BestHub
Sign in
Operations 10 min read

Deploy ELK Stack with Docker on Windows 10 VM: Step‑by‑Step Guide

Learn how to quickly set up the ELK stack (Elasticsearch, Logstash, Kibana) using Docker on a Windows 10 VirtualBox VM, configure Filebeat, and verify log collection and visualization, with detailed commands, configuration files, and troubleshooting tips for a complete operational experience.

Efficient Ops
Efficient Ops
Efficient Ops
Deploy ELK Stack with Docker on Windows 10 VM: Step‑by‑Step Guide

The ELK stack—Elasticsearch, Logstash, and Kibana—provides a complete open‑source solution for log collection, storage, and visualization, often referred to as the Elastic Stack. This guide shows how to deploy ELK using Docker inside a Windows 10 VirtualBox virtual machine and connect Filebeat for log ingestion.

Components Overview

Elasticsearch: a distributed search and analytics engine with features such as automatic sharding, replica management, and a RESTful API.

Kibana: a web UI for exploring and visualizing data stored in Elasticsearch.

Logstash: a pipeline tool for collecting, parsing, and forwarding logs.

Filebeat: a lightweight shipper that monitors log files and forwards them to Logstash or Elasticsearch.

Environment Configuration

Virtual machine IP: 192.168.1.215

Docker version: 20.10.6

Elasticsearch image: elasticsearch:7.6.0

Kibana image: kibana:7.6.0

Docker Installation

1. Update YUM repositories to use domestic mirrors

mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
# rm -rf /etc/yum.repos.d/*
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
yum makecache

2. Add Docker repository and switch to a domestic mirror

wget -O /etc/yum.repos.d/docker-ce.repo https://download.docker.com/linux/centos/docker-ce.repo
sed -i 's+download.docker.com+mirrors.tuna.tsinghua.edu.cn/docker-ce+' /etc/yum.repos.d/docker-ce.repo

3. Install required utilities

yum install -y yum-utils device-mapper-persistent-data lvm2

4. Install the latest Docker CE version

yum list docker-ce --showduplicates | sort -r
yum install docker-ce-20.10.6

5. Configure Docker daemon to use Chinese mirrors

{
  "registry-mirrors": [
    "https://mirror.ccs.tencentyun.com",
    "http://registry.docker-cn.com",
    "http://docker.mirrors.ustc.edu.cn",
    "http://hub-mirror.c.163.com"
  ]
}

6. Start Docker service

systemctl restart docker.service

Elasticsearch Installation

Run a single‑node Elasticsearch container

docker run -d --name elasticsearch \
  -p 9200:9200 -p 9300:9300 \
  -v /etc/localtime:/etc/localtime:ro \
  -v /etc/timezone:/etc/timezone:ro \
  -v /opt/elasticsearch/data:/usr/share/elasticsearch/data \
  -v /opt/elasticsearch/logs:/usr/share/elasticsearch/logs \
  -e "discovery.type=single-node" \
  elasticsearch:7.6.0

After the container starts, open http://192.168.1.215:9200 in a browser; a JSON response indicates Elasticsearch is running.

Kibana Installation

Start a Kibana container linked to the Elasticsearch instance

docker run -d --name kibana \
  -p 5601:5601 \
  -e ELASTICSEARCH_HOSTS=http://192.168.1.215:9200 \
  -v /etc/localtime:/etc/localtime:ro \
  -v /etc/timezone:/etc/timezone:ro \
  kibana:7.6.0

Visit http://192.168.1.215:5601; the Kibana UI confirms successful deployment.

Logstash Installation

Download and install Logstash (requires JDK)

rpm -ivh jdk-8u281-linux-x64.rpm
rpm -ivh logstash-7.6.0.rpm

Configure a minimal pipeline ( /etc/logstash/conf.d/logstash-es.conf)

input {
  beats {
    port => 5044
  }
}
output {
  elasticsearch {
    hosts => ["192.168.1.215:9200"]
    index => "elk_logs"
  }
}

Run Logstash with the configuration:

/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash-es.conf

Filebeat Installation

Download and install Filebeat rpm -ivh filebeat-7.6.0-x86_64.rpm Minimal Filebeat configuration ( /etc/filebeat/filebeat.yml)

#=========================== Filebeat inputs =============================
filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /var/log/elk.log

#----------------------------- Logstash output --------------------------------
output.logstash:
  hosts: ["192.168.1.215:5044"]

Start Filebeat:

filebeat -e -c /etc/filebeat/filebeat.yml

ELK Integration Test

Generate sample log entries

echo "you arme me uuuuuuuu============456==uuu" >> /var/log/elk.log
echo "you arme me uuuuuuuu============731==uuu" >> /var/log/elk.log

In Kibana, create an index pattern for elk_logs and explore the ingested logs, confirming the end‑to‑end pipeline works.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

DockerloggingELK
Efficient Ops
Written by

Efficient Ops

This public account is maintained by Xiaotianguo and friends, regularly publishing widely-read original technical articles. We focus on operations transformation and accompany you throughout your operations career, growing together happily.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment