Fluent Bit: Official Manual
SlackGitHubDiscussionsCommunity Meetings
Search…
1.9
Fluent Bit v1.9 Documentation
About
What is Fluent Bit?
A Brief History of Fluent Bit
Fluentd & Fluent Bit
License
Concepts
Key Concepts
Buffering
Data Pipeline
Installation
Getting Started with Fluent Bit
Upgrade Notes
Supported Platforms
Requirements
Sources
Linux Packages
Docker
Containers on AWS
Amazon EC2
Kubernetes
macOS
Windows
Yocto / Embedded Linux
Administration
Configuring Fluent Bit
Security
Buffering & Storage
Backpressure
Scheduling and Retries
Networking
Memory Management
Monitoring
Dump Internals / Signal
HTTP Proxy
Local Testing
Validating your Data and Structure
Running a Logging Pipeline Locally
Data Pipeline
Pipeline Monitoring
Inputs
Parsers
Filters
AWS Metadata
CheckList
Expect
GeoIP2 Filter
Grep
Kubernetes
Lua
Parser
Record Modifier
Modify
Multiline
Nest
Nightfall
Rewrite Tag
Standard Output
Throttle
Tensorflow
Outputs
Stream Processing
Introduction to Stream Processing
Overview
Changelog
Getting Started
Fluent Bit for Developers
C Library API
Ingest Records Manually
Golang Output Plugins
Developer guide for beginners on contributing to Fluent Bit
Powered By GitBook
Parser
The Parser Filter plugin allows for parsing fields in event records.

Configuration Parameters

The plugin supports the following configuration parameters:
Key
Description
Default
Key_Name
Specify field name in record to parse.
​
Parser
Specify the parser name to interpret the field. Multiple Parser entries are allowed (one per line).
​
Preserve_Key
Keep original Key_Name field in the parsed result. If false, the field will be removed.
False
Reserve_Data
Keep all other original fields in the parsed result. If false, all other original fields will be removed.
False

Getting Started

Configuration File

This is an example of parsing a record {"data":"100 0.5 true This is example"}.
The plugin needs a parser file which defines how to parse each field.
1
[PARSER]
2
Name dummy_test
3
Format regex
4
Regex ^(?<INT>[^ ]+) (?<FLOAT>[^ ]+) (?<BOOL>[^ ]+) (?<STRING>.+)$
Copied!
The path of the parser file should be written in configuration file under the [SERVICE] section.
1
[SERVICE]
2
Parsers_File /path/to/parsers.conf
3
​
4
[INPUT]
5
Name dummy
6
Tag dummy.data
7
Dummy {"data":"100 0.5 true This is example"}
8
​
9
[FILTER]
10
Name parser
11
Match dummy.*
12
Key_Name data
13
Parser dummy_test
14
​
15
[OUTPUT]
16
Name stdout
17
Match *
Copied!
The output is
1
$ fluent-bit -c dummy.conf
2
Fluent Bit v1.x.x
3
* Copyright (C) 2019-2020 The Fluent Bit Authors
4
* Copyright (C) 2015-2018 Treasure Data
5
* Fluent Bit is a CNCF sub-project under the umbrella of Fluentd
6
* https://fluentbit.io
7
​
8
[2017/07/06 22:33:12] [ info] [engine] started
9
[0] dummy.data: [1499347993.001371317, {"INT"=>"100", "FLOAT"=>"0.5", "BOOL"=>"true", "STRING"=>"This is example"}]
10
[1] dummy.data: [1499347994.001303118, {"INT"=>"100", "FLOAT"=>"0.5", "BOOL"=>"true", "STRING"=>"This is example"}]
11
[2] dummy.data: [1499347995.001296133, {"INT"=>"100", "FLOAT"=>"0.5", "BOOL"=>"true", "STRING"=>"This is example"}]
12
[3] dummy.data: [1499347996.001320284, {"INT"=>"100", "FLOAT"=>"0.5", "BOOL"=>"true", "STRING"=>"This is example"}]
Copied!
You can see the records {"data":"100 0.5 true This is example"} are parsed.

