since Fluent Bit 2.0.)

CLI flags

Fluent Bit also supports a CLI interface with various flags matching up to the configuration options available.

Classic mode

Format and Schema

Fluent Bit might optionally use a configuration file to define how the service will behave.

Before proceeding we need to understand how the configuration schema works.

The schema is defined by three concepts:

Sections
Entries: Key/Value
Indented Configuration Mode

A simple example of a configuration file is as follows:

Sections

A section is defined by a name or title inside brackets. Looking at the example above, a Service section has been set using [SERVICE] definition. Section rules:

All section content must be indented (4 spaces ideally).
Multiple sections can exist on the same file.
A section is expected to have comments and entries, it cannot be empty.

Entries: Key/Value

A section may contain Entries, an entry is defined by a line of text that contains a Key and a Value, using the above example, the [SERVICE] section contains two entries, one is the key Daemon with value off and the other is the key Log_Level with the value debug. Entries rules:

An entry is defined by a key and a value.
A key must be indented.
A key must contain a value which ends in the breakline.

Also commented lines are set prefixing the # character, those lines are not processed but they must be indented too.

Indented Configuration Mode

Fluent Bit configuration files are based in a strict Indented Mode, that means that each configuration file must follow the same pattern of alignment from left to right when writing text. By default an indentation level of four spaces from left to right is suggested. Example:

As you can see there are two sections with multiple entries and comments, note also that empty lines are allowed and they do not need to be indented.

Configuration File

This page describes the main configuration file used by Fluent Bit

One of the ways to configure Fluent Bit is using a main configuration file. Fluent Bit allows to use one configuration file which works at a global scope and uses the Format and Schema defined previously.

The main configuration file supports four types of sections:

Service
Input
Filter
Output

In addition, it's also possible to split the main configuration file in multiple files using the feature to include external files:

Include File

Service

The Service section defines global properties of the service, the keys available as of this version are described in the following table:

Key

Description

Default Value

The following is an example of a SERVICE section:

For scheduler and retry details, please check there:

Input

An INPUT section defines a source (related to an input plugin), here we will describe the base configuration for each INPUT section. Note that each input plugin may add it own configuration keys:

Key

Description

The Name is mandatory and it let Fluent Bit know which input plugin should be loaded. The Tag is mandatory for all plugins except for the input forward plugin (as it provides dynamic tags).

Example

The following is an example of an INPUT section:

Filter

A FILTER section defines a filter (related to an filter plugin), here we will describe the base configuration for each FILTER section. Note that each filter plugin may add it own configuration keys:

Key

Description

The Name is mandatory and it let Fluent Bit know which filter plugin should be loaded. The Match or Match_Regex is mandatory for all plugins. If both are specified, Match_Regex takes precedence.

Example

The following is an example of an FILTER section:

Output

The OUTPUT section specify a destination that certain records should follow after a Tag match. Currently, Fluent Bit can route up to 256 OUTPUT plugins. The configuration support the following keys:

Key

Description

Example

The following is an example of an OUTPUT section:

Example: collecting CPU metrics

The following configuration file example demonstrates how to collect CPU metrics and flush the results every five seconds to the standard output:

Visualize

You can also visualize Fluent Bit INPUT, FILTER, and OUTPUT configuration via

Include File

To avoid complicated long configuration files is better to split specific parts in different files and call them (include) from one main file.

Starting from Fluent Bit 0.12 the new configuration command @INCLUDE has been added and can be used in the following way:

The configuration reader will try to open the path somefile.conf, if not found, it will assume it's a relative path based on the path of the base configuration file, e.g:

Main configuration file path: /tmp/main.conf
Included file: somefile.conf
Fluent Bit will try to open somefile.conf, if it fails it will try /tmp/somefile.conf.

The @INCLUDE command only works at top-left level of the configuration line, it cannot be used inside sections.

Wildcard character (*) is supported to include multiple files, e.g:

Note files matching the wildcard character are included unsorted. If plugins ordering between files need to be preserved, the files should be included explicitly.

Variables

Fluent Bit supports the usage of environment variables in any value associated to a key when using a configuration file.

The variables are case sensitive and can be used in the following format:

When Fluent Bit starts, the configuration reader will detect any request for ${MY_VARIABLE} and will try to resolve its value.

