Public Repository

Last pushed: 2 years ago
Short Description
Elk Stack for Logback/MDC.
Full Description


Docker ELK stack that is Logback compatible.
(UDP input with JSON codec and elastic search output with JSON codec.)


This is deployed as Docker image advantageous/elk
on docker hub. The source code for this build is at github.


The source is config files and a Packer build project
to create a Docker image based on sebp/elk.


The sebp/elk has excellent


The issue we had with sebp/elk docker image was that it was setup for
log file ingestion and not for use with Logback which
sends log data, extra fields and MDC via a JSON codec.

Adding Logback support UDP and JSON input/output

To support Logback we had to add support for JSON codec output to elastic search.


output {
  elasticsearch {
    hosts => ["localhost"]
    sniffing => true
    codec => json

We also added support for UDP ingestion.


input {
    udp {
        port => 5001
        codec => json


To configure Logback you will need logback and the
Logback logstash appender.

Then just add the following to a logback.xml config file in your Java project.


<?xml version="1.0" encoding="UTF-8"?>

    <appender name="STASH-UDP" class="net.logstash.logback.appender.LogstashSocketAppender">

    <root level="INFO">
        <appender-ref ref="STASH-UDP"/>

    <logger name="com.mycompany" level="INFO"/>


To deploy this with the advantageous gradle docker plugin,
do the following:

gradle build.gradle

plugins {
    id "io.advantageous.docker-test" version "0.1.6"


testDockerContainers {
    elk {
        containerName "elk-app"
        image "advantageous/elk:0.1"
        portMapping(container: 9200, host: 9200)
        portMapping(container: 5044, host: 5044)
        portMapping(container: 5000, host: 5000)
        portMapping(container: 5601, host: 5601)
        portMapping(container: "5001/udp", host: 5001)
        runArgs " /usr/local/bin/ "

Or run it with docker command line as follows:

 $ docker run -d -p 9200:9200 -p 5044:5044 -p 5000:5000 -p 5601:5601 \
          -p 5001:5001/udp --name=elk-df advantageous/elk:0.1  \

Note that starts the ELK stack as unix services.


  • Install packer.
  • Check out the project from github.
  • Go to the project folder and run packer build as follows.
$ packer build elk-docker.json
Docker Pull Command