Are you sure about the elasticsearch endpoint?
I guess not. I think I may have inherited the elk:<port> idea from somewhere, but looking back, it appears that on macOS, I was using a feature that doesn't exist on Linux (as far as I understand), host.docker.internal:
output.elasticsearch.hosts: ['host.docker.internal:9200']
setup.kibana.host: "host.docker.internal:5601"
Have your tried run the container or image on the same network and ping the different hosts.
They are all on the same elk network, but my issue I suppose is not knowing the endpoint to ping.
... However, your suggestion worked!
I shall note that nslookup wasn't installed in my container, so I wasn't able to get visibility of hostnames, but that was no problem. Reconfiguring filebeat.yml as you recommended did the trick:
output.elasticsearch.hosts: ['http://elasticsearch:9200']
setup.kibana.host: http://kibana:5601
The startup logs looked like this ("Elasticsearch url" seems to simply echo whatever was configured in output.elasticsearch.hosts, as last time it said "http://elk:9200"):
filebeat_1 | 2018-08-29T08:40:15.640Z INFO elasticsearch/client.go:145 Elasticsearch url: http://elasticsearch:9200
...
filebeat_1 | 2018-08-29T08:40:18.901Z INFO elasticsearch/client.go:690 Connected to Elasticsearch version 6.3.2
Once running bash inside the filebeat container, trying either of the following curls gave a HTTP status 200 and returned a body:
curl http://elasticsearch:9200
curl http://kibana:5601
Thank you very much! Quality support again from the Elastic Team.