When Fluent Bit is running under systemd (using the official packages), environment variables can be set in the following files:

/etc/default/fluent-bit

Commands

Configuration files must be flexible enough for any deployment need, but they must keep a clean and readable format.

Fluent Bit Commands extends a configuration file with specific built-in features. The list of commands available as of Fluent Bit 0.12 series are:

Command

Prototype

Description

@INCLUDE FILE

Include a configuration file

@INCLUDE Command

Configuring a logging pipeline might lead to an extensive configuration file. In order to maintain a human-readable configuration, it's suggested to split the configuration in multiple files.

The @INCLUDE command allows the configuration reader to include an external configuration file, e.g:

The above example defines the main service configuration file and also include two files to continue the configuration:

inputs.conf

outputs.conf

Note that despites the order of inclusion, Fluent Bit will ALWAYS respect the following order:

Service
Inputs
Filters
Outputs

@SET Command

Fluent Bit supports , one way to expose this variables to Fluent Bit is through setting a Shell environment variable, the other is through the @SET command.

The @SET command can only be used at root level of each line, meaning it cannot be used inside a section, e.g:

Upstream Servers

It's common that Fluent Bit output plugins aims to connect to external services to deliver the logs over the network, this is the case of HTTP, Elasticsearch and Forward within others. Being able to connect to one node (host) is normal and enough for more of the use cases, but there are other scenarios where balancing across different nodes is required. The Upstream feature provides such capability.

An Upstream defines a set of nodes that will be targeted by an output plugin, by the nature of the implementation an output plugin must support the Upstream feature. The following plugin(s) have Upstream support:

Forward

The current balancing mode implemented is round-robin.

Configuration

To define an Upstream it's required to create an specific configuration file that contains an UPSTREAM and one or multiple NODE sections. The following table describe the properties associated to each section. Note that all of them are mandatory:

Section

Key

Description

Nodes and specific plugin configuration

A Node might contain additional configuration keys required by the plugin, on that way we provide enough flexibility for the output plugin, a common use case is Forward output where if TLS is enabled, it requires a shared key (more details in the example below).

Nodes and TLS (Transport Layer Security)

In addition to the properties defined in the table above, the network operations against a defined node can optionally be done through the use of TLS for further encryption and certificates use.

The TLS options available are described in the section and can be added to the any Node section.

Configuration File Example

The following example defines an Upstream called forward-balancing which aims to be used by Forward output plugin, it register three Nodes:

node-1: connects to 127.0.0.1:43000
node-2: connects to 127.0.0.1:44000
node-3: connects to 127.0.0.1:45000 using TLS without verification. It also defines a specific configuration option required by Forward output called shared_key.

Note that every Upstream definition must exists on it own configuration file in the file system. Adding multiple Upstreams in the same file or different files is not allowed.

Record Accessor

A full feature set to access content of your records

Fluent Bit works internally with structured records and it can be composed of an unlimited number of keys and values. Values can be anything like a number, string, array, or a map.

Having a way to select a specific part of the record is critical for certain core functionalities or plugins, this feature is called Record Accessor.

consider Record Accessor a simple grammar to specify record content and other miscellaneous values.

Format

A record accessor rule starts with the character $. Using the structured content above as an example the following table describes how to access a record:

The following table describe some accessing rules and the expected returned value:

Format

Accessed Value

If the accessor key does not exist in the record like the last example $labels['undefined'] , the operation is simply omitted, no exception will occur.

Usage Example

The feature is enabled on a per plugin basis, not all plugins enable this feature. As an example consider a configuration that aims to filter records using that only matches where labels have a color blue:

The file content to process in test.log is the following:

Running Fluent Bit with the configuration above the output will be:

Limitations of record_accessor templating

The Fluent Bit record_accessor library has a limitation in the characters that can separate template variables- only dots and commas (. and ,) can come after a template variable. This is because the templating library must parse the template and determine the end of a variable.

The following would be invalid templates because the two template variables are not separated by commas or dots:

$TaskID-$ECSContainerName
$TaskID/$ECSContainerName
$TaskID_$ECSContainerName

However, the following are valid:

$TaskID.$ECSContainerName
$TaskID.ecs_resource.$ECSContainerName
$TaskID.fooo.$ECSContainerName

And the following are valid since they only contain one template variable with nothing after it:

fooo$TaskID
fooo____$TaskID
fooo/bar$TaskID

YAML Configuration

YAML configuration feature was introduced since FLuent Bit version 1.9 as experimental, and it is production ready since Fluent Bit 2.0.

