fluentbit add json ingest and forward original filenames

codeyourweb · codeyourweb · commit e707cf3cf050 · 2025-11-09T22:28:14.000+01:00
diff --git a/config/fluentbit_server/logs-auditd.conf b/config/fluentbit_server/logs-auditd.conf
@@ -7,6 +7,7 @@
     Read_from_Head true
     Buffer_Chunk_Size 1M
     Buffer_Max_Size 5M
+    Path_Key      source_file
 
 [FILTER]
     Name         lua
diff --git a/config/fluentbit_server/logs-evtx.conf b/config/fluentbit_server/logs-evtx.conf
@@ -18,6 +18,7 @@
     Read_from_Head true
     Buffer_Chunk_Size 1M
     Buffer_Max_Size 5M
+    Path_Key      source_file
 
 [FILTER]
     Name         lua
diff --git a/config/fluentbit_server/logs-json.conf b/config/fluentbit_server/logs-json.conf
@@ -7,6 +7,13 @@
     Read_from_Head true
     Buffer_Chunk_Size 1M
     Buffer_Max_Size 5M
+    Path_Key      source_file
+
+[FILTER]
+    Name         lua
+    Match        json.logs
+    Script       /fluent-bit/etc/add_timestamp.lua
+    Call         add_timestamp
 
 [OUTPUT]
     Name         es
