docker-logspout-elk icon indicating copy to clipboard operation
docker-logspout-elk copied to clipboard

Docker-compose yml file with logspout and ELK stack

Docker-compose.yml file with logspout and ELK stack

Check out my my article:

This docker-compose.yml file contains 4 services:

  • Logspout: Log router for Docker cantainers which attaches to all containers on a host and routes their logs to logstash
  • Logstash: Tool that can be used to collect, process and forward log messages
  • Elasticsearch: Search server based on Lucene.
  • Kibana: Data visualisation plugin for Elasticsearch.

How to start this stack?

Just cd into directory with docker-compose.yml and type:

docker-compose up

You shoud see how is stack starting. Now open another terminal and run:

docker run --rm alpine echo This is my log message

Your message should appear first terminal:

logstash_1       | {
logstash_1       |          "@version" => "1",
logstash_1       |        "@timestamp" => "2016-04-30T08:23:24.934Z",
logstash_1       |              "type" => "docker",
logstash_1       |              "host" => "",
logstash_1       |           "service" => "ab",
logstash_1       |     "containerName" => "romantic_jennings",
logstash_1       |           "message" => "This is my log message"
logstash_1       | }

This message shoud be also stored in Elasticsearch and visible in Kibana - visit https://localhost:5601, click on Create button and go to Discover tab.

Choose index pattern in Kibana

Your log message should appear in Kibana:

Kibana - discover