- With Docker 1.8.0 shipped new log-driver for GELF via UDP, this means that the logs from Docker Container(s) can be shipped directly to the ELK stack for further analysis.
- This tutorial will illustrate how to use the GELF log-driver with Docker engine.
- Step 1: Setup ELK Stack:
docker run -d --name es elasticsearch
docker run -d --name logstash --link es:elasticsearch logstash -v /tmp/logstash.conf:/config-dir/logstash.conf logstash logstash -f /config-dir/logstash.conf
- Note the config for Logstash can be found at this link
docker run --link es:elasticsearch -d kibana
- Once the ELK stack is up now let's fire up our nginx container which ships its logs to ELK stack.
LOGSTASH_ADDRESS=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' logstash)
docker run -d --net=host --log-driver=gelf --log-opt gelf-address=udp://$LOGSTASH_ADDRESS:12201 --log-opt gelf-tag="fe" nginx
- All logs from the nginx container will be shipped to our ELK stack for slicing and dicing.
- To verify that logs are being passed in visit
http://<kibana-container-ip>:5601
follow through the setup and you should see the logs in Kibana.
This is works for me
the most important is logstash.conf, do not use worker, since it is not supported anymore.