Configuration File

This page describes the yaml configuration file used by Fluent Bit

One of the ways to configure Fluent Bit is using a YAML configuration file that works at a global scope.

The YAML configuration file supports the following sections:

Env
Includes
Service
Pipeline
- Inputs
- Filters
- Outputs

The YAML configuration file does not support the following sections yet:

Parsers

YAML configuration is used in the smoke tests for containers, so an always-correct up-to-date example is here: .

Env

The env section allows the definition of configuration variables that will be used later in the configuration file.

Example:

Includes

The includes section allows the files to be merged into the YAML configuration to be identified as a list of filenames. If no path is provided, then the file is assumed to be in a folder relative to the file referencing it.

Example:

Service

The service section defines the global properties of the service. The Service keys available as of this version are described in the following table:

Key

Description

Default Value

The following is an example of a service section:

For scheduler and retry details, please check there:

Pipeline

A pipeline section will define a complete pipeline configuration, including inputs, filters and outputs subsections.

Each of the subsections for inputs, filters and outputs constitutes an array of maps that has the parameters for each. Most properties are either simple strings or numbers so can be define directly, ie:

This pipeline consists of two inputs; a tail plugin and an http server plugin. Each plugin has its own map in the array of inputs consisting of simple properties. To use more advanced properties that consist of multiple values the property itself can be defined using an array, ie: the record and allowlist_key properties for the record_modifier filter:

In the cases where each value in a list requires two values they must be separated by a space, such as in the record property for the record_modifier filter.

Input

An input section defines a source (related to an input plugin). Here we will describe the base configuration for each input section. Note that each input plugin may add it own configuration keys:

Key

Description

The Name is mandatory and it lets Fluent Bit know which input plugin should be loaded. The Tag is mandatory for all plugins except for the input forward plugin (as it provides dynamic tags).

Example input

The following is an example of an input section for the cpu plugin.

Filter

A filter section defines a filter (related to a filter plugin). Here we will describe the base configuration for each filter section. Note that each filter plugin may add its own configuration keys:

Key

Description

The Name is mandatory and it lets Fluent Bit know which filter plugin should be loaded. The Match or Match_Regex is mandatory for all plugins. If both are specified, Match_Regex takes precedence.

Example filter

The following is an example of a filter section for the grep plugin:

Output

The outputs section specify a destination that certain records should follow after a Tag match. Currently, Fluent Bit can route up to 256 OUTPUT plugins. The configuration supports the following keys:

Key

Description

Example output

The following is an example of an output section:

Example: collecting CPU metrics

The following configuration file example demonstrates how to collect CPU metrics and flush the results every five seconds to the standard output:

Processors

In recent versions of Fluent-Bit, the input and output plugins can run in separate threads. In Fluent-Bit 2.1.2, we have implemented a new interface called "processor" to extend the processing capabilities in input and output plugins directly without routing the data. This interface allows users to apply data transformations and filtering to incoming data records before they are processed further in the pipeline.

This functionality is only exposed in YAML configuration and not in classic configuration mode due to the restriction of nested levels of configuration.

Example: Using processors.

The following configuration file example demonstrates the use of processors to change the log record in the input plugin section by adding a new key "hostname" with the value "monox", and we use lua to append the tag to the log record. Also in the ouput plugin section we added a new key named "output" with the value "new data". All these without the need of routing the logs further in the pipeline.

Unit Sizes

Certain configuration directives in Fluent Bit refer to unit sizes such as when defining the size of a buffer or specific limits, we can find these in plugins like , or in generic properties like .

Starting from v0.11.10, all unit sizes have been standardized across the core and plugins, the following table describes the options that can be used and what they mean:

Suffix

Description

Example

Multiline Parsing

In an ideal world, applications might log their messages within a single line, but in reality applications generate multiple log messages that sometimes belong to the same context. But when is time to process such information it gets really complex. Consider application stack traces which always have multiple log lines.

Starting from Fluent Bit v1.8, we have implemented a unified Multiline core functionality to solve all the user corner cases. In this section, you will learn about the features and configuration options available.

