Fluent Bit – Sending Logs to ELK with Fluent Bit

Fluent Bit is a lightweight, high-performance log processor & forwarder, suitable for distributed systems, containers like Kubernetes, or resource-constrained environments.

Prepare Fluent-Bit: https://docs.fluentbit.io/manual/installation/windows#installing-from-exe-installer

Next we will update the fluent-bit.conf, need to know the 3 main sections we will focus on.

• [INPUT]: Specifies where logs are collected from; in our case, it will be collected from the sample logs file we have created.

• [OUTPUT]: Specifies where logs should be sent; we want to forward them to Elasticsearch.

• [PARSER]: Defines how logs should be structured using regex; we have updated the parser.conf file so there is no need to change it.

This configuration is for Fluent Bit to read logs from a file (C:/Users/Admin/Downloads/demo.log) and forward them to an Elasticsearch instance.

For the OUTPUT:

• name es: The es output plugin sends logs to Elasticsearch.

• Host 192.168.35.135: The IP address or hostname of the Elasticsearch server.

• Port 9200: The port where Elasticsearch is listening (default is 9200).

• tls on: Enables TLS/SSL encryption for communication with Elasticsearch.

• tls.verify off: Disables certificate verification.

• Trace_Output on: Enables verbose logging for debugging purposes.

Now, let's run Fluent Bit:

& 'C:\Program Files\fluent-bit\bin\fluent-bit.exe' -c 'C:\Program Files\fluent-bit\conf\fluent-bit.conf'

Let's confirm whether the logs are successfully being forwarded to ELK.