Elastic Stack and GELF

The docker-compose configuration is the same as in section Creating the “docker-compose” File, but with a change to the Logstash part (note that the log entrypoint key would appear on a single line):

Elastic Stack docker-compose example 2
version: '2.2' services: elasticsearch: build: context: elasticsearch/ container_name: elasticsearch volumes: - monitoring-data:/usr/share/elasticsearch/data ports: - "9200:9200" - "9300:9300" environment: ES_JAVA_OPTS: "-Xmx512m -Xms512m" logstash: image: docker.elastic.co/logstash/logstash:7.9.1 container_name: logstash ports: - "5000:5000" - "5044:5044" - "12201:12201/udp" expose: - "5044/tcp" - "12201/udp" logging: driver: "json-file" environment: LS_JAVA_OPTS: "-Xmx256m -Xms256m" entrypoint: logstash -e 'input { gelf { } } filter { json { skip_on_invalid_json => true source => "message" }} output { elasticsearch { id => "lls" hosts => ["http://elasticsearch:9200"] } }' depends_on: - elasticsearch kibana: image: docker.elastic.co/kibana/kibana:7.9.1 ports: - "5601:5601" depends_on: - elasticsearch volumes: monitoring-data: driver: local

Elastic Stack docker-compose example 2

version: '2.2'

services:

elasticsearch:

build:

context: elasticsearch/

container_name: elasticsearch

volumes:

- monitoring-data:/usr/share/elasticsearch/data

ports:

- "9200:9200"

- "9300:9300"

environment:

ES_JAVA_OPTS: "-Xmx512m -Xms512m"

logstash:

image: docker.elastic.co/logstash/logstash:7.9.1

container_name: logstash

ports:

- "5000:5000"

- "5044:5044"

- "12201:12201/udp"

expose:

- "5044/tcp"

- "12201/udp"

logging:

driver: "json-file"

environment:

LS_JAVA_OPTS: "-Xmx256m -Xms256m"

entrypoint: logstash -e 'input { gelf { } } filter { json { skip_on_invalid_json => true source => "message" }} output { elasticsearch { id => "lls" hosts => ["http://elasticsearch:9200"] } }'

depends_on:

- elasticsearch

kibana:

image: docker.elastic.co/kibana/kibana:7.9.1

ports:

- "5601:5601"

depends_on:

- elasticsearch

volumes:

monitoring-data:

driver: local

The Filebeat agent is not required in this scenario.

Elastic Stack and GELF

FlexNet Embedded 2021.07 License Server Administration Guide

July 2021