Concepts

The Multiline parser engine exposes two ways to configure and use the functionality:

Built-in multiline parser
Configurable multiline parser

Built-in Multiline Parsers

Without any extra configuration, Fluent Bit exposes certain pre-configured parsers (built-in) to solve specific multiline parser cases, e.g:

Parser

Description

Configurable Multiline Parsers

Besides the built-in parsers listed above, through the configuration files is possible to define your own Multiline parsers with their own rules.

A multiline parser is defined in a parsers configuration file by using a [MULTILINE_PARSER] section definition. The Multiline parser must have a unique name and a type plus other configured properties associated with each type.

To understand which Multiline parser type is required for your use case you have to know beforehand what are the conditions in the content that determines the beginning of a multiline message and the continuation of subsequent lines. We provide a regex based configuration that supports states to handle from the most simple to difficult cases.

Property

Description

Default

Lines and States

Before start configuring your parser you need to know the answer to the following questions:

What is the regular expression (regex) that matches the first line of a multiline message ?
What are the regular expressions (regex) that match the continuation lines of a multiline message ?

When matching regex, we have to define states, some states define the start of a multiline message while others are states for the continuation of multiline messages. You can have multiple continuation states definitions to solve complex cases.

The first regex that matches the start of a multiline message is called start_state, then other regexes continuation lines can have different state names.

Rules Definition

A rule specifies how to match a multiline pattern and perform the concatenation. A rule is defined by 3 specific components:

state name
regular expression pattern
next state

A rule might be defined as follows (comments added to simplify the definition) :

In the example above, we have defined two rules, each one has its own state name, regex patterns, and the next state name. Every field that composes a rule must be inside double quotes.

The first rule of state name must always be start_state, and the regex pattern must match the first line of a multiline message, also a next state must be set to specify how the possible continuation lines would look like.

To simplify the configuration of regular expressions, you can use the Rubular web site. We have posted an example by using the regex described above plus a log line that matches the pattern:

Configuration Example

The following example provides a full Fluent Bit configuration file for multiline parsing by using the definition explained above.

The following example files can be located at:

Example files content:

This is the primary Fluent Bit configuration file. It includes the parsers_multiline.conf and tails the file test.log by applying the multiline parser multiline-regex-test. Then it sends the processing to the standard output.

This second file defines a multiline parser for the example.

An example file with multiline content:

By running Fluent Bit with the given configuration file you will obtain:

The lines that did not match a pattern are not considered as part of the multiline message, while the ones that matched the rules were concatenated properly.

Limitations

The multiline parser is a very powerful feature, but it has some limitations that you should be aware of:

The multiline parser is not affected by the buffer_max_size configuration option, allowing the composed log record to grow beyond this size. Hence, the skip_long_lines option will not be applied to multiline messages.
It is not possible to get the time key from the body of the multiline message. However, it can be extracted and set as a new key by using a filter.

Get structured data from multiline message

Fluent-bit supports /pat/m option. It allows . matches a new line. It is useful to parse multiline log.

The following example is to get date and message from concatenated log.

Example files content:

This is the primary Fluent Bit configuration file. It includes the parsers_multiline.conf and tails the file test.log by applying the multiline parser multiline-regex-test. It also parses concatenated log by applying parser named-capture-test. Then it sends the processing to the standard output.

This second file defines a multiline parser for the example.

An example file with multiline content:

By running Fluent Bit with the given configuration file you will obtain:

