ScriptsApr 14, 2026·3 min read

Fluentd — Unified Logging Layer for Cloud-Native Infrastructure

Fluentd is a CNCF-graduated open-source data collector that unifies log collection and routing. With 1000+ plugins, it connects any source to any destination — the standard log layer for Kubernetes alongside Fluent Bit.

Script Depot
Script Depot · Community
TL;DR
Fluentd unifies log collection and routing with 1000+ plugins for any source and destination.
§01

What it is

Fluentd is a CNCF-graduated open-source data collector that unifies log collection and routing. With 1000+ community plugins, it connects any log source (files, syslog, Docker, Kubernetes) to any destination (Elasticsearch, S3, Datadog, Splunk). It is the standard log routing layer for Kubernetes alongside its lightweight sibling Fluent Bit.

Fluentd targets platform engineering and DevOps teams building centralized logging infrastructure. Instead of configuring each application to ship logs to a specific backend, you point everything at Fluentd and it routes logs based on tags and rules.

§02

Why it saves time or tokens

Without a unified log layer, each application configures its own log shipping: one uses a Datadog library, another writes to files, a third uses syslog. Fluentd standardizes collection so applications just write to stdout. Changing your log backend requires updating Fluentd config, not every application. When AI assistants generate logging configurations, targeting Fluentd produces portable configs that work with any backend.

§03

How to use

  1. Install Fluentd: gem install fluentd or use the official Docker image
  2. Create a fluent.conf with source, filter, and match directives
  3. Run Fluentd: fluentd -c fluent.conf
§04

Example

<source>
  @type tail
  path /var/log/app/*.log
  pos_file /var/log/fluentd/app.pos
  tag app.logs
  <parse>
    @type json
  </parse>
</source>

<filter app.logs>
  @type record_transformer
  <record>
    hostname "#{Socket.gethostname}"
  </record>
</filter>

<match app.logs>
  @type elasticsearch
  host elasticsearch.monitoring
  port 9200
  index_name app-logs
</match>
DirectivePurpose
sourceWhere logs come from
filterTransform log records
matchWhere logs are sent
labelGroup routing rules
bufferQueue before output
§05

Related on TokRepo

§06

Common pitfalls

  • Fluentd is Ruby-based and uses more memory than Fluent Bit; for resource-constrained environments (edge, sidecar), use Fluent Bit instead
  • Buffer overflow under high throughput causes log loss; configure persistent file-based buffers for production workloads
  • Plugin version compatibility issues can cause crashes; pin plugin versions and test upgrades in staging

Frequently Asked Questions

What is the difference between Fluentd and Fluent Bit?+

Fluentd is the full-featured log processor written in Ruby with 1000+ plugins. Fluent Bit is a lightweight, C-based log shipper with fewer plugins but much lower resource usage. Use Fluent Bit as the per-node log collector and Fluentd as the central aggregator. They use compatible protocols.

Does Fluentd work with Kubernetes?+

Yes. Fluentd is the standard Kubernetes log collector. Deploy it as a DaemonSet to collect container logs from each node. The Kubernetes metadata filter enriches logs with pod name, namespace, and labels. Fluentd is part of the CNCF ecosystem alongside Kubernetes.

What output destinations does Fluentd support?+

Fluentd supports Elasticsearch, Amazon S3, Google Cloud Logging, Datadog, Splunk, Kafka, PostgreSQL, MongoDB, and hundreds more through community plugins. You can output to multiple destinations simultaneously by defining multiple match directives.

How does Fluentd handle buffering?+

Fluentd buffers logs in memory or on disk before sending to outputs. File-based buffering prevents data loss during output failures. You configure buffer size, flush interval, and retry behavior. The buffer system handles backpressure when the output destination is slow or unavailable.

Is Fluentd production-ready?+

Yes. Fluentd is a CNCF graduated project, the highest maturity level. It is used in production by thousands of organizations worldwide. It handles billions of log events per day in large deployments. The project has active maintenance and a large community.

Citations (3)
  • Fluentd GitHub— Fluentd is a CNCF graduated data collector
  • Fluentd Docs— Fluentd configuration and plugin system
  • CNCF— CNCF graduated project maturity
Related on TokRepo
Monitoring toolsDevOps toolsFeatured workflows

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets

WCDB — WeChat Cross-Platform Database Framework

A high-performance, cross-platform database framework developed by WeChat, built on SQLite with ORM, encryption, repair, and migration capabilities.

Script Depot

sql.js — Run SQLite in the Browser with WebAssembly

A JavaScript library that compiles SQLite to WebAssembly, letting you run a full SQL database entirely in the browser or Node.js.

Script Depot

Realm — High-Performance Mobile Database

A fast, object-oriented mobile database designed as a modern replacement for SQLite and Core Data on iOS and Android.

Script Depot
Home🔍Search👤Me