Fluentd
Search…
0.12
Introduction
Overview
Use Cases
Configuration
Deployment
Container Deployment
Input Plugins
Output Plugins
Buffer Plugins
Filter Plugins
Parser Plugins
Formatter Plugins
Developer
Articles
Store Apache Logs into MongoDB
Apache To Riak
Store Apache Logs into Amazon S3
Before Install
Cep Norikra
Collect Glusterfs Logs
Common Log Formats
Docker Logging Efk Compose
Docker Logging
Filter Modify Apache
Forwarding Over Ssl
Free Alternative To Splunk By Fluentd
Data Collection to Hadoop (HDFS)
Data Analytics with Treasure Data
Install By Chef
Install By Deb
Install By Dmg
Install By Gem
Install By Rpm
Install From Source
Install On Beanstalk
Install On Heroku
Java
Kinesis Stream
Kubernetes Fluentd
Monitoring Prometheus
Monitoring Rest Api
Nodejs
Performance Tuning Multi Process
Performance Tuning Single Process
Perl
Php
Python
Quickstart
Raspberrypi Cloud Data Logger
Recipe Apache Logs To Elasticsearch
Recipe Apache Logs To Mongo
Recipe Apache Logs To S3
Recipe Apache Logs To Treasure Data
Recipe Cloudstack To Mongodb
Recipe Csv To Elasticsearch
Recipe Csv To Mongo
Recipe Csv To S3
Recipe Csv To Treasure Data
Recipe Http Rest Api To Elasticsearch
Recipe Http Rest Api To Mongo
Recipe Http Rest Api To S3
Recipe Http Rest Api To Treasure Data
Recipe Json To Elasticsearch
Recipe Json To Mongo
Recipe Json To S3
Recipe Json To Treasure Data
Recipe Nginx To Elasticsearch
Recipe Nginx To Mongo
Recipe Nginx To S3
Recipe Nginx To Treasure Data
Recipe Syslog To Elasticsearch
Recipe Syslog To Mongo
Recipe Syslog To S3
Recipe Syslog To Treasure Data
Recipe Tsv To Elasticsearch
Recipe Tsv To Mongo
Recipe Tsv To S3
Recipe Tsv To Treasure Data
Ruby
Scala
Splunk Like Grep And Alert Email
Powered By GitBook
Docker Logging Efk Compose
This article explains how to collect Docker logs to EFK (Elasticsearch + Fluentd + Kibana) stack. The example uses Docker Compose for setting up multiple containers.
​Elasticsearch is an open source search engine known for its ease of use. Kibana is an open source Web UI that makes Elasticsearch user friendly for marketers, engineers and data scientists alike.
By combining these three tools EFK (Elasticsearch + Fluentd + Kibana) we get a scalable, flexible, easy to use log collection and analytics pipeline. In this article, we will set up 4 containers, each includes:
All of httpd's logs will be ingested into Elasticsearch + Kibana, via Fluentd.

Prerequisites: Docker

Please download and install Docker / Docker Compose. Well, that's it :)

Step 0: prepare docker-compose.yml

First, please prepare docker-compose.yml for Docker Compose. Docker Compose is a tool for defining and running multi-container Docker applications.
With the YAML file below, you can create and start all the services (in this case, Apache, Fluentd, Elasticsearch, Kibana) by one command.
1
version: '2'
2
services:
3
web:
4
image: httpd
5
ports:
6
- "80:80"
7
links:
8
- fluentd
9
logging:
10
driver: "fluentd"
11
options:
12
fluentd-address: localhost:24224
13
tag: httpd.access
14
​
15
fluentd:
16
build: ./fluentd
17
volumes:
18
- ./fluentd/conf:/fluentd/etc
19
links:
20
- "elasticsearch"
21
ports:
22
- "24224:24224"
23
- "24224:24224/udp"
24
​
25
elasticsearch:
26
image: elasticsearch
27
expose:
28
- 9200
29
ports:
30
- "9200:9200"
31
​
32
kibana:
33
image: kibana
34
links:
35
- "elasticsearch"
36
ports:
37
- "5601:5601"
Copied!
logging section (check Docker Compose documentation) of web container specifies Docker Fluentd Logging Driver as a default container logging driver. All of the logs from web container will be automatically forwarded to host:port specified by fluentd-address.

