You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
|`auth_type`| Specify the type to authenticate against the service. Supported values: `key`, `sas`. |`key`|
26
+
|`auth_type`| Specify the type to authenticate against the service. Supported values: `key`, `sas`, `service_principal`.|`key`|
27
27
|`auto_create_container`| If `container_name` doesn't exist in the remote service, enabling this option handles the exception and auto-creates the container. |`true`|
28
28
|`azure_blob_buffer_key`| Set the Azure Blob buffer key which needs to be specified when using multiple instances of Azure Blob output plugin and buffering is enabled. |`key`|
|`compress_blob`| Enables compression in the final `blockblob` file. When enabled without `compress`, it uses GZIP; if `compress` is also set, it inherits that codec. This option isn't compatible when `blob_type` = `appendblob`. Fluent Bit returns a configuration error and fails to start. |`false`|
36
39
|`configuration_endpoint_bearer_token`| Bearer token for the configuration endpoint. |_none_|
@@ -60,6 +63,30 @@ Fluent Bit exposes the following configuration properties.
60
63
|`upload_timeout`| Optional. Specify a timeout for uploads. Fluent Bit will start ingesting buffer files which have been created more than `x` minutes and haven't reached `upload_file_size` limit yet. |`30m`|
61
64
|`workers`| The number of [workers](../../administration/multithreading.md#outputs) to perform flush operations for this output. |`0`|
62
65
66
+
## Service principal authentication
67
+
68
+
Azure Blob output supports Microsoft Entra ID service principal authentication. To use this authentication method, set `auth_type` to `service_principal` and provide the required credentials: `tenant_id`, `client_id`, and `client_secret`.
69
+
70
+
The service principal must have permission to write to the target storage account or container. For example, assign the `Storage Blob Data Contributor` role to the service principal.
71
+
72
+
Service principal authentication requires TLS to be enabled (`tls` set to `on`).
73
+
74
+
### Example configuration
75
+
76
+
```ini
77
+
[OUTPUT]
78
+
Name azure_blob
79
+
Match *
80
+
account_name mystorageaccount
81
+
container_name logs
82
+
blob_type blockblob
83
+
auth_type service_principal
84
+
tenant_id <tenant-id>
85
+
client_id <client-id>
86
+
client_secret <client-secret>
87
+
tls on
88
+
```
89
+
63
90
### Path templating
64
91
65
92
When `path` is set, Fluent Bit resolves the value as a template (similar to the Amazon S3 output) before each upload. The resolved prefix is persisted alongside buffered files, so retries and restarts keep writing to the same Azure path. Leading and trailing slashes are removed automatically to avoid duplicate separators.
0 commit comments