Official Repository

Last pushed: 15 days ago
Short Description
Logstash is a tool for managing events and logs.
Full Description

DEPRECATION NOTICE

This image has been deprecated in favor of the official logstash image provided and maintained by elastic.co. The list of images available from Elastic can be found at www.docker.elastic.co. The images found here will receive no further updates once the 6.0.0 release is available upstream. Please adjust your usage accordingly.

Elastic provides open-source support for Logstash via the elastic/logstash GitHub repository and the Docker image via the elastic/logstash-docker GitHub repository, as well as community support via its forums.

Supported tags and respective Dockerfile links

Quick reference

What is Logstash?

Logstash is a tool that can be used to collect, process and forward events and log messages. Collection is accomplished via number of configurable input plugins including raw socket/packet communication, file tailing and several message bus clients. Once an input plugin has collected data it can be processed by any number of filters which modify and annotate the event data. Finally events are routed to output plugins which can forward the events to a variety of external programs including Elasticsearch, local files and several message bus implementations.

wikitech.wikimedia.org/wiki/Logstash

How to use this image

Start Logstash with commandline configuration

If you need to run logstash with configuration provided on the commandline, you can use the logstash image as follows:

$ docker run -it --rm logstash -e 'input { stdin { } } output { stdout { } }'

Start Logstash with configuration file

If you need to run logstash with a configuration file, logstash.conf, that's located in your current directory, you can use the logstash image as follows:

$ docker run -it --rm -v "$PWD":/config-dir logstash -f /config-dir/logstash.conf

Using a Dockerfile

If you'd like to have a production Logstash image with a pre-baked configuration file, use of a Dockerfile is recommended:

FROM logstash

COPY logstash.conf /some/config-dir/

CMD ["-f", "/some/config-dir/logstash.conf"]

Then, build with docker build -t my-logstash . and deploy with something like the following:

$ docker run -d my-logstash

Installing plugins

If you need to add any logstash plugins that do not ship with Logstash by default, the simplest solution is a Dockerfile using logstash-plugin included with Logsatsh. You can also pack in your customized config file.

FROM logstash:5

RUN logstash-plugin install logstash-filter-de_dot

COPY logstash.conf /some/config-dir/

CMD ["-f", "/some/config-dir/logstash.conf"]

Then, build with docker build -t my-logstash . and deploy just like the previous example:

$ docker run -d my-logstash

Image Variants

The logstash images come in many flavors, each designed for a specific use case.

logstash:<version>

This is the defacto image. If you are unsure about what your needs are, you probably want to use this one. It is designed to be used both as a throw away container (mount your source code and start the container to start your app), as well as the base to build other images off of.

logstash:alpine

This image is based on the popular Alpine Linux project, available in the alpine official image. Alpine Linux is much smaller than most distribution base images (~5MB), and thus leads to much slimmer images in general.

This variant is highly recommended when final image size being as small as possible is desired. The main caveat to note is that it does use musl libc instead of glibc and friends, so certain software might run into issues depending on the depth of their libc requirements. However, most software doesn't have an issue with this, so this variant is usually a very safe choice. See this Hacker News comment thread for more discussion of the issues that might arise and some pro/con comparisons of using Alpine-based images.

To minimize image size, it's uncommon for additional related tools (such as git or bash) to be included in Alpine-based images. Using this image as a base, add the things you need in your own Dockerfile (see the alpine image description for examples of how to install packages if you are unfamiliar).

License

View license information for the software contained in this image.

As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).

Some additional license information which was able to be auto-detected might be found in the repo-info repository's logstash/ directory.

As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.

Docker Pull Command