pantheon-ai/fluentbit-toolkit
Complete fluentbit toolkit with generation and validation capabilities
92
Quality
92%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Securityby
Passed
No known issues
instructions.jsongenerator/evals/
{
"instructions": [
{
"instruction": "Always try the script first: `python3 scripts/generate_config.py --help`",
"original_snippets": "#### 2a. Always try the script first\n```bash\npython3 scripts/generate_config.py --help\n```",
"relevant_when": "Generating any Fluent Bit configuration",
"why_given": "preference"
},
{
"instruction": "When using manual generation, state explicitly why the script was not used",
"original_snippets": "#### 2b. Manual generation (when script doesn't cover the use case)\nState explicitly why the script was not used (e.g., \"Manual generation chosen because grep filter for log levels is not supported by the script\").",
"relevant_when": "When manually crafting a Fluent Bit config instead of using the generation script",
"why_given": "preference"
},
{
"instruction": "Before writing any manual config, read the closest example from `examples/`",
"original_snippets": "**Before writing any manual config:**\n1. Read the closest example from `examples/` — production-ready reference configs are available for all 13 use cases",
"relevant_when": "Manual config generation",
"why_given": "preference"
},
{
"instruction": "Read `examples/parsers.conf` — reuse existing parsers before creating custom ones",
"original_snippets": "2. Read `examples/parsers.conf` — reuse existing parsers (docker, cri, json, nginx, apache, syslog-rfc3164/5424, multiline-java/python/go/ruby) before creating custom ones.",
"relevant_when": "When configuring parsers in a Fluent Bit config",
"why_given": "preference"
},
{
"instruction": "Set `Mem_Buf_Limit 50MB` on every tail input to prevent OOM",
"original_snippets": "Mem_Buf_Limit 50MB # always set to prevent OOM\n...\n| OOM prevention | `Mem_Buf_Limit 50MB` on every tail input |",
"relevant_when": "Any config with a tail INPUT plugin",
"why_given": "new knowledge"
},
{
"instruction": "Set `DB /var/log/flb_kube.db` on tail inputs for crash recovery / position tracking across restarts",
"original_snippets": "DB /var/log/flb_kube.db # position tracking across restarts\n...\n| Crash recovery | `DB /var/log/flb_kube.db` on tail inputs |",
"relevant_when": "Any config with a tail INPUT plugin",
"why_given": "new knowledge"
},
{
"instruction": "Add `Exclude_Path *fluent-bit*.log` to tail inputs to prevent log loops",
"original_snippets": "Exclude_Path /var/log/containers/*fluent-bit*.log\n...\n| Log loops | `Exclude_Path *fluent-bit*.log` |",
"relevant_when": "Tail INPUT plugins watching container log directories",
"why_given": "new knowledge"
},
{
"instruction": "Use `${ENV_VAR}` syntax for credentials — never hardcode secrets",
"original_snippets": "Header Authorization Bearer ${API_TOKEN}\n...\n| Credentials | `${ENV_VAR}` only, never hardcode |\n...\n### NEVER store sensitive values directly in `fluent-bit.conf`",
"relevant_when": "Any config that requires authentication (HTTP passwords, API tokens, bearer tokens)",
"why_given": "new knowledge"
},
{
"instruction": "Use `tls On` + `tls.verify On` in production; if `tls.verify Off` is needed add an inline comment explaining why",
"original_snippets": "| TLS | `tls On` + `tls.verify On` in production |\n...\n**TLS guidance** — use `tls.verify On` in production; if `Off` is needed add an inline comment explaining why (e.g., `# Internal cluster with self-signed certs`)",
"relevant_when": "Any OUTPUT plugin that transmits data over the network (Elasticsearch, Loki, HTTP, OpenTelemetry)",
"why_given": "preference"
},
{
"instruction": "Set `Retry_Limit 3-5` on all outputs",
"original_snippets": "| Retries | `Retry_Limit 3-5` on all outputs |\n...\n### NEVER use `Retry_Limit False` in outputs without monitoring",
"relevant_when": "Any config with OUTPUT plugins",
"why_given": "preference"
},
{
