Public | Automated Build

Last pushed: 11 days ago
Short Description
Collect, search and visualise log data with Elasticsearch, Logstash, and Kibana.
Full Description

Elasticsearch, Logstash, Kibana (ELK) Docker image

This Docker image provides a convenient centralised log server and log management web interface, by packaging Elasticsearch, Logstash, and Kibana, collectively known as ELK.

The following tags are available:

  • latest, 530: ELK 5.3.0.

  • 522: ELK 5.2.2.

  • 521: ELK 5.2.1.

  • 520: ELK 5.2.0.

  • 512: ELK 5.1.2.

  • 511: ELK 5.1.1.

  • 502: ELK 5.0.2.

  • es501_l501_k501: ELK 5.0.1.

  • es500_l500_k500: ELK 5.0.0.

  • es241_l240_k461: Elasticsearch 2.4.1, Logstash 2.4.0, and Kibana 4.6.1.

  • es240_l240_k460: Elasticsearch 2.4.0, Logstash 2.4.0, and Kibana 4.6.0.

  • es235_l234_k454: Elasticsearch 2.3.5, Logstash 2.3.4, and Kibana 4.5.4.

  • es234_l234_k453: Elasticsearch 2.3.4, Logstash 2.3.4, and Kibana 4.5.3.

  • es234_l234_k452: Elasticsearch 2.3.4, Logstash 2.3.4, and Kibana 4.5.2.

  • es233_l232_k451: Elasticsearch 2.3.3, Logstash 2.3.2, and Kibana 4.5.1.

  • es232_l232_k450: Elasticsearch 2.3.2, Logstash 2.3.2, and Kibana 4.5.0.

  • es231_l231_k450: Elasticsearch 2.3.1, Logstash 2.3.1, and Kibana 4.5.0.

  • es230_l230_k450: Elasticsearch 2.3.0, Logstash 2.3.0, and Kibana 4.5.0.

  • es221_l222_k442: Elasticsearch 2.2.1, Logstash 2.2.2, and Kibana 4.4.2.

  • es220_l222_k441: Elasticsearch 2.2.0, Logstash 2.2.2, and Kibana 4.4.1.

  • es220_l220_k440: Elasticsearch 2.2.0, Logstash 2.2.0, and Kibana 4.4.0.

  • E1L1K4: Elasticsearch 1.7.3, Logstash 1.5.5, and Kibana 4.1.2.

Note – See the documentation page for more information on pulling specific combinations of versions of Elasticsearch, Logstash and Kibana.


See the ELK Docker image documentation web page for complete instructions on how to use this image.

Docker Hub

This image is hosted on Docker Hub at


Written by Sébastien Pujadas, released under the Apache 2 license.

Docker Pull Command
Source Repository

Comments (80)
a month ago

@darksider15: Most probably iptables on the host should be blocking the ports.

2 months ago


I am unable to browse the webinterfaces of kibana and elasticsearch from outside the container.
Inside the container I can curl the endpoints as expected so I assume something is wrong with the port exposure.

When running sudo docker run -p 5601:5601 -p 9200:9200 -p 5044:5044 -it --name elk520 sebp/elk:520 I get the following warning:

[2017-03-12T14:36:30,430][WARN ][i.n.u.i.MacAddressUtil   ] Failed to find a usable hardware address from the network interfaces; using random bytes: a5:32:36:94:53:64:cd:44                                                                                               
[2017-03-12T14:36:30,479][INFO ][o.e.t.TransportService   ] [XVjikhc] publish_address {}, bound_addresses {[::]:9300} 
[2017-03-12T14:36:30,483][INFO ][o.e.b.BootstrapChecks    ] [XVjikhc] bound or publishing to a non-loopback or non-link-local address, enforcing bootstrap checks                                                                                                           
[2017-03-12T14:36:33,519][INFO ][o.e.c.s.ClusterService   ] [XVjikhc] new_master {XVjikhc}{XVjikhcNR0qP1u_v9X_a1A}{B03dhKr6TYGmSLg-A94oxQ}{}{}, reason: zen-disco-elected-as-master ([0] nodes joined)                                           
[2017-03-12T14:36:33,529][INFO ][o.e.h.HttpServer         ] [XVjikhc] publish_address {}, bound_addresses {[::]:9200} 
[2017-03-12T14:36:33,529][INFO ][o.e.n.Node               ] [XVjikhc] started                                                         
[2017-03-12T14:36:33,541][INFO ][o.e.g.GatewayService     ] [XVjikhc] recovered [0] indices into cluster_state