$ docker run --rm -it fluent/fluent-bit --help Usage: /fluent-bit/bin/fluent-bit [OPTION] Available Options -b --storage_path=PATH specify a storage buffering path -c --config=FILE specify an optional configuration file -d, --daemon run Fluent Bit in background mode -D, --dry-run dry run -f, --flush=SECONDS flush timeout in seconds (default: 1) -C, --custom=CUSTOM enable a custom plugin -i, --input=INPUT set an input -F --filter=FILTER set a filter -m, --match=MATCH set plugin match, same as '-p match=abc' -o, --output=OUTPUT set an output -p, --prop="A=B" set plugin configuration property -R, --parser=FILE specify a parser configuration file -e, --plugin=FILE load an external plugin (shared lib) -l, --log_file=FILE write log info to a file -t, --tag=TAG set plugin tag, same as '-p tag=abc' -T, --sp-task=SQL define a stream processor task -v, --verbose increase logging verbosity (default: info) -w, --workdir set the working directory -H, --http enable monitoring HTTP server -P, --port set HTTP server TCP port (default: 2020) -s, --coro_stack_size set coroutines stack size in bytes (default: 24576) -q, --quiet quiet mode -S, --sosreport support report for Enterprise customers -V, --version show version number -h, --help print this help Inputs cpu CPU Usage mem Memory Usage thermal Thermal kmsg Kernel Log Buffer proc Check Process health disk Diskstats systemd Systemd (Journal) reader netif Network Interface Usage docker Docker containers metrics docker_events Docker events node_exporter_metrics Node Exporter Metrics (Prometheus Compatible) fluentbit_metrics Fluent Bit internal metrics prometheus_scrape Scrape metrics from Prometheus Endpoint tail Tail files dummy Generate dummy data dummy_thread Generate dummy data in a separate thread head Head Input health Check TCP server health http HTTP collectd collectd input plugin statsd StatsD input plugin opentelemetry OpenTelemetry nginx_metrics Nginx status metrics serial Serial input stdin Standard Input syslog Syslog tcp TCP mqtt MQTT, listen for Publish messages forward Fluentd in-forward random Random Filters alter_size Alter incoming chunk size aws Add AWS Metadata checklist Check records and flag them record_modifier modify record throttle Throttle messages using sliding window algorithm type_converter Data type converter kubernetes Filter to append Kubernetes metadata modify modify records by applying rules multiline Concatenate multiline messages nest nest events by specified field values parser Parse events expect Validate expected keys and values grep grep events by specified field values rewrite_tag Rewrite records tags lua Lua Scripting Filter stdout Filter events to STDOUT geoip2 add geoip information to records nightfall scans records for sensitive content Outputs azure Send events to Azure HTTP Event Collector azure_blob Azure Blob Storage azure_kusto Send events to Kusto (Azure Data Explorer) bigquery Send events to BigQuery via streaming insert counter Records counter datadog Send events to DataDog HTTP Event Collector es Elasticsearch exit Exit after a number of flushes (test purposes) file Generate log file forward Forward (Fluentd protocol) http HTTP Output influxdb InfluxDB Time Series logdna LogDNA loki Loki kafka Kafka kafka-rest Kafka REST Proxy nats NATS Server nrlogs New Relic null Throws away events opensearch OpenSearch plot Generate data file for GNU Plot pgsql PostgreSQL skywalking Send logs into log collector on SkyWalking OAP slack Send events to a Slack channel splunk Send events to Splunk HTTP Event Collector stackdriver Send events to Google Stackdriver Logging stdout Prints events to STDOUT syslog Syslog tcp TCP Output td Treasure Data flowcounter FlowCounter gelf GELF Output websocket Websocket cloudwatch_logs Send logs to Amazon CloudWatch kinesis_firehose Send logs to Amazon Kinesis Firehose kinesis_streams Send logs to Amazon Kinesis Streams opentelemetry OpenTelemetry prometheus_exporter Prometheus Exporter prometheus_remote_write Prometheus remote write s3 Send to S3

Multiline Parsing

Concepts

The Multiline parser engine exposes two ways to configure and use the functionality:

Built-in multiline parser
Configurable multiline parser

Built-in Multiline Parsers

Without any extra configuration, Fluent Bit exposes certain pre-configured parsers (built-in) to solve specific multiline parser cases, e.g:

Parser

Description

Configurable Multiline Parsers

Besides the built-in parsers listed above, through the configuration files is possible to define your own Multiline parsers with their own rules.

Property

Description

Default

Lines and States

Before start configuring your parser you need to know the answer to the following questions:

What is the regular expression (regex) that matches the first line of a multiline message ?
What are the regular expressions (regex) that match the continuation lines of a multiline message ?

The first regex that matches the start of a multiline message is called start_state, then other regexes continuation lines can have different state names.

Rules Definition

A rule specifies how to match a multiline pattern and perform the concatenation. A rule is defined by 3 specific components:

state name
regular expression pattern
next state

A rule might be defined as follows (comments added to simplify the definition) :

In the example above, we have defined two rules, each one has its own state name, regex patterns, and the next state name. Every field that composes a rule must be inside double quotes.

To simplify the configuration of regular expressions, you can use the Rubular web site. We have posted an example by using the regex described above plus a log line that matches the pattern:

Configuration Example

The following example provides a full Fluent Bit configuration file for multiline parsing by using the definition explained above.

The following example files can be located at:

Example files content:

This second file defines a multiline parser for the example.

