Fluent Beats is a set of observability pipelines for Docker Containers and Linux Hosts, compatible with Elastic observabilily features based on FluentBit
Fluent Beats uses the Elastic Common Schema to send data that can be ingested and consumed in key Kibana contexts
- Analytics
- Dashboard
- Discovery
- Canvas
- etc
- Observability
- Alerts
- Logs
- Infrastructure
- Metrics Explorer
- Hosts
- Observability
- Infrastructure
- Inventory
- AWS and K8s filters are not supported
- Inventory
- Uptime
- Uptime Monitors
- Only container over TCP (translated from healthchecks)
- Uptime Monitors
- Infrastructure
- APM
- User Experience
This service is designed to provide lightweight observability capababilities for microservices running as Docker containers.
Its was designed to be deployed as a Docker Swarm Global Service; or AWS ECS equivalent; in order to receive any type of observability information from other services.
Internally it translates all metrics and logs to Elastic ECS, which is the standard schema used by Elasticsearch
To work properly it requires:
- Port bindings:
2020/tcp: Used to expose internal HTTP server24224/tcp: Used to receive Logs from Docker Fluentd Driver8125/udp: Used to receive Metrics/APM using extended StatsD datagrams (StatsD + Tags)
- Volume bindings:
/var/run/docker.sock: Used to call Docker engine API/var/lib/docker/containers: Used to detect all container running in the host/proc: Used to extract host metrics (cpu, memory and load)
The service can be configured based on a set of environment variables that basically define limits for the Fluent Bit engine.
These variables can be easily stored as Environment File and exported as Docker Configs
The supported variables are:
| Variable | Description | Default |
|---|---|---|
| FLB_DOCKER_METRICS_INTERVAL | Time in seconds to collect Docker metrics | 10 |
| FLB_HOST_METRICS_INTERVAL | Time in seconds to collect Host metrics | 10 |
| FLB_MEM_BUF_LIMIT | Memory threshold for input plugins backpressure control | 3M |
| FLB_FORWARD_BUF_CHUNK_SIZE | Allocation block size used by forward input plugin |
1M |
| FLB_FORWARD_BUF_MAX_SIZE | Memory limit for a message received by forward input plugin |
3M |
| FLB_STORAGE_BACKLOG_MEM_LIMIT | Memory limit for backlog (unprocessed data) processing | 10M |
| FLB_HOST_NET_INTERFACE | Name of the host network interface to monitor | eth0 |
| FLB_COLLECT_CONTAINER_LABELS | Enable Docker container labels collection | false |
- APM
- Docker Container Info
- Docker Container Stats
- Docker Container Uptime
- Docker Logs
- Docker System
- Host Metrics
The project provides some Kibana dashboards, equivalent to the original ones provided by Elastic Beats.
The project contains a test stack, it requires properly configuration of Elasticsearch secrets by creating 2 files.
/test/secrets/http_host.txt: contains the ES hostname/test./secrets/http_host.txt: contains the ES password
Once configured the test stack can be started:
./test.shTo build Fluent-Beats, run:
./build.shYou can optionally dive into a Fluent-Beats container using:
docker pull ghcr.io/fluent-beats/fluent-beats:latest
docker run --rm -ti --entrypoint sh ghcr.io/fluent-beats/fluent-beats- By default we use a bare minimal set of the standard
Fluent Bitplugins/features - The
Fluent Bitversion used by this project is1.8.11- In order to apply
Docker Secretsextraction, theFluent BitDocker image version must include shell support (debug flavor).
- In order to apply
- Versions up to
1.8.11are shipped as much bigger Docker images and don't provide any useful feature for this particular solution
Fluent Beats logo was adapted from hati-royani hummingbird icon logo
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent