Apica Docs
  • Welcome to Apica Docs!
  • PRODUCT OVERVIEW
    • Ascent Overview
    • Ascent User Interface
  • RELEASE NOTES
    • Release Notes
      • Ascent 2.9.0
      • Ascent 2.8.1
      • Ascent 2.8.0
      • Ascent 2.7.0
      • Ascent 2.6.0
      • Ascent 2.5.0
      • Ascent 2.4.0
      • Ascent 2.3.0
      • Ascent 2.2.0
      • Ascent 2.1.0
        • Data Fabric
          • Releases-old
        • Synthetic Monitoring
        • Advanced Scripting Engine
        • IRONdb
      • Synthetic Monitoring
  • GETTING STARTED
    • Getting Started with Ascent
      • Getting Started with Metrics
      • Getting Started with Logs
    • Ascent Deployment Overview
    • Quickstart with Docker-Compose
    • On-Premise PaaS deployment
      • On-Premise PaaS Deployment Architecture
      • Deploying Apica Ascent PaaS on Kubernetes
      • Deploying Apica Ascent PaaS on MicroK8s
      • Deploying Apica Ascent PaaS on AWS
      • Deploying Apica Ascent EKS on AWS using CloudFormation
      • Deploying Ascent on AWS EKS with Aurora PostgreSQL and ElastiCache Redis using Cloud Formation
        • Deploying Apica Ascent on AWS EKS with Aurora PostgreSQL and ElastiCache Redis using CloudFormation
        • Apica Ascent on AWS EKS (Private Endpoint) with Aurora PostgreSQL and ElastiCache Redis on prod VPC
      • Deploying Apica Ascent EKS on AWS using custom AMI
      • Deploying Apica Ascent EKS with AWS ALB
      • Deploying Apica Ascent PaaS in Azure Kubernetes Service
        • Azure Blob Storage Lifecycle Management
      • Deploying Apica Ascent with OpenShift
      • Deploying Apica Ascent PaaS on MicroK8s in Redhat 8/9
    • Boomi RTO Quick Start Guide
      • RTO Dashboarding
      • Alerting on RTO Metrics
      • Alerting on RTO Logs
    • OpenTelemetry Overview
      • Why Implement OpenTelemetry?
      • Common Use Cases for OpenTelemetry
      • How to Get Started with OpenTelemetry
      • Best Practices for OpenTelemetry Implementations
  • DATA SOURCES
    • Data Source Overview
    • API
      • JSON Data source
      • RSS
    • AWS
      • Amazon Athena
      • Amazon CloudWatch ( YAML )
      • Amazon Elasticsearch Service
      • Amazon Redshift
      • MySQL Server (Amazon RDS)
    • NoSQL Data Sources
      • MongoDB
    • OLAP
      • Data Bricks
      • Druid
      • Snowflake
    • SQL Data Sources
      • PostgreSQL
      • Microsoft SQL Server
      • MySQL Server
    • Time Series Databases
      • Prometheus Compatible
      • Elasticsearch
      • InfluxDB
    • Ascent Synthetics
      • Checks
    • Ascent Logs
      • Logs
  • INTEGRATIONS
    • Integrations Overview
      • Generating a secure ingest token
      • Data Ingest Ports
    • List of Integrations
      • Apache Beam
        • Export Metrics to Prometheus
          • Pull Mechanism via Push-Gateway
        • Export Events to Apica Ascent
      • Apica ASM
      • Apica Ascent Observability Data Collector Agent
      • AWS
        • AWS CloudWatch
        • AWS ECS
          • Forwarding AWS ECS logs to Apica Ascent using AWS FireLens
          • ECS prometheus metrics to Apica Ascent
        • AWS S3
      • Azure
        • Azure Databricks
        • Azure Eventhub
        • Azure Event Hubs
      • Docker Compose
      • Docker Swarm logging
      • Docker Syslog log driver
      • F5 Big-Ip System
      • Filebeat
      • Fluent Bit
        • Forwarding Amazon-Linux logs to Apica Ascent using Fluent Bit
        • Fluent Bit installation on Ubuntu
        • Enabling IoT(MQTT) Input (PAAS)
        • IIS Logs on Windows
      • Fluentd
      • FortiNet Firewalls
      • GCP PubSub
      • GCP Cloud Logging
      • IBM QRadar
      • Incident Management
        • Webhooks
      • Jaeger
      • Kafka
      • Kinesis
      • Kubernetes
      • Logstash
      • MQTT
      • Network Packets
      • OpenTelemetry
      • Object store (S3 Compatible)
      • Oracle OCI Infrastructure Audit/Logs
      • OSSEC Variants (OSSEC/WAZUH/ATOMIC)
