Hi,
I’m trying to forward local logs from my mac onto a logstash container. I’ve used docker-compose from [source][1] to bring up the ELK stack. My question is how do i forward ~/local/log/system.log from local machine onto the logstash container.
Second question is how would i forward logs from one container to logstash container ?
Immediate solution i could think was to map the volume ~/local/log onto logstash container with the following
logstash:
build: logstash/
command: -f /etc/logstash/conf.d/
volumes:
- ./logstash/config:/etc/logstash/conf.d
- ~/local/log:/local/log
ports:
- "5000:5000"
networks:
- docker_elk
depends_on:
- elasticsearchenter code here
Here is my logstash.conf
input {
file {
path => "/local/log/system.log"
type => "sys"
}
}
output {
if [type] == "sys" {
elasticsearch {
hosts => [ "elasticsearch:9200" ]
manage_template => false
index => "syslog-%{+YYYY.MM.dd}"
}
}
}
This is loading the logstash.conf onto the logstash container and i can see the ~/local/logs being copied into the container. However, when i launch kibana with localhost:5601 i’m unable to create index with syslog-*
[1]: https://github.com/deviantony/docker-elk/blob/master/docker-compose.yml “source”