When checking the ports from the host sudo netstat -tulpn shows the following exposed docker specific ports:

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name                                      
tcp6       0      0 :::5601                 :::*                    LISTEN      3573/docker-proxy                                     
tcp6       0      0 :::9200                 :::*                    LISTEN      3582/docker-proxy                                     
tcp6       0      0 :::5044                 :::*                    LISTEN      3564/docker-proxy

If I create a dummy log entry inside the container

sudo docker exec -it elk520 /bin/bash
/opt/logstash/bin/logstash -e 'input { stdin { } } output { elasticsearch { hosts => ["localhost"] } }'

I can see the entry on ES using curl inside the container curl http://localhost:9200/_search?pretty

  "took" : 4,                                                                                                                         
  "timed_out" : false,                                                                                                                
  "_shards" : {                                                                                                                       
    "total" : 6,                                                                                                                      
    "successful" : 6,                                                                                                                 
    "failed" : 0                                                                                                                      
  "hits" : {
    "total" : 2,
    "max_score" : 1.0,
    "hits" : [
        "_index" : ".kibana",
        "_type" : "config",
        "_id" : "5.2.0",
        "_score" : 1.0,
        "_source" : {
          "buildNum" : 14695
        "_index" : "logstash-2017.03.12",
        "_type" : "logs",
        "_id" : "AVrC-68LoTNwcxoLSeM9",
        "_score" : 1.0,
        "_source" : {
          "@timestamp" : "2017-03-12T14:45:58.501Z",
          "@version" : "1",
          "host" : "ba9450f24de0",
          "message" : "dummy entry"

However I am unable to do the same outside the container.

I already tried setting the and the by hand but didn't observe any change.

sudo docker run -p 5601:5601 -p 9200:9200 -p 5044:5044 -e "" -e "" -it --name elk520 sebp/elk:520

Any help would be greatly appreciated.

2 months ago

@checkmarx2017 @atreyeegupta first port of call is
If that doesn't help then please open an issue on GitHub

@senninpo is Elasticsearch actually running? If not please look at and open an issue on GitHub as needed (with information on your set-up, the complete logs output by the image, etc.).

2 months ago

@tbrien Thanks very much for the tip.
To avoid rebuilding the image you can set the env var when starting the container with e.g. docker's -e option. (Updating the documentation with this.)

2 months ago


I can't start Kibana correctly because Elasticsearch conection is refused.

==> /var/log/logstash/logstash-plain.log <==
[2017-03-01T09:28:20,907][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://localhost:9200/, :path=>"/"}
[2017-03-01T09:28:20,913][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>#<URI::HTTP:0x1ae74c3d URL:http://localhost:9200/>, :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://localhost:9200/][Manticore::SocketException] Connection refused (Connection refused)"}
==> /var/log/kibana/kibana5.log <==
{"type":"log","@timestamp":"2017-03-01T09:28:21Z","tags":["warning","elasticsearch","admin"],"pid":220,"message":"Unable to revive connection: http://localhost:9200/"}
{"type":"log","@timestamp":"2017-03-01T09:28:21Z","tags":["warning","elasticsearch","admin"],"pid":220,"message":"No living connections"}
{"type":"log","@timestamp":"2017-03-01T09:28:24Z","tags":["warning","elasticsearch","admin"],"pid":220,"message":"Unable to revive connection: http://localhost:9200/"}
{"type":"log","@timestamp":"2017-03-01T09:28:24Z","tags":["warning","elasticsearch","admin"],"pid":220,"message":"No living connections"}

2 months ago

I am not been able to start the elastic serach after using this image :
any pointer ?

2 months ago

container start failed on timeout
waiting for Elasticsearch to be up (30/30)

2 months ago

Same issue on mac, using docker-machine: vm.max_map_count too low
This can be fixed by setting the following env variable in the Dockerfile (cloned from ghithub repo) :

After building the image again it starts correctly.

This variable is used in the elasticsearch-init script to set vm.max_map_count.

Hope this fix will work for you

2 months ago

Same here, ES failed to start even with a fresh docker for mac. Hope someone could help pointing out the direction

2 months ago

@oscardiedrichs Sorry to hear about that. Unfortunately I don't have access to a Mac so I can't help, but I do understand that users have run this image on Macs successfully.
Hope someone sees this and points you in the right direction.