Public | Automated Build

Last pushed: 6 months ago
Short Description
Elastalert on Alpine Linux.
Full Description

Elastalert Docker Image

Docker image with Elastalert on Alpine Linux.

Assumes the use of port 9200 when communicating with Elasticsearch.
In order for the time of the container to be synchronized (ntpd), it must be run with the SYS_TIME capability.
In addition you may want to add the SYS_NICE capability, in order for ntpd to be able to modify its priority.

If Elasticsearch requires authentication, then the two environment variables listed below must contain user and password.
In addition, if you mount the Elastalert configuration file you must add login credentials, like in this example:

es_username: elastic
es_password: changeme


  • /opt/logs - Elastalert and Supervisord logs will be written to this directory.
  • /opt/config - Elastalert (elastalert_config.yaml) and Supervisord (elastalert_supervisord.conf) configuration files.
  • /opt/rules - Contains Elastalert rules.


  • SET_CONTAINER_TIMEZONE - Set to "True" (without quotes) to set the timezone when starting a container. Default is False.
  • CONTAINER_TIMEZONE - Timezone to use in container. Default is Europe/Stockholm.
  • ELASTICSEARCH_HOST - IP or hostname for your Elasticsearch host. Defaults to elasticsearchhost.
  • ELASTICSEARCH_PORT - Port for your Elasticsearch host. Defaults to 9200.
  • ELASTICSEARCH_USER - Name of user to log into Ealsticsearch with. Leave undefined for no authentication.
  • ELASTICSEARCH_PASSWORD - Password to log into Elasticsearch with. Leave undefined for no authentication.
  • ELASTICSEARCH_TLS - Use HTTPS when connecting to Elasticsearch (True/False). Default is False.
  • ELASTICSEARCH_TLS_VERIFY - Verify server (Elasticsearch) certificate (True/False). Default is False.
  • ELASTALERT_INDEX - Name of Elastalert writeback index in Elasticseach. Defaults to elastalert_status.
Docker Pull Command
Source Repository