"instruction": "Set `storage.total_limit_size` to prevent disk exhaustion",
"original_snippets": "| Disk buffer | `storage.total_limit_size` to prevent exhaustion |\n...\nstorage.total_limit_size 5M",
"relevant_when": "Production configs or configs where output delivery may be unreliable",
"why_given": "new knowledge"
},
{
"instruction": "Enable `HTTP_Server On` in SERVICE section for K8s health probes",
"original_snippets": "| Health checks | `HTTP_Server On`, probe `GET :2020/api/v1/health` |\n...\nHTTP_Server On # enables /api/v1/health for K8s probes",
"relevant_when": "Kubernetes deployments or any production Fluent Bit config",
"why_given": "new knowledge"
},
{
"instruction": "Enable `compression gzip` on network outputs to reduce bandwidth",
"original_snippets": "| Bandwidth | Enable `compression gzip` on network outputs |",
"relevant_when": "OUTPUT plugins that send data over network (S3, HTTP, Kafka)",
"why_given": "preference"
},
{
"instruction": "Use distinct tag namespaces (`kube.*`, `app.*`, `system.*`) and route each namespace to its intended destination — do NOT use `Match *` on all output plugins simultaneously",
"original_snippets": "### NEVER use `Match *` on all output plugins simultaneously\n...\n**GOOD**: Use distinct tag namespaces (`kube.*`, `app.*`, `system.*`) and route each namespace to its intended destination with a specific `Match` pattern.",
"relevant_when": "Multi-destination configurations with more than one OUTPUT plugin",
"why_given": "new knowledge"
},
{
"instruction": "Prefer `Parser json` over regexp parsers for JSON-formatted logs; use `logfmt` for logfmt logs",
"original_snippets": "### NEVER parse structured logs with a regexp parser when `json` or `logfmt` parsers apply\n...\n**GOOD**: `Parser json` — simpler, faster, and guaranteed to handle all valid JSON log output correctly.",
"relevant_when": "Configs that parse log fields using a FILTER parser plugin",
"why_given": "new knowledge"
},
{
"instruction": "Use `Merge_Log On` in K8s filter for structured logs; prefer JSON app logs",
"original_snippets": "| Structured logs | Prefer JSON app logs; use `Merge_Log On` in K8s filter |",
"relevant_when": "Kubernetes log collection configurations",
"why_given": "preference"
},
{
"instruction": "Filter order matters — parsers must come before modifiers",
"original_snippets": "**Common FILTER patterns** (use as needed, order matters — parsers before modifiers)",
"relevant_when": "Any config using multiple FILTER sections",
"why_given": "new knowledge"
},
{
"instruction": "Set `Daemon Off` in containers",
"original_snippets": "Daemon Off # Off in containers",
"relevant_when": "Deploying Fluent Bit in containerized environments",
"why_given": "reminder"
},
{
"instruction": "Invoke fluentbit-validator on the generated config after generation",
"original_snippets": "**Invoke devops-skills:fluentbit-validator** on the generated config to run: Required field checks and plugin parameter validation... Fix any reported issues and re-validate until all checks pass.",
"relevant_when": "After any config is generated",
"why_given": "preference"
},
{
"instruction": "Explain section choices, flag required customizations, and summarise validator output in delivery",
"original_snippets": "When delivering a configuration:\n1. **Explain section choices**\n2. **Flag required customizations**\n3. **Credential reminders**\n4. **TLS guidance**\n5. **Validation status**",
"relevant_when": "Any configuration delivery to a user",
"why_given": "preference"
},
{
"instruction": "Gather requirements before generating: input sources, processing, output destinations, constraints",
"original_snippets": "### Step 1: Gather Requirements\nIdentify the following before generating:\n- **Input sources:** ...\n- **Processing:** ...\n- **Output destinations:** ...\n- **Constraints:** ...\nUse AskUserQuestion if key information is missing.",
"relevant_when": "Starting any Fluent Bit configuration task",
"why_given": "preference"
}
]
}