        • Apica Ascent-OSSEC Agent for Windows
      • Palo Alto Firewall
      • Prometheus
        • Spring Boot
        • Prometheus on Windows
        • Prometheus Remote Write
        • MongoDB Exporter
        • JMX Exporter
      • Rsyslogd
      • Syslog
      • Syslog-ng
      • Splunk Universal Forwarder
      • Splunk Heavy Forwarder
      • SNMP
      • Splunk Forwarding Proxy
      • Vault
        • Audit Vault Logs - AWS
        • Audit Vault Logs - OCI
        • Audit Vault Metrics
  • Dashboards
    • Dashboards & Visualizations
    • Create Your First Dashboard
    • Build an auto-refreshing Dashboard
    • Adding widgets to the Dashboard
    • Using Pre-defined Dashboards
    • Import Grafana Dashboards
  • DATA MANAGEMENT
    • Data Management Overview
    • Data Explorer Overview
      • Query Builder
      • Widget
      • Alerts
      • JSON Import
      • Creating Json Schema
        • Visualization
          • Line chart
          • Bar chart
          • Area chart
          • Scatter chart
          • Status chart
          • Counter chart
          • Stat chart
          • Size chart
          • Dense Status chart
          • Honeycomb chart
          • Gauge chart
          • Pie chart
          • Disk chart
          • Table chart
          • Date time chart
      • Time-Series AI/ML
        • Anomaly Detection
        • Averaging
        • Standard Deviation(STD)
      • Data Explorer Dashboard
        • Create a Dashboard
        • Editing Dashboard
          • Dashboard level filters
    • Timestamp handling
      • Timestamp bookmark
    • Large log/events/metrics/traces
  • COMMAND LINE INTERFACE
    • apicactl Documentation
  • Flow
    • Overview
    • Data Flow Pipelines
    • Rules
      • FILTER
      • EXTRACT
      • SIEM and TAG
      • REWRITE
      • CODE
      • FORWARD
        • Rename Attributes
      • STREAM
    • List of Forwarders
      • Mapping Applications
    • Splunk Forwarding
      • Apica UF Proxy App Extension
        • Standalone Instance
        • List of Indexer Instances
        • Indexer Discovery
      • Metric Indexes
      • Non Metric Indexes
      • Syslog Forwarding
    • Real-Time Stream Forwarding
      • AWS Kinesis
      • Azure Eventhub
      • Google Pub/Sub
    • Security Monitor Forwarding
      • Arc Sight
      • RSA New Witness
    • Forwarding to Monitoring Tools
      • Datadog Forwarding
      • New Relic Forwarding
      • Dynatrace Forwarding
      • Elasticsearch Forwarding
      • Coralogix Forwarding
      • Azure Log Analytics Forwarding
      • JS Code Forwarding
    • Object Store Forwarding
      • S3 Compatible
      • Azure Blob Storage
    • Forwarding to Data Warehouse
      • GCP Bigquery
  • LAKE
    • Lake: Powered by Instastore™
  • FLEET MANAGEMENT
    • Overview
    • Agents
    • Configurations
    • Packages
    • Fleet Repository Management
    • Advanced Search
    • List of Agents
      • Datadog Agent
      • Fluent-bit Agent
      • Grafana Alloy
      • OpenTelemetry Collector
      • OpenTelemetry Kubernetes
      • Prometheus Agent
  • OBSERVE
    • Monitoring Overview
      • Connecting Prometheus
      • Connecting Amazon Managed Service for Prometheus
      • Windows Redis Monitoring
      • Writing queries
        • Query Snippets
      • Query API
      • Use Apica API to ingest JSON data
    • Distributed Tracing
      • Traces
      • Spans
      • Native support for OTEL Traces
      • Windows .NET Application Tracing
      • Linux+Java Application Tracing
    • Log Management
      • Terminology
      • Explore Logs
      • Topology
      • Apica Ascent Search Cheat Sheet
      • Share Search Results
      • Severity Metrics
      • Log2Metrics
      • Native support for OTEL Logs
      • Reports
        • Accessing Reports results via API
      • Role-Based Access Control (RBAC)
      • Configuring RBAC
    • Synthetic Check Monitoring
      • Map View
      • List View
      • Alerting for Check Results
  • AUTONOMOUS INSIGHTS
