Logstash.conf for Docker, Logspout, journal, syslog?


(Stuart Wong) #1

I'm creating a logstash.conf file to filter input from Docker logs, Logspout, CoreOS systemd journal and syslog and was hoping if anyone could share their validated logstash.conf file which does any of these please?

I appreciate your assistance. Thanks.


(Mike Simos) #2

For logstash to receive log messages from logspout container, you just need:

input { udp { port => 5000 codec => json } }

In your logspout Dockerfile you need to define:

ENV ROUTE_URIS=logstash://ip.address.of.logstash:5000

If you're just testing this, don't use 127.0.0.1. Once you start the logspout container, it will send log messages to logstash over udp to port 5000.


(system) #3