Public | Automated Build

Last pushed: 12 days ago
Short Description
Logstash Docker image.
Full Description

Supported tags and respective Dockerfile links

What is logstash?

Logstash is an open source, server-side data processing pipeline that ingests data from a multitude of sources simultaneously, transforms it, and then sends it to your favorite “stash.” (Elasticsearch for example.)

<img src="https://static-www.elastic.co/fr/assets/blt946bc636d34a70eb/icon-logstash-bb.svg?q=600" width="144" height="144">

How To Use

docker engine

docker run -d -p 5000:5000 - p 5001:5001 khezen/logstash:latest

docker-compose

File Descriptors and MMap

run the following command on your host:

sysctl -w vm.max_map_count=262144

You can set it permanently by modifying vm.max_map_count setting in your /etc/sysctl.conf.

docker-compose.yml

version: '3'
services:
    elasticsearch:
        image: khezen/elasticsearch:2
        environment:
            ELASTIC_PWD: changeme
            KIBANA_PWD: brucewayne
            LOGSTASH_PWD: heizenberg
        volumes:
            - /data/elasticsearch:/usr/share/elasticsearch/data
            - /etc/elasticsearch:/usr/share/elasticsearch/config 
        ports:
             - "9200:9200"
             - "9300:9300"
        network_mode: bridge
        restart: unless-stopped

    kibana:
        links:
            - elasticsearch:elasticsearch-0
        image: khezen/kibana:4
        environment:
            KIBANA_PWD: brucewayne
            ELASTICSEARCH_HOST: elasticsearch-0
            ELASTICSEARCH_PORT: 9200
        volumes:
            - /etc/kibana:/opt/kibana/config
        ports:
             - "5601:5601"
        network_mode: bridge
        restart: unless-stopped

    logstash:
        links:
            - elasticsearch:elasticsearch-0
        image: khezen/logstash:2
        environment:
            LOGSTASH_PWD: heizenberg
            ELASTICSEARCH_HOST: elasticsearch-0
            ELASTICSEARCH_PORT: 9200
        volumes:
            - /etc/logstash:/etc/logstash/conf.d
            - /etc/elasticsearch/searchguard/ssl:/etc/elasticsearch/searchguard/ssl
        ports:
             - "5000:5000"
             - "5001:5001"
        network_mode: bridge
        restart: unless-stopped

Environment Variables

HEAP_SIZE | 1g

Defines the maximum memory allocated to logstash.

LOGSTASH_PWD | changeme

password for elasticsearch built-in user logstash.

ELASTICSEARCH_HOST | elasticsearch

Elasticsearch hostname.

ELASTICSEARCH_PORT | 9200

Elasticsearch port.

TS_PWD | changeme

Truststore password

Default config

input {
    tcp {
        port => 5000
        codec => "json"
    }
    udp {
        port => 5001
        codec => "json"
    }
}

filter {
    date {
        match => [ "timestamp", "dd/MMM/YYYY:HH:mm:ss Z" ]
    }
    geoip {
        source => "clientip"
     }
      useragent {
        source => "agent"
        target => "useragent"
      }
}

output {
    elasticsearch {
        hosts => "${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}"
    user => "logstash"
    password => "${LOGSTASH_USER}"
        ssl => true
    ssl_certificate_verification => true
        truststore => "/etc/elasticsearch/searchguard/ssl/truststore.jks"
    truststore_password => "${TS_PWD}"
    }
}

Configure Logstash

Configuration file is located in /etc/logstash/logstash.conf if you follow the same volume mapping as in docker-compose examples above.

You can find default config there.

NOTE: It is possible to use environment variables in logstash.conf.

You can find help with logstash configuration there.

User Feedback

Issues

If you have any problems with or questions about this image, please ask for help through a GitHub issue.

Docker Pull Command
Owner
khezen
Source Repository

Comments (0)