Official Repository

Last pushed: a day ago
Short Description
Logstash is a tool for managing events and logs.
Full Description

DEPRECATED

This image is officially deprecated in favor of the logstash image provided by elastic.co which is available to pull via docker.elastic.co/logstash/logstash:[version] like 5.2.1. This image will receive no further updates after 2017-06-20 (June 20, 2017). Please adjust your usage accordingly.

Elastic provides open-source support for Logstash via the elastic/logstash GitHub repository and the Docker image via the elastic/logstash-docker GitHub repository, as well as community support via its forums.

Supported tags and respective Dockerfile links

Quick reference

What is Logstash?

Logstash is a tool that can be used to collect, process and forward events and log messages. Collection is accomplished via number of configurable input plugins including raw socket/packet communication, file tailing and several message bus clients. Once an input plugin has collected data it can be processed by any number of filters which modify and annotate the event data. Finally events are routed to output plugins which can forward the events to a variety of external programs including Elasticsearch, local files and several message bus implementations.

wikitech.wikimedia.org/wiki/Logstash

How to use this image

Start Logstash with commandline configuration

If you need to run logstash with configuration provided on the commandline, you can use the logstash image as follows:

$ docker run -it --rm logstash -e 'input { stdin { } } output { stdout { } }'

Start Logstash with configuration file

If you need to run logstash with a configuration file, logstash.conf, that's located in your current directory, you can use the logstash image as follows:

$ docker run -it --rm -v "$PWD":/config-dir logstash -f /config-dir/logstash.conf

Using a Dockerfile

If you'd like to have a production Logstash image with a pre-baked configuration file, use of a Dockerfile is recommended:

FROM logstash

COPY logstash.conf /some/config-dir/

CMD ["-f", "/some/config-dir/logstash.conf"]

Then, build with docker build -t my-logstash . and deploy with something like the following:

$ docker run -d my-logstash

Installing plugins

If you need to add any logstash plugins that do not ship with Logstash by default, the simplest solution is a Dockerfile using logstash-plugin included with Logsatsh. You can also pack in your customized config file.

FROM logstash:5

RUN logstash-plugin install logstash-filter-de_dot

COPY logstash.conf /some/config-dir/

CMD ["-f", "/some/config-dir/logstash.conf"]

Then, build with docker build -t my-logstash . and deploy just like the previous example:

$ docker run -d my-logstash

Image Variants

The logstash images come in many flavors, each designed for a specific use case.

logstash:<version>

This is the defacto image. If you are unsure about what your needs are, you probably want to use this one. It is designed to be used both as a throw away container (mount your source code and start the container to start your app), as well as the base to build other images off of.

logstash:alpine

This image is based on the popular Alpine Linux project, available in the alpine official image. Alpine Linux is much smaller than most distribution base images (~5MB), and thus leads to much slimmer images in general.

This variant is highly recommended when final image size being as small as possible is desired. The main caveat to note is that it does use musl libc instead of glibc and friends, so certain software might run into issues depending on the depth of their libc requirements. However, most software doesn't have an issue with this, so this variant is usually a very safe choice. See this Hacker News comment thread for more discussion of the issues that might arise and some pro/con comparisons of using Alpine-based images.

To minimize image size, it's uncommon for additional related tools (such as git or bash) to be included in Alpine-based images. Using this image as a base, add the things you need in your own Dockerfile (see the alpine image description for examples of how to install packages if you are unfamiliar).

License

View license information for the software contained in this image.

Docker Pull Command

Comments (26)
claflico
2 months ago

Please rethink the decision to deprecate this. I just started migrating our infrastructure from Puppet to Docker and this breaks our ability to use Artifactory as a docker proxy for our company.

szgaljic
3 months ago

Unable to mount configuration file with 5.2.0.

$ ls -alh ./logstash.conf
-rw-rw-r--. 1 me me 42 Feb 10 11:33 ./logstash.conf

$ docker run -it --rm -v $PWD:/config-dir logstash -f /config-dir/logstash.conf
Sending Logstash's logs to /var/log/logstash which is now configured via log4j2.properties
16:40:06.786 [main] INFO logstash.setting.writabledirectory - Creating directory {:setting=>"path.queue", :path=>"/usr/share/logstash/data/queue"}
16:40:06.804 [LogStash::Runner] INFO logstash.agent - No persistent UUID file found. Generating new UUID {:uuid=>"32e6b457-5287-4cb9-8e0a-ac398d570962", :path=>"/var/lib/logstash/uuid"}
16:40:06.868 [LogStash::Runner] INFO logstash.agent - No config files found in path {:path=>"/config-dir/logstash.conf"}
16:40:06.871 [LogStash::Runner] ERROR logstash.agent - failed to fetch pipeline configuration {:message=>"No config files found: /config-dir/logstash.conf. Can you make sure this path is a logstash config file?"}

kaybinwong
6 months ago

how to config redis-sentinel for input and output?

thedockerbook
6 months ago

The default entry of logstash isn't publishing the schema
https://github.com/sjeeva/elk <- ELK stack with a workaround

nikwil
7 months ago

Could you please release the new 5.0.0-beta1 version? Thanks!

williamayerst
8 months ago

What's the best procedure for including extra plugins? For example, I need to install an sflow plugin - but only the logstash.conf is persistent so it won't stick between restarts. I'd like to avoid tinkering with the dockerfile if possible.

sxpert
9 months ago

this thing should probably allow setting an environment variable for the config file and use that...

bekt
9 months ago

Here is an example of using Logstash with Logspout to aggregate docker container logs (docker-compose example provided): https://hub.docker.com/r/bekt/logspout-logstash/

pydolan
9 months ago

Regarding Compose, you can also specify a command under your logstash service: command: logstash -f myconfigfile.conf. (Idea from deviantony's ELK project: https://github.com/deviantony/docker-elk/blob/master/docker-compose.yml)

rodolpheche
9 months ago

@radioflash Logstash is actually in alpha version and seems to need a tty to run. But tty is causing problem to docker-compose. So, you can add "TERM: xterm" as a workaround to your service/container properties in your docker-compose.yml file