Get a DemoStart Free TrialSign In

Docker

Collect and ship Docker container application logs to Logstash and Elasticsearch.

Filebeat is a lightweight shipper that enables you to send your Docker container application logs to your Logit.io Stack. Configure Filebeat using the pre-defined examples below to start sending and analysing your Docker application logs.

Follow this step by step guide to get 'logs' from your system to Logit.io:

Step 1 - Install Filebeat

To get started first follow the steps below:

Older versions can be found here filebeat 7, filebeat 6, filebeat 5

Step 2 - Configure Filebeat.yml

The configuration file below is pre-configured to send data to your Logit.io Stack.

Copy the configuration file below and overwrite the contents of the Filebeat configuration file typically located at /etc/filebeat/filebeat.yml

# ============================== Filebeat inputs ===============================
filebeat.inputs:

- type: container

  enabled: true

  paths:
  - '/var/lib/docker/containers/*/*.log'

# ================================== Outputs ===================================
output.logstash:
    hosts: ["your-logstash-host:your-ssl-port"]
    loadbalance: true
    ssl.enabled: true

It’s a good idea to run the configuration file through a YAML validator to rule out indentation errors, clean up extra characters, and check if your YAML file is valid. Yamllint.com is a great choice.

Read more about how to configure container input options

Step 3 - Validate configuration

DEB/RPM

sudo filebeat -e -c /etc/filebeat/filebeat.yml

macOS

sudo ./filebeat -e -c filebeat.yml --strict.perms=false

You’ll be running filebeat as root, so you need to change ownership of the configuration file and any configurations enabled in the modules.d directory, or run filebeat with --strict.perms=false as shown above. Read more about how to change ownership.

Windows

cd <EXTRACTED_ARCHIVE>
.\filebeat.exe -e -c filebeat.yml

Linux

sudo ./filebeat -e -c filebeat.yml --strict.perms=false

You’ll be running filebeat as root, so you need to change ownership of the configuration file and any configurations enabled in the modules.d directory, or run filebeat with --strict.perms=false as shown above. Read more about how to change ownership.

If the yml file is invalid, filebeat will print an `error loading config file` error message with details on how to correct the problem. If you have issues starting filebeat see "How To Diagnose No Data In Stack" below to troubleshoot.

Step 4 - Start filebeat

Start or restart filebeat to apply the configuration changes.

Step 5 - Launch Logit.io to view your logs

Now you should view your data:

View my data

If you don't see logs take a look at How to diagnose no data in Stack below for how to diagnose common issues.

Step 6 - How to diagnose no data in Stack

If you don't see data appearing in your Stack after following the steps, visit the Help Centre guide for steps to diagnose no data appearing in your Stack or Chat to support now.

Step 7 - Docker Logging Overview

Docker is a platform as a service (PaaS) tool created for building & deploying applications by using containers. Developers use these isolated containers to package an application with all of its required dependencies for streamlined deployment. Docker was first created in 2013 and offers both a free open source solution and paid offering. The platform has been instrumental in the development of cloud-native applications.

Thanks to Docker’s widespread adoption, the trend towards using microservices and containerization has become a must for developers launching applications in the cloud.

Despite this, effective log analysis using Docker’s container logs can easily spiral and run into many complications when trying to keep up with the scaling required for your growing infrastructure. Due to their isolated & distributed nature, centralising Docker log messages is often overly problematic when log data is required for further analysis.

The Logit.io platform provides a single source of truth for container monitoring and log management. We enable your teams to have complete observability across containers, enabling your Developers & IT leaders with the ability to investigate and fix issues faster.

Read more about container monitoring

If you need any more help with migrating your Docker log data to Filebeat our engineers are here to help. Feel free to get in contact with our support team by sending us a message via live chat & we'll be happy to assist.

Return to Search
Sign Up

© 2024 Logit.io Ltd, All rights reserved.