Skip to content

shaneodd/elk-stack

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
logstash/pipeline
logstash/pipeline
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 

Repository files navigation

ELK Stack Docker Compose Setup

This repository contains a minimal ELK (Elasticsearch, Logstash, Kibana) stack that can be started with Docker Compose. It is designed to work alongside an existing Filebeat service running on the same host or any other machine on your network.

Prerequisites

  • Docker Engine installed (install guide)
  • Docker Compose plugin (docker compose) – comes with recent Docker versions. Verify with docker compose version.
  • Ports 9200, 5044 and 5601 must be reachable from the machines that will send logs (Filebeat) and from your browser for Kibana.

Services

Service Image Port(s) exposed
Elasticsearch docker.elastic.co/elasticsearch/elasticsearch:8.13.2 9200 (HTTP API)
Logstash docker.elastic.co/logstash/logstash:8.13.2 5044 (Beats input)
Kibana docker.elastic.co/kibana/kibana:8.13.2 5601 (Web UI)

Filebeat is not part of this compose file – it should already be running on the host or another machine.

How It Works

  • Logstash listens on port 5044 for Beats input (Filebeat).
  • Received events are forwarded to Elasticsearch at http://elasticsearch:9200.
  • Kibana connects to Elasticsearch and provides a UI on http://<host-ip>:5601.

Starting the Stack

cd /path/to/elk-stack   # directory containing docker-compose.yml
docker compose up -d    # start in detached mode

Docker Compose will pull the required images (if not already cached) and start the three containers.

Verifying Everything Is Running

# List running containers
docker ps

You should see es01, logstash01 and kibana01 up.

  • Open a browser to http://:5601 – you should see the Kibana UI.
  • Test Elasticsearch: curl http://<host-ip>:9200 – it returns JSON with cluster info.
  • Check Logstash is listening: nc -zv <host-ip> 5044 (should report open).

Configuring Filebeat

Configure your existing Filebeat to ship logs to the ELK host:

output.logstash:
  hosts: ["<elk-host-ip>:5044"]

Replace <elk-host-ip> with the IP address or hostname where this Docker stack runs.

Optional: Disable Security (as in this compose)

Security features are disabled for simplicity (xpack.security.enabled=false). In production you should enable security and set proper passwords. Update logstash/pipeline/logstash.conf with appropriate credentials if you enable it.

Stopping the Stack

docker compose down   # stops containers and removes network

If you also want to delete stored data:

docker compose down -v   # removes volumes (deletes Elasticsearch data)

Note: This setup is intended for development or small‑scale testing. For a production‑grade deployment you would need multiple Elasticsearch nodes, TLS/SSL, authentication, resource tuning, etc.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors