In the previous article, I showed you how to setup ELK on your local environment.

In this article, I will show you how to using docker to setup ELK environment and sending the application log messages to it.

Setup ELK container

Running the following docker command :

sudo docker pull sebp/elk

This command will try to pull the sebp/elk, this image integrates Elasticsearch, Logstash, and Kibana together so we don’t need to set up each one by one.

Then running the following docker command to start the container:

sudo docker run -p 5601:5601 -p 9200:9200 -p 5044:5044 -it --name elk sebp/elk

If the container successfully started you should see the following output by running the command: sudo docker ps

Then you can type http://[your IP address]:5601 to visit Kibana

Modify ELK configuration files

Our next job is to modify the configuration files of the ELK container in order to send the log messages to it.

Running this command to jump into the container itself:

sudo docker exec -it e52 /bin/bash

then modify the file:  02-beats-input.conf

The location of the file is shown below:

Change the contents of these two files like the content below then restart the container

02-beats-input.conf

input {
  beats {
    port => 5044
  }
}

Using the command below to restart container to let your new configuration works:

sudo docker restart elk

Sending log messages to ELK

First, we need to download Filebeat

After download it unzips it and modifies the filebeat.yml file like below:

For the paths variable, you should config the path of the log file.

“your ip address” should be the host IP of yours, for example, localhost, etc.

Then running the command below to start filebeat

sudo ./filebeat -e -c filebeat.yml

Config Elasticsearch index and check out the messages