Preserve original fields

By default, the parser plugin only keeps the parsed fields in its output.
If you enable Reserve_Data, all other fields are preserved:
1
[PARSER]
2
Name dummy_test
3
Format regex
4
Regex ^(?<INT>[^ ]+) (?<FLOAT>[^ ]+) (?<BOOL>[^ ]+) (?<STRING>.+)$
Copied!
1
[SERVICE]
2
Parsers_File /path/to/parsers.conf
3
​
4
[INPUT]
5
Name dummy
6
Tag dummy.data
7
Dummy {"data":"100 0.5 true This is example", "key1":"value1", "key2":"value2"}
8
​
9
[FILTER]
10
Name parser
11
Match dummy.*
12
Key_Name data
13
Parser dummy_test
14
Reserve_Data On
Copied!
This will produce the output:
1
$ fluent-bit -c dummy.conf
2
Fluent-Bit v0.12.0
3
Copyright (C) Treasure Data
4
​
5
[2017/07/06 22:33:12] [ info] [engine] started
6
[0] dummy.data: [1499347993.001371317, {"INT"=>"100", "FLOAT"=>"0.5", "BOOL"=>"true", "STRING"=>"This is example"}, "key1":"value1", "key2":"value2"]
7
[1] dummy.data: [1499347994.001303118, {"INT"=>"100", "FLOAT"=>"0.5", "BOOL"=>"true", "STRING"=>"This is example"}, "key1":"value1", "key2":"value2"]
8
[2] dummy.data: [1499347995.001296133, {"INT"=>"100", "FLOAT"=>"0.5", "BOOL"=>"true", "STRING"=>"This is example"}, "key1":"value1", "key2":"value2"]
9
[3] dummy.data: [1499347996.001320284, {"INT"=>"100", "FLOAT"=>"0.5", "BOOL"=>"true", "STRING"=>"This is example"}, "key1":"value1", "key2":"value2"]
Copied!
If you enable Reserved_Data and Preserve_Key, the original key field will be preserved as well:
1
[PARSER]
2
Name dummy_test
3
Format regex
4
Regex ^(?<INT>[^ ]+) (?<FLOAT>[^ ]+) (?<BOOL>[^ ]+) (?<STRING>.+)$
Copied!
1
[SERVICE]
2
Parsers_File /path/to/parsers.conf
3
​
4
[INPUT]
5
Name dummy
6
Tag dummy.data
7
Dummy {"data":"100 0.5 true This is example", "key1":"value1", "key2":"value2"}
8
​
9
[FILTER]
10
Name parser
11
Match dummy.*
12
Key_Name data
13
Parser dummy_test
14
Reserve_Data On
15
Preserve_Key On
Copied!
This will produce the following output:
1
$ fluent-bit -c dummy.conf
2
Fluent-Bit v0.12.0
3
Copyright (C) Treasure Data
4
​
5
[2017/07/06 22:33:12] [ info] [engine] started
6
[0] dummy.data: [1499347993.001371317, {"data":"100 0.5 true This is example", "INT"=>"100", "FLOAT"=>"0.5", "BOOL"=>"true", "STRING"=>"This is example"}]
7
[1] dummy.data: [1499347994.001303118, {"data":"100 0.5 true This is example", "INT"=>"100", "FLOAT"=>"0.5", "BOOL"=>"true", "STRING"=>"This is example"}]
8
[2] dummy.data: [1499347995.001296133, {"data":"100 0.5 true This is example", "INT"=>"100", "FLOAT"=>"0.5", "BOOL"=>"true", "STRING"=>"This is example"}]
9
[3] dummy.data: [1499347996.001320284, {"data":"100 0.5 true This is example", "INT"=>"100", "FLOAT"=>"0.5", "BOOL"=>"true", "STRING"=>"This is example"}]
Copied!
Previous
Lua
Next
Record Modifier
Last modified 2mo ago
Export as PDF
Copy link
Contents
Configuration Parameters
Getting Started
Configuration File
Preserve original fields