    • Time Series AI-ML
      • Anomaly Detection
      • Averaging
      • Standard Deviation(STD)
      • Forecasting
      • AI-ML on PromQL Query Data Set
      • Statistical Data Description
    • Pattern-Signature (PS)
      • Log PS Explained
        • Unstructured Logs
        • Semi-structured JSON
        • Reduce Logs Based on PS
        • Log PS Use Cases
          • Log Outlier Isolation
          • Log Trending Analysis
          • Simple Log Compare
      • Config PS
        • Config JSON PS
    • ALIVE Log Visualization
      • ALIVE Pattern Signature Summary
      • ALIVE Log Compare
    • Log Explained using Generative AI
      • Configuring Generative AI Access
      • GenAI Example Using Log Explain
    • Alerts
    • Alerts (Simple/Anomaly)
    • Alerts On Logs
    • Rule Packs
    • AI-powered Search
  • PLATFORM DOCS
    • Synthetic Monitoring (ASM)
      • Dashboards
      • Link to ASM Knowledge Base
      • Link to ZT Knowledge Base
    • Load Testing (ALT)
      • Link to ALT Knowledge Base
    • Test Data Orchestrator (TDO)
      • Technical Guides
        • Hardware / Environment Requirements
        • IP Forwarding Instructions (Linux)
        • Self-Signed Certificate
        • Windows Server Install
        • Linux Server Install
        • User Maintenance
        • LDAP Setup
        • MongoDB Community Server Setup
        • TDX Installation Guide
      • User Documentation
        • End User Guide for TDO
          • Connecting to Orson
          • Coverage Sets and Business Rules
          • Data Assembly
          • Downloading Data
        • User Guide for TDX
          • Connecting to TDX
          • Setting up a Data Profile
          • Extracting Data
          • Analyzing Data Patterns
          • Performing Table Updates
        • API Guide
          • API Structure and Usage
          • Determining Attribute APIs
            • Create Determining Attribute (Range-based)
            • Create Determining Attribute (Value-based)
            • Update Determining Attributes
            • Get Determining Attribute Details
            • Delete a Determining Attribute
          • Coverage Set API’s
            • Create Coverage Set
            • Update Coverage Set
            • Get All Coverage Set Details
            • Get Single Coverage Set Details
            • Lock Coverage Set
            • Unlock Coverage Set
            • Delete Coverage Set
          • Business Rule API’s
            • Create Business Rule
            • Update Business Rule
            • Get Business Rule Details
            • Get All Business Rules
            • Delete Business Rule
          • Workset API's
            • Create Workset
            • Update Workset
            • Get All Worksets
            • Get Workset Details
            • Unlock Workset
            • Clone Workset
            • Delete Workset
          • Data Assembly API's
            • Assemble Data
            • Check Assembly Process
          • Data Movement API's
            • Ingest (Upload) Data Files
            • Download Data Files
              • HTML Download
              • CSV Download
              • Comma Delimited with Sequence Numbers Download
              • Pipe Delimited Download
              • Tab Delimited with Sequence Numbers Download
              • EDI X12 834 Download
              • SQL Lite db Download
              • Alight File Format Download
          • Reporting API's
            • Session Events
            • Rules Events
            • Coverage Events
            • Retrieve Data Block Contents
            • Data Assembly Summary
        • Workflow Guide
      • Release Notes
        • Build 1.0.2.0-20250213-1458
  • Administration
    • E-Mail Configuration
    • Single Sign-On with SAML
    • Audit Trail
      • Events Trail
      • Alerts Trail
Powered by GitBook
On this page
  • Installing Fluent Bit
  • Installing Node Exporter
  • Forwarding Amazon-Linux logs to Apica Ascent using Fluent Bit

