Public | Automated Build

Last pushed: 19 days ago
Short Description
Elasticsearch 5, Kibana 5 and Logstash 5 on Alpine Linux. (Ready to run Cisco and BEATS support)
Full Description

Elasticsearch, Logstash and Kibana 5.6.9

This is a small container at only 300Mb compressed, running a full functional ELK 5 stack.


Make sure your docker hosts has the folowing sysctl setting, this is required for ELK

insert in /etc/sysctl.conf

vm.max_map_count = 262144

or run

sysctl -w vm.max_map_count=262144


  • filebeat support
  • cisco syslog support
  • yum.log support via filebeat
  • nginx accesslogs support
  • updated upstream grok patterns
  • running on Alpine Linux with s6, small, clean and efficient
  • Maxmind geo data enabled
  • Each process runs as own user, in docker ;)
  • multi input index is created based on type


Start the container

docker run -d -p 5601:5601 -p 9200:9200 -p 5044:5044 \
  -v /var/lib/elasticsearch:/var/lib/elasticsearch \
  --name elk \

Check progress with

docker logs -f elk

You can now open kibana http://elasticsearchhost:5601

There will probably be no index patterns, you'll have to import them manually. For beats you can use the new import_dashboards script which automate this process. (Install filebeat for this functionality.)

/usr/share/filebeat/scripts/import_dashboards -es http://<elasticsearch>:9200
/usr/share/metricbeat/scripts/import_dashboards -es http://<elasticsearch>:9200
/usr/share/packetbeat/scripts/import_dashboards -es http://<elasticsearch>:9200


  • Add java environment options
  • autoupdate GEO data
  • curator install
  • auto cleanup of old indices
  • elasticsearch plugins
Docker Pull Command
Source Repository