# FluentBit

groundcover automatically collects all logs within your Kubernetes cluster streamed via Standard Output (stdout) using our proprietary eBPF sensor, requiring no setup. However, if your organization stores logs in files, either within Kubernetes or outside, or if you want to pass logs from non-Kubernetes entities, you can use FluentBit to send these logs to groundcover.

## Setting metadata

While not required, it is suggested to set metadata attributes to be recognized by groundoover.

| Attribute        | Meaning                                                                                                                                                       |
| ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `env_name`       | Will associate the log with an environment in groundcover. [Read more](https://docs.groundcover.com/use-groundcover/add-custom-environment-labels)            |
| `clusterId`      | Will associate the log with a cluster in groundcover.                                                                                                         |
| `host.name`      | Will appear as the logs' hostname                                                                                                                             |
| `gc_source_type` | <p>will appear the source of the type of the logs. . Can be any value of your choosing.<br>For example, logs from Kubernetes clusters are marked as 'k8s'</p> |
| `service.name`   | Will appear as the name of the workload that created the log.                                                                                                 |

## Configuring the output stage

Setup instructions depend on whether your logs are stored in a Kubernetes or non-Kubernetes cluster.

{% tabs %}
{% tab title="Logs from outside a Kubernetes cluster" %}
{% hint style="info" %}
This feature is only available for enterprise plan.
{% endhint %}

**Finding the OTEL endpoint of the BYOC backend**

The following example will use FluentBit's [OpenTelemetry Exporter](https://docs.fluentbit.io/manual/pipeline/outputs/opentelemetry) to send logs to your BYOC's endpoint.

For more instructions on finding your BYOC endpoint and apikey, see [these](https://docs.groundcover.com/architecture/byoc/ingestion-endpoints#opentelemetry) docs.

**Configuring an output stage**

Add the following code to your Fluent Bit configuration to start sending logs to groundcover:

```yaml
[OUTPUT]
        Name http
        Match *
        Host {BYOC_ENDPOINT}
        Port 443
        Tls On
        Tls.verify On
        URI /json/logs
        Json_date_key    timestamp
        Json_date_format iso8601
        Header apikey {ingestion-key}
```

{% endtab %}

{% tab title="Logs from inside a Kubernetes cluster" %}
**Configuring an output stage**

Add the following code to your FluentBit configuration file to start sending logs to groundcover:

```yaml
[OUTPUT]
        Name opentelemetry
        Match *
        Host groundcover-sensor.groundcover.svc.cluster.local
        Logs_uri /v1/logs
        Port 4318
        Tls Off
        Tls.verify Off
        Log_response_payload Off 
```

{% endtab %}
{% endtabs %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.groundcover.com/integrations/data-sources/fluentbit.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.