Public | Automated Build

Last pushed: 2 months ago
Short Description
Collect, search and visualise log data with Elasticsearch, Logstash, and Kibana.
Full Description

Elasticsearch, Logstash, Kibana (ELK) Docker image

This Docker image provides a convenient centralised log server and log management web interface, by packaging Elasticsearch, Logstash, and Kibana, collectively known as ELK.

The following tags are available:

  • latest, 540: ELK 5.4.0.

  • 532: ELK 5.3.2.

  • 531: ELK 5.3.1.

  • 530: ELK 5.3.0.

  • 522: ELK 5.2.2.

  • 521: ELK 5.2.1.

  • 520: ELK 5.2.0.

  • 512: ELK 5.1.2.

  • 511: ELK 5.1.1.

  • 502: ELK 5.0.2.

  • es501_l501_k501: ELK 5.0.1.

  • es500_l500_k500: ELK 5.0.0.

  • es241_l240_k461: Elasticsearch 2.4.1, Logstash 2.4.0, and Kibana 4.6.1.

  • es240_l240_k460: Elasticsearch 2.4.0, Logstash 2.4.0, and Kibana 4.6.0.

  • es235_l234_k454: Elasticsearch 2.3.5, Logstash 2.3.4, and Kibana 4.5.4.

  • es234_l234_k453: Elasticsearch 2.3.4, Logstash 2.3.4, and Kibana 4.5.3.

  • es234_l234_k452: Elasticsearch 2.3.4, Logstash 2.3.4, and Kibana 4.5.2.

  • es233_l232_k451: Elasticsearch 2.3.3, Logstash 2.3.2, and Kibana 4.5.1.

  • es232_l232_k450: Elasticsearch 2.3.2, Logstash 2.3.2, and Kibana 4.5.0.

  • es231_l231_k450: Elasticsearch 2.3.1, Logstash 2.3.1, and Kibana 4.5.0.

  • es230_l230_k450: Elasticsearch 2.3.0, Logstash 2.3.0, and Kibana 4.5.0.

  • es221_l222_k442: Elasticsearch 2.2.1, Logstash 2.2.2, and Kibana 4.4.2.

  • es220_l222_k441: Elasticsearch 2.2.0, Logstash 2.2.2, and Kibana 4.4.1.

  • es220_l220_k440: Elasticsearch 2.2.0, Logstash 2.2.0, and Kibana 4.4.0.

  • E1L1K4: Elasticsearch 1.7.3, Logstash 1.5.5, and Kibana 4.1.2.

Note – See the documentation page for more information on pulling specific combinations of versions of Elasticsearch, Logstash and Kibana.


See the ELK Docker image documentation web page for complete instructions on how to use this image.

Docker Hub

This image is hosted on Docker Hub at


Written by Sébastien Pujadas, released under the Apache 2 license.

Docker Pull Command
Source Repository

Comments (90)
24 days ago

First of all thanks very much for replying to @papakpmartin, appreciated.
As for the http content max length, I'm not sure I understand the full implications of this limitation, so if you could give me some pointers to help me understand (preferably via GitHub, if only because the notification system is broken on Docker Hub) I could then amend the docs, and if you want to create a PR I'd definitely be more than happy to merge it.

24 days ago

@omidzamani The error you're encountering is max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144], see the documentation for guidance

24 days ago

@veldkornet The UID/GID are assigned when the image is built, not an runtime, so they can't be customised.

a month ago

It might be worth pointing out that this image doesn't appear to have any specific settings for http content max length, meaning it defaults to the standard 100MB.

This is an easy gotcha for anyone loading any bulk logs, so it would be useful for that to be made clear in the readme.

If I get a chance, are you entertaining PRs for extending this limit?

a month ago

I had the same issue. It's because the current version of logstash requires the param to be set on startup and the documentation hasn't been updated to include it.

Just add it after the dummy log entry as specified on the docs (make sure the path exists first) i.e.:

/opt/logstash/bin/logstash -e 'input { stdin { } } output { elasticsearch { hosts => ["localhost"] } }' /root/data

a month ago

Sebp/elk not running on docker with error

Im 1 problem to after install ELK stack on docker

my infrastructure:

1- Windows 10 New Creators Update
2- my laptop model: N552VX (8Gig RAM)
3- docker toolbox without prerequisites = sample java machine and more ...
and install sebp/elk on terminal docker with command : $ docker pull sebp/elk
installation successfully and not running --- > An error was pointed out that a number of errors

Plz check error !

and installing with Guide :

Will guide me so that I can have a elk stack ?

a month ago

Very excited to see this available... thank you! :)

I'm having trouble making the first log entry.

Started via...

$ docker run -p 5601:5601 -p 9200:9200 -p 5044:5044 -it --name elk sebp/elk

Then tried...

/opt/logstash/bin/logstash -e 'input { stdin { } } output { elasticsearch { hosts => ["localhost"] } }'

Which results in...

Sending Logstash's logs to /opt/logstash/logs which is now configured via
[2017-05-12T01:27:47,642][FATAL][logstash.runner          ] Logstash could not be started because there is already another instance using the configured data directory.  If you wish to run multiple instances, you must change the "" setting.

I don't desire to run multiple instances; I'm trying to keep this simple so I can learn just the basic.

FWIW, I also tried...

filebeat-5.4.0-darwin-x86_64 kpmi$ ./filebeat -e -c ../logstash.yml -d "publish"

...where logstash.yml is...

- input_type: log
    - /Users/kpmi/Desktop/logstash-tutorial.log 
  hosts: ["localhost:5044"]

...(all of this roughly from here), and I get (in the end) this...

2017/05/12 01:23:57.399307 output.go:109: DBG  output worker: publish 100 events
2017/05/12 01:23:57.547918 sync.go:85: ERR Failed to publish events caused by: EOF
2017/05/12 01:23:57.547948 single.go:91: INFO Error publishing events (retrying): EOF

I've tried rebuilding. I've tried setting up a volume for /var/lib/elastisearch.

Can you recommend any help?

2 months ago

Could you please allow the use of a custom PID and GID?

2 months ago

@nicocolt Sounds like a non-Docker-specific issue: may be able to help you.

2 months ago


Trying to set up SSL connection between browser and kibana does not work. When activate required parameter server.ssl.certificate and server.ssl.key in kibana.yml, kibana crashed at startup with any logs.

Certificates have been created with openssl and copied into the configured directories

kibana.yml ssl prameters

server.ssl.enabled: true
server.ssl.certificate: /etc/ssl/certs/kibana.pem
server.ssl.key: /etc/ssl/private/kibana_key.pem

Generation of certificates

openssl genrsa -out ca.key 4096
openssl req -new -x509 -days 1826 -key ca.key -out ca.crt
openssl genrsa -out kibana_key.pem 4096
openssl req -new -key kibana_key.pem -out kibana.csr
openssl req -new -key kibana_key.pem -out kibana.csr
openssl x509 -req -days 730 -in kibana.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out kibana.pem

Best regards,