Compatibility with gelf log driver? about elk-docker HOT 2 CLOSED

Hi and thanks for the kind words!

Here's what you need to do to use GELF logs with Logstash's GELF input plugin:

• Create an input configuration file to enable Logstash's GELF input plugin. For instance, create a file named 03-gelf-input.conf and containing the following empty configuration, which uses all the defaults:

  input {
      gelf {}
  }
  

• Overwrite the default 30-output.conf so that the index and document_type configuration options in the elasticsearch section don't make use of Beats-specific metadata.

• Extend the base image by creating a Dockerfile with contents similar to:

  FROM sebp/elk
  
  ADD ./03-gelf-input.conf /etc/logstash/conf.d/03-gelf-input.conf
  # TODO: add ADD directive to overwrite 30-output.conf as needed
  
  # expose GELF's default UDP port (12201)
  EXPOSE 12201/udp
  

• Build the extended image.

• Start a container from the extended image as you would ordinarily do, with the additional option -p 12201:12201/udp in order for the container publish GELF's default UDP port (12201).

You can now start another container using the GELF log driver, and you'll see its logs in Elasticsearch and Kibana.

As an example:

docker run -it --log-driver=gelf --log-opt gelf-address=udp://localhost:12201 alpine sh

will push every line of shell input and output to ELK.

Hope that helps.

from elk-docker.

Housekeeping: closing this issue, please feel free to reopen if needed.

from elk-docker.