updates for v5.0

README.md

@@ -37,6 +37,8 @@ description: High Performance Telemetry Agent for Logs, Metrics and Traces
 
 For more details about changes in each release, refer to the [official release notes](https://fluentbit.io/announcements/).
 
+If you are upgrading from the Fluent Bit `4.2` series, start with [What's new in Fluent Bit v5.0](installation/whats-new-in-fluent-bit-v5.0.md) and [Upgrade notes](installation/upgrade-notes.md).
+
 ## Fluent Bit, Fluentd, and CNCF
 
 Fluent Bit is a [CNCF](https://www.cncf.io/) graduated sub-project under the umbrella of [Fluentd](https://www.fluentd.org).

SUMMARY.md

@@ -33,6 +33,7 @@
   * [Kubernetes](installation/downloads/kubernetes.md)
   * [macOS](installation/downloads/macos.md)
   * [Windows](installation/downloads/windows.md)
+* [What's new in Fluent Bit v5.0](installation/whats-new-in-fluent-bit-v5.0.md)
 * [Upgrade notes](installation/upgrade-notes.md)
 
 ## Administration

administration/configuring-fluent-bit/yaml/pipeline-section.md

@@ -77,6 +77,35 @@
 
 The `name` parameter is required and defines for Fluent Bit which input plugin should be loaded. The `tag` parameter is required for all plugins except for the `forward` plugin, which provides dynamic tags.
 
+### Shared HTTP listener settings for inputs
+
+Some HTTP-based input plugins share the same listener implementation and support the following common settings in addition to their plugin-specific parameters:
+
+| Key | Description | Default |
+| --- | ----------- | ------- |
+| `http_server.http2` | Enable HTTP/2 support for the input listener. | `true` |
+| `http_server.buffer_max_size` | Set the maximum size of the HTTP request buffer. | `4M` |
+| `http_server.buffer_chunk_size` | Set the allocation chunk size used for the HTTP request buffer. | `512K` |
+| `http_server.max_connections` | Set the maximum number of concurrent active HTTP connections. `0` means unlimited. | `0` |
+| `http_server.workers` | Set the number of HTTP listener worker threads. | `1` |
+
+For backward compatibility, some plugins also accept the legacy aliases `http2`, `buffer_max_size`, `buffer_chunk_size`, `max_connections`, and `workers`.
+
+### Incoming `OAuth 2.0` `JWT` validation settings
+
+The HTTP-based input plugins that support bearer token validation share the following `oauth2.*` settings:
+
+| Key | Description | Default |
+| --- | ----------- | ------- |
+| `oauth2.validate` | Enable `OAuth 2.0` `JWT` validation for incoming requests. | `false` |
+| `oauth2.issuer` | Expected issuer (`iss`) claim. Required when `oauth2.validate` is `true`. | _none_ |
+| `oauth2.jwks_url` | `JWKS` endpoint URL used to fetch public keys for token validation. Required when `oauth2.validate` is `true`. | _none_ |
+| `oauth2.allowed_audience` | Audience claim to enforce when validating tokens. | _none_ |
+| `oauth2.allowed_clients` | Authorized `client_id` or `azp` claim values. This key can be specified multiple times. | _none_ |
+| `oauth2.jwks_refresh_interval` | How often in seconds to refresh cached `JWKS` keys. | `300` |
+
+When validation is enabled, requests without a valid `Authorization: Bearer <token>` header are rejected.
+
 ### Example input configuration
 
 The following is an example of an `inputs` section that contains a `cpu` plugin.
@@ -127,6 +156,29 @@
 
 Fluent Bit can route up to 256 output plugins.
 