An example file with multiline content:

By running Fluent Bit with the given configuration file you will obtain:

The lines that did not match a pattern are not considered as part of the multiline message, while the ones that matched the rules were concatenated properly.

Limitations

The multiline parser is a very powerful feature, but it has some limitations that you should be aware of:

The multiline parser is not affected by the buffer_max_size configuration option, allowing the composed log record to grow beyond this size. Hence, the skip_long_lines option will not be applied to multiline messages.
It is not possible to get the time key from the body of the multiline message. However, it can be extracted and set as a new key by using a filter.

Get structured data from multiline message

Fluent-bit supports /pat/m option. It allows . matches a new line. It is useful to parse multiline log.

The following example is to get date and message from concatenated log.

Example files content:

This is the primary Fluent Bit configuration file. It includes the parsers_multiline.conf and tails the file test.log by applying the multiline parser multiline-regex-test. It also parses concatenated log by applying parser named-capture-test. Then it sends the processing to the standard output.

This second file defines a multiline parser for the example.

An example file with multiline content:

By running Fluent Bit with the given configuration file you will obtain:

Configuring Fluent Bit

hashtagCLI flags

Classic mode

Format and Schema

hashtagSections

hashtagEntries: Key/Value

hashtagIndented Configuration Mode

Configuration File

hashtagService

hashtagInput

hashtagExample

hashtagFilter

hashtagExample

hashtagOutput

hashtagExample

hashtagExample: collecting CPU metrics

hashtagVisualize

hashtagInclude File

Variables

Commands

hashtag@INCLUDE Command

hashtaginputs.conf

hashtagoutputs.conf

hashtag@SET Command

Upstream Servers

hashtagConfiguration

hashtagNodes and specific plugin configuration

hashtagNodes and TLS (Transport Layer Security)

hashtagConfiguration File Example

Record Accessor

hashtagFormat

hashtagUsage Example

hashtagLimitations of record_accessor templating

YAML Configuration

Configuration File

hashtagEnv

hashtagIncludes

hashtagService

hashtagPipeline

hashtagInput

hashtagExample input

hashtagFilter

hashtagExample filter

hashtagOutput

hashtagExample output

hashtagExample: collecting CPU metrics

hashtagProcessors

hashtagExample: Using processors.

Unit Sizes

Multiline Parsing

hashtagConcepts

hashtagBuilt-in Multiline Parsers

hashtagConfigurable Multiline Parsers

hashtagLines and States

hashtagRules Definition

hashtagConfiguration Example

hashtagLimitations

hashtagGet structured data from multiline message

Configuring Fluent Bit

hashtagCLI flags

Classic mode

Format and Schema

hashtagSections

hashtagEntries: Key/Value

hashtagIndented Configuration Mode

YAML Configuration

Configuration File

hashtagService

hashtagInput

hashtagExample

hashtagFilter

hashtagExample

hashtagOutput

hashtagExample

hashtagExample: collecting CPU metrics

hashtagVisualize

hashtagInclude File

Unit Sizes

Variables

hashtagExample

CLI flags

Sections

Entries: Key/Value

Indented Configuration Mode

Service

Input

Example

Filter

Example

Output

Example

Example: collecting CPU metrics

Visualize

Include File

@INCLUDE Command

inputs.conf

outputs.conf

@SET Command

Configuration

Nodes and specific plugin configuration

Nodes and TLS (Transport Layer Security)

Configuration File Example

Format

Usage Example

Limitations of record_accessor templating

Env

Includes

Service

Pipeline

Input

Example input

Filter

Example filter

Output

Example output

Example: collecting CPU metrics

Processors

Example: Using processors.

Concepts

Built-in Multiline Parsers

Configurable Multiline Parsers

Lines and States

Rules Definition

Configuration Example

Limitations

Get structured data from multiline message

CLI flags

Sections

Entries: Key/Value

Indented Configuration Mode

Service

Input

Example

Filter

Example

Output

Example

Example: collecting CPU metrics

Visualize

Include File

Example

Format

Usage Example

Limitations of record_accessor templating

Configuration

Nodes and specific plugin configuration

Nodes and TLS (Transport Layer Security)

Configuration File Example

@INCLUDE Command

inputs.conf

outputs.conf

@SET Command

Concepts

Built-in Multiline Parsers

Configurable Multiline Parsers

Lines and States

Rules Definition

Configuration Example

Limitations

Get structured data from multiline message