Was this helpful?

Edit on GitHub
Export as PDF
  1. INTEGRATIONS
  2. List of Integrations
  3. Fluent Bit

Forwarding Amazon-Linux logs to Apica Ascent using Fluent Bit

PreviousFluent BitNextFluent Bit installation on Ubuntu

Last updated 1 year ago

Was this helpful?

This guide takes you through how you can set up log forwarding from Linux systems hosted on AWS to Apica Ascent using Fluent Bit. The guide leverages an installation script which you can download from our GitHub repository.

Before you proceed with this setup, be sure to download the install.sh and td-agent-bit.sh scripts located here:

The install.sh script carries out the following functions:

  • Installs Node Exporter, which exposes various metrics from your Linux machine (CPU, RAM usage)

The td-agent-bit.sh script carries out the following functions:

  • Installs Fluent Bit on your Amazon-Linux systems which is used for forwarding logs to Apica Ascent.

Installing Fluent Bit

In order to install Fluent Bit to forward Linux logs, do the following:

  1. Download the td-agent-bit.sh script from the repository shared above.

  2. Make the script executable by running the following command.

chmod +x td-agent-bit.sh

  1. Set the cluster details

export LOGIQ="example.logiq.ai"
export MY_TOKEN=<Your Token>

  1. Execute the script by running either of the following commands.

HTTP endpoint:
sudo -E ./td-agent-bit.sh "http"

HTTPS endpoint:
sudo -E ./td-agent-bit.sh "https"

or
HTTP endpoint:
sudo bash td-agent-bit.sh "http"

HTTPS endpoint:
sudo bash td-agent-bit.sh "https"

The script executes and carries out the following:

  • Installs Fluent Bit

  • Checks your OS versions and updates your sources list, as mentioned in the Fluent Bit documentation.

  • Configures Rsyslog to add omfwd, as shown below.

    *.* action(type="omfwd"
         queue.type="LinkedList"
         action.resumeRetryCount="-1"
         queue.size="10000"
         queue.saveonshutdown="on"
         target="127.0.0.1" Port="5140" Protocol="tcp"
         )

The script also places the td-agent-bit.conf file under the default Fluent Bit installation folder /etc/td-agent-bit. The script will configure [OUTPUT] section of the td-agent-bit.conf file based on your LOGIQ cluster, as shown below.

[OUTPUT]
    Name          http
    Match         *
    Host          localhost
    Port          80
    URI           /v1/json_batch
    Format        json
    tls           off
    tls.verify    off
    net.keepalive off
    compress      gzip
    Header Authorization Bearer ${LOGIQ_TOKEN}

Installing Node Exporter

To install Node Exporter, do the following.

  1. Download the install.sh script from the repository shared above.

  2. Make the script executable by running the following command.

    chmod +x install.sh

  3. Set the cluster details as shown below.

    export LOGIQ="example.logiq.ai"
export MY_TOKEN=<Your Token>

  4. Execute the script by running any of the following commands.

    HTTP endpoint:
sudo -E ./install.sh "http"

HTTPS endpoint:
sudo -E ./install.sh "https"

or
HTTP endpoint:
sudo bash install.sh "http"

HTTPS endpoint:
sudo bash install.sh "https"

The script executes and installs Node Exporter

You should now see your Amazon-Linux logs being ingested into the Linux:Linux1 namespace on your Apica Ascent UI.

Forwarding Amazon-Linux logs to Apica Ascent using Fluent Bit

The script isntall.sh included in this folder carries out the following functions:

  • Installs Node Exporter, which exposes various metrices from your Linux machine(CPU, RAM usage)

  • Installs Fluent Bit on your Amazon-linux systems which is used for forwarding logs to Apica Ascent.

The script td-agent-bit.sh included in this folder carries out the following functions:

  • Installs Fluent Bit on your Amazon-linux systems which is used for forwarding logs to Apica Ascent.

In order to install Fluent Bit to forward Linux logs, do the following (Follow the same instructions for installing Node-exporter and run install.sh).

  1. Download the td-agent-bit.sh script from this folder.

  2. Make the script executable by running the following command.

chmod +x td-agent-bit.sh

  1. Set the cluster details

export LOGIQ="example.logiq.ai"
export MY_TOKEN=<Your Token>

  1. Execute the script by running either of the following commands.

HTTP endpoint:
sudo -E ./td-agent-bit.sh "http"

HTTPS endpoint:
sudo -E ./td-agent-bit.sh "https"

or
HTTP endpoint:
sudo bash td-agent-bit.sh "http"

HTTPS endpoint:
sudo bash td-agent-bit.sh "https"

The script executes and carries out the following:

  • Installs Node Exporter (optional)

  • Installs Fluent Bit

  • Checks your OS versions and updates your sources list, as mentioned in the Fluent Bit documentation.

  • Configures Rsyslog to add omfwd, as shown below.

    *.* action(type="omfwd"
         queue.type="LinkedList"
         action.resumeRetryCount="-1"
         queue.size="10000"
         queue.saveonshutdown="on"
         target="127.0.0.1" Port="5140" Protocol="tcp"
         )

The script also places the td-agent-bit.conf file under the default Fluent Bit installation folder /etc/td-agent-bit. The script will configure [OUTPUT] section of the td-agent-bit.conf file based on your Apica Ascent cluster, as shown below.

[OUTPUT]
    Name          http
    Match         *
    Host          localhost
    Port          80
    URI           /v1/json_batch
    Format        json
    tls           off
    tls.verify    off
    net.keepalive off
    compress      gzip
    Header Authorization Bearer ${LOGIQ_TOKEN}

You should now see your Amazon-Linux logs being ingested into the Linux:Linux1 namespace on your Apica Ascent UI.

linux
Logologiq-installation/fluent-bit/linux/amazon-linux at main · logiqai/logiq-installationGitHub
linux