+### Outgoing `OAuth 2.0` client credentials settings
+
+Output plugins that support outgoing `OAuth 2.0` authentication can expose the following shared `oauth2.*` settings:
+
+| Key | Description | Default |
+| --- | ----------- | ------- |
+| `oauth2.enable` | Enable `OAuth 2.0` client credentials for outgoing requests. | `false` |
+| `oauth2.token_url` | Token endpoint URL. | _none_ |
+| `oauth2.client_id` | Client ID. | _none_ |
+| `oauth2.client_secret` | Client secret. | _none_ |
+| `oauth2.scope` | Optional scope parameter. | _none_ |
+| `oauth2.audience` | Optional audience parameter. | _none_ |
+| `oauth2.resource` | Optional resource parameter. | _none_ |
+| `oauth2.auth_method` | Client authentication method. Supported values: `basic`, `post`, `private_key_jwt`. | `basic` |
+| `oauth2.jwt_key_file` | PEM private key file used with `private_key_jwt`. | _none_ |
+| `oauth2.jwt_cert_file` | Certificate file used to derive the `kid` or `x5t` header value for `private_key_jwt`. | _none_ |
+| `oauth2.jwt_aud` | Audience to use in `private_key_jwt` assertions. Defaults to `oauth2.token_url` when unset. | _none_ |
+| `oauth2.jwt_header` | JWT header claim name used for the thumbprint. Supported values: `kid`, `x5t`. | `kid` |
+| `oauth2.jwt_ttl_seconds` | Lifetime in seconds for `private_key_jwt` client assertions. | `300` |
+| `oauth2.refresh_skew_seconds` | Seconds before expiry at which to refresh the access token. | `60` |
+| `oauth2.timeout` | Timeout for token requests. | `0s` |
+| `oauth2.connect_timeout` | Connect timeout for token requests. | `0s` |
+
 ### Example output configuration
 
 The following is an example of an `outputs` section that contains a `stdout` plugin:

administration/configuring-fluent-bit/yaml/service-section.md

@@ -36,6 +36,8 @@ The `service` section of YAML configuration files defines global properties of t
 | `streams_file` | Path for the [stream processor](../../../stream-processing/overview.md) configuration file. This file defines the rules and operations for stream processing in Fluent Bit. Stream processor configurations can also be defined directly in the `streams` section of YAML configuration files. | _none_ |
 | `windows.maxstdio` | If specified, adjusts the limit of `stdio`. Only provided for Windows. Values from `512` to `2048` are allowed. | `512` |
 
+The `service` section only controls the built-in monitoring and control HTTP server. Plugin-specific HTTP listener settings such as `http_server.http2`, `http_server.buffer_max_size`, `http_server.buffer_chunk_size`, `http_server.max_connections`, and `http_server.workers` are configured on the relevant input plugin in the [`pipeline.inputs`](../yaml/pipeline-section.md#shared-http-listener-settings-for-inputs) section.
+
 ## Storage configuration
 
 The following storage-related keys can be set as children to the `storage` key:

installation/upgrade-notes.md

@@ -16,6 +16,32 @@
 
 If you have Prometheus dashboards or alerting rules that reference `fluentbit_hot_reloaded_times`, update them to use counter-appropriate PromQL functions (for example, `rate()` or `increase()` instead of gauge-specific functions like `delta()`).
 
+### Shared HTTP listener settings for HTTP-based inputs
+
+The HTTP-based input plugins now use a shared HTTP listener configuration model. In Fluent Bit `v5.0`, the canonical setting names are:
+
+- `http_server.http2`
+- `http_server.buffer_chunk_size`
+- `http_server.buffer_max_size`
+- `http_server.max_connections`
+- `http_server.workers`
+
+Legacy per-plugin names such as `http2`, `buffer_chunk_size`, and `buffer_max_size` are still accepted as compatibility aliases, but new configurations should use the `http_server.*` names.
+
+If you tune `http`, `splunk`, `elasticsearch`, `opentelemetry`, or `prometheus_remote_write` inputs, review those sections and migrate to the shared naming so future upgrades are clearer.
+
+### Mutual TLS for input plugins
+
+Input plugins that support TLS now also support `tls.verify_client_cert`. Enable this option to require and validate the client certificate presented by the sender.
+
+If you terminate TLS directly in Fluent Bit and need mutual TLS (`mTLS`), add `tls.verify_client_cert on` together with the usual `tls.crt_file` and `tls.key_file` settings.
+
+### New internal logs input
+
+Fluent Bit `v5.0` adds the `fluentbit_logs` input plugin, which mirrors Fluent Bit's own internal log stream back into the data pipeline as structured log records.
+
+Use this input if you want to forward Fluent Bit diagnostics to another destination, filter them, or store them alongside the rest of your telemetry.
+
 ### Emitter backpressure with filesystem storage
 
