The applications I'm running in a Docker container, managed by openshift, should not use volumes for log files. So i would like to write directly from the applications, using some module (appender) in log4j/logback/.... which sends the log entries directly to logstash (and therefore into ELK) without storing them into files (or let syslogd store them in files).
Preferable directly from the dockerized app to the central ELK instance.
If this is not possible, a daemon running either in another container or on the bare metal server could be used. I don't want to run a daemon inside the container. I plan to use RFC5424 as the serialization format of the log message, because that's understood by all central log collection systems.
Splunk offers something like this with the HTTPEvent library, which can be configured as an appender in the java logging stack.
How can i do this with ELK?