Start your 14-day free trial today
No Credit Card Required
Try Logit.io FreeAlready have an account? Sign In
Docker
Collect and ship Docker container application logs to Logstash and Elasticsearch.
Filebeat is a lightweight shipper that enables you to send your Docker container application logs to Logstash and Elasticsearch. Configure Filebeat using the pre-defined examples below to start sending and analysing your Docker application logs.
Step 1 - Install Filebeat
deb (Debian/Ubuntu/Mint)
curl -L -O https://artifacts.elastic.co/downloads/beats//-oss-7.15.1-amd64.deb
sudo dpkg -i -oss-7.15.1-amd64.deb
rpm (CentOS/RHEL/Fedora)
curl -L -O https://artifacts.elastic.co/downloads/beats//-oss-7.15.1-x86_64.rpm
sudo rpm -vi -oss-7.15.1-x86_64.rpm
macOS
curl -L -O https://artifacts.elastic.co/downloads/beats//-oss-7.15.1-darwin-x86_64.tar.gz
tar xzvf -oss-7.15.1-darwin-x86_64.tar.gz
Windows
- Download and extract the Windows zip file.
- Rename the
-<version>-windows
directory to ``. - Open a PowerShell prompt as an Administrator.
- Run the following to install as a Windows service:
.\install-service-.ps1
PowerShell.exe -ExecutionPolicy UnRestricted -File .\install-service-.ps1
.
Step 2 - Locate The Configuration File
deb/rpm
/etc/filebeat/filebeat.yml
Change the owner of the filebeat.yml file to root to allow access to the docker container logs.
sudo chown root:root filebeat.yml
ls -la
Skip this step if you are using windows.
Step 3 - Configure The Inputs
deb/rpm
On Linux we want filebeat to read the container logs from /var/lib/docker/containers/*/*.log
which is where docker's container logs are stored, this is handled by default.
Add to your filebeat.inputs section the docker type.
filebeat.inputs:
- type: docker
containers.ids:
- '*'
Windows
On Windows we want filebeat to read the container logs from C:\ProgramData\docker\containers\
filebeat.inputs:
- type: docker
containers:
ids: - '*'
path: C:\ProgramData\docker\containers\
If you do not want to read all container logs then you can specify the continer ID to logs from specific containers.
Step 4 - Enable the input
We need to ensure that any inputs we are using are enabled
filebeat.inputs:
- type: log
enabled: false
Enable the filebeat input, so it should look like the following
filebeat.inputs:
- type: log
enabled: true
Step 5 - Configure Output
We'll be shipping to Logstash so that we have the option to run filters before the data is indexed.
Comment out the elasticsearch output block.
## Comment out elasticsearch output
#output.elasticsearch:
# hosts: ["localhost:9200"]
Step 6 - Validate configuration
Let's check the configuration file is syntactically correct by running directly inside the terminal.
If the file is invalid, will print an error loading config file
error message with details on how to correct the problem.
deb/rpm
sudo -e -c /etc//.yml
macOS
cd <EXTRACTED_ARCHIVE>
./ -e -c .yml
Windows
cd <EXTRACTED_ARCHIVE>
.\.exe -e -c .yml
Step 7 - Start Filebeat
Ok, time to start ingesting data!
deb/rpm
sudo systemctl enable filebeat
sudo systemctl start filebeat
Windows
Start-Service filebeat
Step 8 - how to diagnose no data in Stack
If you don't see data appearing in your Stack after following the steps, visit the Help Centre guide for steps to diagnose no data appearing in your Stack or Chat to support now.
Step 9 - Docker Logging Overview
Docker is a platform as a service (PaaS) tool created for building & deploying applications by using containers. Developers use these isolated containers to package an application with all of its required dependencies for streamlined deployment. Docker was first created in 2013 and offers both a free open source solution and paid offering. The platform has been instrumental in the development of cloud-native applications.
Thanks to Docker’s widespread adoption, the trend towards using microservices and containerization has become a must for developers launching applications in the cloud.
Despite this, effective log analysis using Docker’s container logs can easily spiral and run into many complications when trying to keep up with the scaling required for your growing infrastructure. Due to their isolated & distributed nature, centralising Docker log messages is often overly problematic when log data is required for further analysis.
The Logit.io platform provides a single source of truth for container monitoring and log management. We enable your teams to have complete observability across containers, enabling your Developers & IT leaders with the ability to investigate and fix issues faster.
Read more about container monitoring
If you need any more help with migrating your Docker log data to Filebeat our engineers are here to help. Feel free to get in contact with our support team by sending us a message via live chat & we'll be happy to assist.