 The internal emitter plugin, used by filters such as `rewrite_tag`, now automatically enables `storage.pause_on_chunks_overlimit` when filesystem storage is in use and that option hasn't been explicitly configured.
@@ -24,6 +50,17 @@
 
 If you rely on the previous unlimited accumulation behavior, explicitly set `storage.pause_on_chunks_overlimit off` on the relevant input. Otherwise, review your `storage.max_chunks_up` value to ensure it's tuned for your expected throughput.
 
+### More `OAuth 2.0` coverage
+
+Fluent Bit `v5.0` expands `OAuth 2.0` support in both directions:
+
+- HTTP-based inputs can validate incoming bearer tokens using `oauth2.validate`, `oauth2.issuer`, and `oauth2.jwks_url`.
+- The HTTP output can acquire access tokens with `oauth2.enable` and supports `basic`, `post`, and `private_key_jwt` client authentication.
+
+If you previously handled authentication outside Fluent Bit for these cases, review the plugin pages for the new built-in options.
+
+For a broader overview of user-visible additions in this release, see [What's new in Fluent Bit v5.0](whats-new-in-fluent-bit-v5.0.md).
+
 ## Fluent Bit v4.2
 
 ### Vivo exporter output plugin

installation/whats-new-in-fluent-bit-v5.0.md

@@ -0,0 +1,161 @@
+# What's new in Fluent Bit v5.0
+
+Fluent Bit `v5.0` adds new inputs and processors, expands authentication and TLS options, and standardizes configuration for HTTP-based plugins. It also delivers an important round of performance and scalability work, especially for pipelines that ingest logs, metrics, and traces through HTTP-based protocols. This page gives a quick user-focused overview of the main changes since Fluent Bit `v4.2`.
+
+For migration-impacting changes, see [Upgrade notes](upgrade-notes.md).
+
+## Performance and scalability
+
+### Unified processing and delivery model
+
+Fluent Bit `v5.0` continues the move toward a more unified runtime for logs, metrics, and traces. In practice, this means the same core engine improvements benefit more of the pipeline, instead of individual signal paths evolving separately.
+
+For end users, the result is a more consistent behavior across telemetry types and a better base for high-throughput pipelines that mix logs, metrics, and traces in the same deployment.
+
+### Refactored HTTP stack
+
+One of the most important `v5.0` changes is the refactoring of the HTTP listener stack used by several input plugins. Fluent Bit now uses a shared HTTP server implementation across the major HTTP-based receivers instead of maintaining separate code paths.
+
+This work improves:
+
+- concurrency through shared listener worker support
+- consistency of request handling across HTTP-based inputs
+- buffer enforcement and connection handling
+- maintainability, which reduces drift between plugin implementations
+
+The biggest user-facing beneficiaries are:
+
+- [HTTP input](../pipeline/inputs/http.md)
+- [Splunk input](../pipeline/inputs/splunk.md)
+- [Elasticsearch input](../pipeline/inputs/elasticsearch.md)
+- [OpenTelemetry input](../pipeline/inputs/opentelemetry.md)
+- [Prometheus remote write input](../pipeline/inputs/prometheus-remote-write.md)
+
+If you run large HTTP or OTLP ingestion workloads, `v5.0` is not only a feature release. It is also a meaningful runtime improvement.
+
+## Configuration and operations
+
+### Shared HTTP listener settings
+
+HTTP-based inputs now use a shared listener configuration model. The preferred setting names are:
+
+- `http_server.http2`
+- `http_server.buffer_chunk_size`
+- `http_server.buffer_max_size`
+- `http_server.max_connections`
+- `http_server.workers`
+
+Legacy aliases such as `http2`, `buffer_chunk_size`, and `buffer_max_size` still work, but new configurations should use the `http_server.*` names.
+
+Affected plugin families include:
+
+- [HTTP input](../pipeline/inputs/http.md)
+- [Splunk input](../pipeline/inputs/splunk.md)
+- [Elasticsearch input](../pipeline/inputs/elasticsearch.md)
+- [OpenTelemetry input](../pipeline/inputs/opentelemetry.md)
+- [Prometheus remote write input](../pipeline/inputs/prometheus-remote-write.md)
+
