Official Repository

Last pushed: 3 days ago
Short Description
Logstash is a tool for managing events and logs.
Full Description


This image has been deprecated in favor of the official logstash image provided and maintained by The upstream images are available to pull via[version] like 5.4.2. The images found here will receive no further updates once the 5.6.0 release is available upstream. Please adjust your usage accordingly.

Elastic provides open-source support for Logstash via the elastic/logstash GitHub repository and the Docker image via the elastic/logstash-docker GitHub repository, as well as community support via its forums.

Supported tags and respective Dockerfile links

Quick reference

What is Logstash?

Logstash is a tool that can be used to collect, process and forward events and log messages. Collection is accomplished via number of configurable input plugins including raw socket/packet communication, file tailing and several message bus clients. Once an input plugin has collected data it can be processed by any number of filters which modify and annotate the event data. Finally events are routed to output plugins which can forward the events to a variety of external programs including Elasticsearch, local files and several message bus implementations.

How to use this image

Start Logstash with commandline configuration

If you need to run logstash with configuration provided on the commandline, you can use the logstash image as follows:

$ docker run -it --rm logstash -e 'input { stdin { } } output { stdout { } }'

Start Logstash with configuration file

If you need to run logstash with a configuration file, logstash.conf, that's located in your current directory, you can use the logstash image as follows:

$ docker run -it --rm -v "$PWD":/config-dir logstash -f /config-dir/logstash.conf

Using a Dockerfile

If you'd like to have a production Logstash image with a pre-baked configuration file, use of a Dockerfile is recommended:

FROM logstash

COPY logstash.conf /some/config-dir/

CMD ["-f", "/some/config-dir/logstash.conf"]

Then, build with docker build -t my-logstash . and deploy with something like the following:

$ docker run -d my-logstash

Installing plugins

If you need to add any logstash plugins that do not ship with Logstash by default, the simplest solution is a Dockerfile using logstash-plugin included with Logsatsh. You can also pack in your customized config file.

FROM logstash:5

RUN logstash-plugin install logstash-filter-de_dot

COPY logstash.conf /some/config-dir/

CMD ["-f", "/some/config-dir/logstash.conf"]

Then, build with docker build -t my-logstash . and deploy just like the previous example:

$ docker run -d my-logstash

Image Variants

The logstash images come in many flavors, each designed for a specific use case.


This is the defacto image. If you are unsure about what your needs are, you probably want to use this one. It is designed to be used both as a throw away container (mount your source code and start the container to start your app), as well as the base to build other images off of.


This image is based on the popular Alpine Linux project, available in the alpine official image. Alpine Linux is much smaller than most distribution base images (~5MB), and thus leads to much slimmer images in general.

This variant is highly recommended when final image size being as small as possible is desired. The main caveat to note is that it does use musl libc instead of glibc and friends, so certain software might run into issues depending on the depth of their libc requirements. However, most software doesn't have an issue with this, so this variant is usually a very safe choice. See this Hacker News comment thread for more discussion of the issues that might arise and some pro/con comparisons of using Alpine-based images.

To minimize image size, it's uncommon for additional related tools (such as git or bash) to be included in Alpine-based images. Using this image as a base, add the things you need in your own Dockerfile (see the alpine image description for examples of how to install packages if you are unfamiliar).


View license information for the software contained in this image.

Docker Pull Command

Comments (27)
18 days ago

Hi, does this (or any other in your repository) image include Kibana and Elasticsearch? In case such an image does not exist how can I build a full logstash - elasticsearch - kibana stack?

3 months ago

Please rethink the decision to deprecate this. I just started migrating our infrastructure from Puppet to Docker and this breaks our ability to use Artifactory as a docker proxy for our company.

5 months ago

Unable to mount configuration file with 5.2.0.

$ ls -alh ./logstash.conf
-rw-rw-r--. 1 me me 42 Feb 10 11:33 ./logstash.conf

$ docker run -it --rm -v $PWD:/config-dir logstash -f /config-dir/logstash.conf
Sending Logstash's logs to /var/log/logstash which is now configured via
16:40:06.786 [main] INFO logstash.setting.writabledirectory - Creating directory {:setting=>"path.queue", :path=>"/usr/share/logstash/data/queue"}
16:40:06.804 [LogStash::Runner] INFO logstash.agent - No persistent UUID file found. Generating new UUID {:uuid=>"32e6b457-5287-4cb9-8e0a-ac398d570962", :path=>"/var/lib/logstash/uuid"}
16:40:06.868 [LogStash::Runner] INFO logstash.agent - No config files found in path {:path=>"/config-dir/logstash.conf"}
16:40:06.871 [LogStash::Runner] ERROR logstash.agent - failed to fetch pipeline configuration {:message=>"No config files found: /config-dir/logstash.conf. Can you make sure this path is a logstash config file?"}

7 months ago

how to config redis-sentinel for input and output?

8 months ago

The default entry of logstash isn't publishing the schema <- ELK stack with a workaround

9 months ago

Could you please release the new 5.0.0-beta1 version? Thanks!

10 months ago

What's the best procedure for including extra plugins? For example, I need to install an sflow plugin - but only the logstash.conf is persistent so it won't stick between restarts. I'd like to avoid tinkering with the dockerfile if possible.

10 months ago

this thing should probably allow setting an environment variable for the config file and use that...

10 months ago

Here is an example of using Logstash with Logspout to aggregate docker container logs (docker-compose example provided):

10 months ago

Regarding Compose, you can also specify a command under your logstash service: command: logstash -f myconfigfile.conf. (Idea from deviantony's ELK project: