BestHub
Sign in
Operations 6 min read

Step-by-Step Guide to Deploying the ELK Stack with Docker Compose

This tutorial explains how to download Docker images for Elasticsearch, Kibana, and Logstash, create a Docker‑Compose configuration file, launch the ELK stack containers, verify their operation, customize Logstash to monitor log files, and finally use Kibana to search and analyze the collected logs.

IT Architects Alliance
IT Architects Alliance
IT Architects Alliance
Step-by-Step Guide to Deploying the ELK Stack with Docker Compose

The Elastic Stack (ELK) consists of Elasticsearch, Kibana, Beats, and Logstash, providing a reliable way to ingest, search, analyze, and visualize data from any source and format.

1. Download Docker images

docker search elasticsearch
docker search kibana
docker search logstash

Pull the required versions (ensure all images use the same tag, e.g., :7.6.0).

docker pull elasticsearch:7.6.0
docker pull kibana:7.6.0
docker pull logstash:7.6.0

2. Create the Docker‑Compose file (ELK.yml)

version: "3.5"
services:
  elasticsearch:
    container_name: elasticsearch
    image: elasticsearch:7.6.0
    restart: always
    environment:
      discovery.type: single-node
    ports:
      - "9200:9200"
      - "9300:9300"
  kibana:
    container_name: kibana
    image: kibana:7.6.0
    restart: always
    environment:
      I18N_LOCALE: "zh-CN"
    ports:
      - "5601:5601"
  logstash:
    container_name: logstash
    image: logstash:7.6.0
    restart: always
    volumes:
      - "/Users/iChochy/logs:/usr/share/logstash/logs"
    ports:
      - "5044:5044"
      - "9600:9600"

Note: Do not use tab characters in the YAML file; they cause parsing errors.

3. Run the containers

# Add host entries on the host machine
127.0.0.1 elasticsearch
# Start in detached mode
docker-compose -f ELK.yml up -d

Check the status with docker ps and view logs with docker logs <container_id> -f.

4. Verify services

Elasticsearch: http://127.0.0.1:9200

Logstash: http://127.0.0.1:9600

Kibana: http://127.0.0.1:5601

5. Modify Logstash configuration to monitor log files

input {
  beats { port => 5044 }
  file { path => "/usr/share/logstash/logs/*" }
}
output {
  stdout { codec => rubydebug }
  elasticsearch { hosts => ["http://elasticsearch:9200"] index => "ichochy" }
}

Restart Logstash after editing: docker restart <logstash_container_id> 6. Collect logs

# Create a test log file inside the monitored directory
touch web.log
echo "www.ichochy.com" > web.log

Logstash will forward the new entry to Elasticsearch; you can see the JSON event in the container logs.

7. Search and analyze logs with Kibana

Open Kibana, go to the Discover tab, and you will see the indexed log entries ready for search and visualization.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

DockerElasticsearchloggingELKLogstashKibanaDocker Compose
IT Architects Alliance
Written by

IT Architects Alliance

Discussion and exchange on system, internet, large‑scale distributed, high‑availability, and high‑performance architectures, as well as big data, machine learning, AI, and architecture adjustments with internet technologies. Includes real‑world large‑scale architecture case studies. Open to architects who have ideas and enjoy sharing.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment