How to forward application logs from Docker containers to ELK

docker docker-compose logstash

Recent versions of Docker support transmitting logs in 'GELF' format to a network port. Logstash has a GELF input. You could run Logstash on every node and have all Docker instances on the node forward to it.

As a Logstash input: https://www.elastic.co/guide/en/logstash/current/plugins-inputs-gelf.html

gelf {
}

For Docker output: https://docs.docker.com/engine/admin/logging/overview/#gelf

$ docker run -dit \
             --log-driver=gelf \
             --log-opt gelf-address=udp://127.0.0.1:12201 \
             alpine sh

(The gelf-address is from outside the containers perspective, not inside)

Related

AWS Ubuntu using public/private key ssh, trying to start a deamon asks for password
How to mount Amazon EFS as data volume in ECS task?
Samba - How to actually disable mangled names
Create desktop launcher
Upgrade PostgreSQL 9.5 to 9.6 with PostGIS - pg_upgrade
File System Corruption in AWS Storage Gateway Volume
How much clock asynchronicity can secure protocols tolerate?
spontaneous reboot, machine check events, AMD ryzen [closed]
Label "activities" in Plasma 5 desktop?
How to Automate a job to move the latest file with a sequential file name
Fail2ban with nftables and IPv6
Why can't I use a DSC resource in push mode from a module that is installed in my user's module path?