+### Mutual TLS for inputs
+
+Input plugins that support TLS can now require client certificate verification with `tls.verify_client_cert`. This makes it easier to run mutual TLS (`mTLS`) directly on Fluent Bit listeners.
+
+See [TLS](../administration/transport-security.md).
+
+### JSON health endpoint in API v2
+
+The built-in HTTP server exposes `/api/v2/health`, which returns health status as JSON and uses the HTTP status code to indicate healthy (`200`) or unhealthy (`500`) state.
+
+See [Monitoring](../administration/monitoring.md).
+
+## Inputs
+
+### New `fluentbit_logs` input
+
+The [Fluent Bit logs input](../pipeline/inputs/fluentbit-logs.md) routes Fluent Bit internal logs back into the pipeline as structured records. This lets you forward agent diagnostics to any supported destination.
+
+### HTTP input remote address capture
+
+The [HTTP input](../pipeline/inputs/http.md) adds:
+
+- `add_remote_addr`
+- `remote_addr_key`
+
+These settings let you attach the client address from `X-Forwarded-For` to each ingested record.
+
+### `OAuth 2.0` bearer token validation on HTTP-based inputs
+
+HTTP-based receivers can validate incoming bearer tokens with:
+
+- `oauth2.validate`
+- `oauth2.issuer`
+- `oauth2.jwks_url`
+- `oauth2.allowed_audience`
+- `oauth2.allowed_clients`
+- `oauth2.jwks_refresh_interval`
+
+This is available on the relevant input plugins, including [HTTP](../pipeline/inputs/http.md) and [OpenTelemetry](../pipeline/inputs/opentelemetry.md).
+
+### OpenTelemetry input improvements
+
+The [OpenTelemetry input](../pipeline/inputs/opentelemetry.md) in `v5.0` expands user-visible behavior with:
+
+- shared HTTP listener worker support
+- `OAuth 2.0` bearer token validation
+- stable JSON metrics ingestion over `OTLP/HTTP`
+- improved JSON trace validation and error reporting
+
+### Kubernetes events state database controls
+
+The [Kubernetes events input](../pipeline/inputs/kubernetes-events.md) documents additional SQLite controls:
+
+- `db.journal_mode`
+- `db.locking`
+
+These settings help tune event cursor persistence and database access behavior.
+
+## Processors
+
+### New cumulative-to-delta processor
+
+The [cumulative to delta processor](../pipeline/processors/cumulative-to-delta.md) converts cumulative monotonic metrics to delta values, which is useful when scraping Prometheus-style metrics but exporting to backends that expect deltas.
+
+### New topological data analysis processor
+
+The [topological data analysis processor](../pipeline/processors/tda.md) adds a metrics processor for topology-based analysis workflows.
+
+### Sampling processor updates
+
+The [sampling processor](../pipeline/processors/sampling.md) adds `legacy_reconcile` for tail sampling, which helps compare the optimized reconciler with the previous behavior when validating upgrades.
+
+## Outputs
+
+### HTTP output `OAuth 2.0` client credentials
+
+The [HTTP output](../pipeline/outputs/http.md) now supports built-in `OAuth 2.0` client credentials with:
+
+- `basic`
+- `post`
+- `private_key_jwt`
+
+You can configure token acquisition directly in Fluent Bit with the `oauth2.*` settings.
+
+### More compression options for cloud outputs
+
+Several outputs gained additional compression support in the `v4.2` to `v5.0` range:
+
+- [Amazon Kinesis Data Streams](../pipeline/outputs/kinesis.md): `gzip`, `zstd`, `snappy`
+- [Amazon Kinesis Data Firehose](../pipeline/outputs/firehose.md): `snappy` added alongside existing codecs
+- [Amazon S3](../pipeline/outputs/s3.md): `snappy` added alongside existing codecs
+- [Azure Blob](../pipeline/outputs/azure_blob.md): `zstd` support for transfer compression
+
+## Monitoring changes
+
+### `fluentbit_hot_reloaded_times` is now a counter
+
+The `fluentbit_hot_reloaded_times` metric changed from a gauge to a counter, which makes it safe to use with PromQL functions such as `rate()` and `increase()`.
+
+### New output backpressure visibility
+
+`v5.0` adds output backpressure duration metrics so you can observe time spent waiting because of downstream pressure.
+
+See [Monitoring](../administration/monitoring.md).

