Fluent Bit is a log, metric, and trace processor and forwarder written in C, designed to be small enough to run as a sidecar or DaemonSet on every node without noticeable overhead — typically ~650KB binary, single-digit-MB RSS. It’s the default logging agent on most managed Kubernetes distributions and the de facto successor to its older sibling Fluentd for the collection layer.
The pipeline model is Inputs → Parsers → Filters → Buffer → Routers → Outputs. Inputs read from sources like tail (container logs on disk), systemd, kmsg, Prometheus scraping, OpenTelemetry, Kafka, forward protocol. Filters enrich or mutate events — the Kubernetes filter, for example, resolves pod metadata by calling the kube API and caches it. Buffers can be memory or disk-backed for durability across restarts. Outputs ship to Elasticsearch, Loki, Splunk, S3, Kafka, OpenSearch, Datadog, OpenTelemetry collectors, and dozens more. A scripting layer via Lua and a newer WASM filter interface let you write custom processing without forking the binary.
Fluent Bit is a CNCF graduated project alongside Fluentd, and the two are usually deployed together: Fluent Bit on every node for collection, Fluentd (or a Fluent Bit aggregator tier) for heavier parsing and routing. Increasingly, Fluent Bit alone handles both roles, especially since it picked up OpenTelemetry-native support and can now do metrics and traces too.