start using fluent.bit - observability

June 11, 2025

fluent.bit

log forwarder agent.

bash start salt
sudo salt 'surface3.*' state.show_sls config.install-fluentbit
config/install-fluentbit.sls salt file
{% set version = '4.0.3' %}
{% set url = 'https://packages.fluentbit.io/windows/fluent-bit-' ~ version ~ '-win64.zip' %}
{% set install_dir = 'C:/devtools/fluent-bit' %}
{% set zip_file = install_dir ~ '/fluent-bit.zip' %}
{% set fluentbit_exe = install_dir ~ '/bin/fluent-bit.exe' %}
{% set config_file = install_dir ~ '/fluent-bit.conf' %}

fluentbit-install-dir:
  file.directory:
    - name: {{ install_dir }}
    - makedirs: True

download-fluentbit:
  cmd.run:
    - name: >
        powershell -Command "Invoke-WebRequest -Uri '{{ url }}' -OutFile '{{ zip_file }}'"
    - shell: powershell
    - require:
      - file: fluentbit-install-dir

extract-fluentbit:
  cmd.run:
    - name: >
        powershell -Command "Expand-Archive -Path '{{ zip_file }}' -DestinationPath 'C:\\fluent-bit-temp' -Force"
    - shell: powershell
    - require:
      - cmd: download-fluentbit

move-fluentbit-contents:
  cmd.run:
    - name: >
        powershell -NoProfile -Command "$root = Get-ChildItem -Path 'C:\\fluent-bit-temp' | Where-Object { $_.PSIsContainer } | Select-Object -First 1; if ($null -eq $root) { Write-Error 'No folder found in C:\\fluent-bit-temp'; exit 1 }; Write-Host 'Found folder:' $root.FullName; Move-Item -Path \"$($root.FullName)\\*\" -Destination 'C:\\devtools\\fluent-bit' -Force"
    - shell: cmd
    - require:
      - cmd: extract-fluentbit


fluentbit-config:
  file.managed:
    - name: {{ config_file }}
    - source: salt://files/fluent-bit.conf
    - require:
      - cmd: download-fluentbit

fluentbit-service:
  cmd.run:
    - name: >
        sc.exe create FluentBit binPath= "{{ fluentbit_exe }} -c {{ config_file }}"
        DisplayName= "Fluent Bit"
        start= auto
    - shell: cmd
    - unless: sc query FluentBit > nul 2>&1
    - require:
      - file: fluentbit-config

start-fluentbit-service:
  service.running:
    - name: FluentBit
    - enable: True
    - require:
      - cmd: fluentbit-service
fluent-bit.conf configuration
[SERVICE]
    Flush        5
    Daemon       Off
    Log_Level    info

[INPUT]
    Name         winlog
    Channels     Application,System
    Interval_Sec 1
    Tag          winlog.event

[OUTPUT]
    Name         file
    Match        winlog.*
    Path         C:/devtools/fluent-bit/
    File         winlog_output.log
c:\devtools\fluent-bit\bin\fluent-bit.exe -c c:\devtools\fluent-bit\fluent-bit.conf

Search

Categories

Tags