pipeline/filters/modify.md

@@ -49,10 +49,13 @@ The plugin supports the following rules:
 | `Remove_regex` | `REGEXP:KEY` | _none_ | Remove all key/value pairs with key matching regexp `KEY`. |
 | `Rename` | `STRING:KEY` | `STRING:RENAMED_KEY` | Rename a key/value pair with key `KEY` to `RENAMED_KEY` if `KEY` exists and `RENAMED_KEY` doesn't exist. |
 | `Hard_rename` | `STRING:KEY` | `STRING:RENAMED_KEY` | Rename a key/value pair with key `KEY` to `RENAMED_KEY` if `KEY` exists. If `RENAMED_KEY` already exists, this field is overwritten. |
+| `Hard_Rename` | `STRING:KEY` | `STRING:RENAMED_KEY` | Equivalent to `Hard_rename`. This spelling is also accepted by the plugin. |
 | `Copy` | `STRING:KEY` | `STRING:COPIED_KEY` | Copy a key/value pair with key `KEY` to `COPIED_KEY` if `KEY` exists and `COPIED_KEY` doesn't exist. |
 | `Hard_copy` | `STRING:KEY` | `STRING:COPIED_KEY` | Copy a key/value pair with key `KEY` to `COPIED_KEY` if `KEY` exists. If `COPIED_KEY` already exists, this field is overwritten. |
 | `Move_to_start` | `WILDCARD:KEY` | _none_ | Move key/value pairs with keys matching `KEY` to the start of the message. |
+| `Move_To_Start` | `WILDCARD:KEY` | _none_ | Equivalent to `Move_to_start`. This spelling is also accepted by the plugin. |
 | `Move_to_end` | `WILDCARD:KEY` | _none_ | Move key/value pairs with keys matching `KEY` to the end of the message. |
+| `Move_To_End` | `WILDCARD:KEY` | _none_ | Equivalent to `Move_to_end`. This spelling is also accepted by the plugin. |
 
 - Rules are case-insensitive, but parameters aren't.
 - Any number of rules can be set in a filter instance.

pipeline/filters/parser.md

@@ -16,6 +16,7 @@
 | `parser` | Specify the parser name to interpret the field. Multiple parser entries are allowed (one per line). | _none_ |
 | `preserve_key` | Keep the original `key_name` field in the parsed result. If false, the field will be removed. | `false` |
 | `reserve_data` | Keep all other original fields in the parsed result. If false, all other original fields will be removed. | `false` |
+| `Unescape_key` | Deprecated. This option is retained only for backward compatibility and should not be used in new configurations. | _deprecated_ |
 
 ## Get started
 

pipeline/inputs/dummy.md

@@ -23,6 +23,7 @@ The plugin supports the following configuration parameters:
 | `samples` | Limit the number of events generated. For example, if `samples=3`, the plugin generates only three events and stops. `0` means no limit. | `0` |
 | `start_time_nsec` | Set a dummy base timestamp, in nanoseconds. If set to `-1`, the current time is used. | `-1` |
 | `start_time_sec` | Set a dummy base timestamp, in seconds. If set to `-1`, the current time is used. | `-1` |
+| `test_hang_on_exit` | Test-only option that simulates a hang during shutdown for hot reload watchdog testing. Don't use this in production configurations. | `false` |
 | `threaded` | Indicates whether to run this input in its own [thread](../../administration/multithreading.md#inputs). | `false` |
 
 ## Get started