Step 1: Prepare Fluentd image with your Config + Plugin

Then, please prepare fluentd/Dockerfile with the following content, to use Fluentd's official Docker image and additionally install Elasticsearch plugin.
1
# fluentd/Dockerfile
2
FROM fluent/fluentd:v0.12-debian
3
RUN ["gem", "install", "fluent-plugin-elasticsearch", "--no-rdoc", "--no-ri", "--version", "1.9.2"]
Copied!
Then, please prepare Fluentd's configuration file fluentd/conf/fluent.conf. in_forward plugin is used for receive logs from Docker logging driver, and out_elasticsearch is for forwarding logs to Elasticsearch.
1
# fluentd/conf/fluent.conf
2
<source>
3
@type forward
4
port 24224
5
bind 0.0.0.0
6
</source>
7
<match *.**>
8
@type copy
9
<store>
10
@type elasticsearch
11
host elasticsearch
12
port 9200
13
logstash_format true
14
logstash_prefix fluentd
15
logstash_dateformat %Y%m%d
16
include_tag_key true
17
type_name access_log
18
tag_key @log_name
19
flush_interval 1s
20
</store>
21
<store>
22
@type stdout
23
</store>
24
</match>
Copied!

Step 2: Start Containers

Let's start all of the containers, with just one command.
1
$ docker-compose up
Copied!
You can check to see if 4 containers are running by docker ps command.
1
$ docker ps
2
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3
2d28323d77a3 httpd "httpd-foreground" About an hour ago Up 43 seconds 0.0.0.0:80->80/tcp dockercomposeefk_web_1
4
a1b15a7210f6 dockercomposeefk_fluentd "/bin/sh -c 'exec ..." About an hour ago Up 45 seconds 5140/tcp, 0.0.0.0:24224->24224/tcp, 0.0.0.0:24224->24224/udp dockercomposeefk_fluentd_1
5
01e43b191cc1 kibana "/docker-entrypoin..." About an hour ago Up 45 seconds 0.0.0.0:5601->5601/tcp dockercomposeefk_kibana_1
6
b7b439415898 elasticsearch "/docker-entrypoin..." About an hour ago Up 50 seconds 0.0.0.0:9200->9200/tcp, 9300/tcp dockercomposeefk_elasticsearch_1
Copied!

Step 3: Generate httpd Access Logs

Let's access to httpd to generate some access logs. curl command is always your friend.
1
$ repeat 10 curl http://localhost:80/
2
<html><body><h1>It works!</h1></body></html>
3
<html><body><h1>It works!</h1></body></html>
4
<html><body><h1>It works!</h1></body></html>
5
<html><body><h1>It works!</h1></body></html>
6
<html><body><h1>It works!</h1></body></html>
7
<html><body><h1>It works!</h1></body></html>
8
<html><body><h1>It works!</h1></body></html>
9
<html><body><h1>It works!</h1></body></html>
10
<html><body><h1>It works!</h1></body></html>
11
<html><body><h1>It works!</h1></body></html>
Copied!

Step 4: Confirm Logs from Kibana

Please go to http://localhost:5601/ with your browser. Then, you need to set up the index name pattern for Kibana. Please specify fluentd-* to Index name or pattern and press Create button.
Then, go to Discover tab to seek for the logs. As you can see, logs are properly collected into Elasticsearch + Kibana, via Fluentd.

Conclusion

This article explains how to collect logs from Apache to EFK (Elasticsearch + Fluentd + Kibana). The example code is available in this repository.

Learn More

If this article is incorrect or outdated, or omits critical information, please let us know. Fluentd is a open source project under Cloud Native Computing Foundation (CNCF). All components are available under the Apache 2 License.
Previous
Common Log Formats
Next
Docker Logging
Last modified 2yr ago
Copy link
Contents
Prerequisites: Docker
Step 0: prepare docker-compose.yml
Step 1: Prepare Fluentd image with your Config + Plugin
Step 2: Start Containers
Step 3: Generate httpd Access Logs
Step 4: Confirm Logs from Kibana
Conclusion
Learn More