Configure Logstash, Elasticsearch, and Kibana with Docker

Saeed Vaziry's photo
Saeed Vaziry
·

3 min read

It was a long time ago I wanted to write this post and show you how to set up a docker-compose with all you need to have a separate logging system.

Logging is a meaningful way to monitor your application’s behavior. When it comes to production and having multiple servers running one application in different instances, You might want to have a unified logging system to check them all in one place.

So finally the day has come! In this post, I am going to show you how you can configure a docker server to have Logstash, Elasticsearch, and Kibana and will show you how you can use it with PHP, Laravel

Requirements

To get started you need to have a server. A VPS would be enough.

Then make sure you have installed git , docker and docker-compose.

Installation

Clone the repo from the Github repository

git clone https://github.com/saeedvaziry/elk.git

And then navigate to the folder

cd elk

Copy the .env file and fill it with your preferences

cp .env.example .env

The default .env should be enough but make sure you set a strong password to ELASTIC_PASSWORD inside the .env

Now you may run the following command to bring up the containers:

docker-compose up -d

This will download the images and boot up the containers and it may take a couple of minutes.

Add logging integration

After all of the containers are booted you can log in to Kibana.

Simply go to http://YOUR-SERVER-IP:5601 and log in via the Elastic credentials you have set in the .env file. If you’ve changed the Kibana port then you might navigate to that port instead of 5601.

Go to the integrations from the side menu and find the Custom UDP Logs

Add Custom UDP Logs and configure it as bellow

Then save the integration.

Keep in mind that Listen Port here is 8000 which is the one you specified in your .env as LOGSTASH_PORT_UDP

Configure index pattern

Go to Index Patterns and create an index pattern

Fill in the fields as the screenshot and Create it.

You are done here!

Send your first Log

Here is a sample PHP code so you can send your first log to Logstash

<?php

$socket = fsockopen('udp://YOUR-SERVER-IP', 8000, $errno, $errstr);
if (! $socket) {
    echo "ERROR: $errno - $errstr<br />\n";
} else {
    fwrite($socket, json_encode(['message' => 'Test log message']));
    fclose($socket);
}

View the Logs

After you run the code, You should be able to see the log in the Kibana on the Discovery menu.

Simply navigate to Discovery page of Kibana and select logstash-* pattern to view the logs you receive

Cool stuff 😎

Use Logstash in Laravel

OK! My favorite part 🙂

You don’t have much to do here actually. Just need to create a custom log driver and send the logs via that custom driver to Logstash.

Go to your config/logging.php file and create the custom driver there.

'logstash' => [
    'driver' => 'custom',
    'via' => \App\Loggers\Logstash::class,
    'host' => env('LOGSTASH_HOST', 'YOUR-SERVER-IP'),
    'port' => env('LOGSTASH_PORT', '8000'),
],

Now create \App\Loggers\Logstash::class and add the following code there

<?php

namespace App\Loggers;

use Monolog\Formatter\LogstashFormatter;
use Monolog\Handler\SocketHandler;
use Monolog\Logger;
use Monolog\Processor\WebProcessor;
use Psr\Log\LoggerInterface;

class Logstash
{
    public function __invoke(array $config): LoggerInterface
    {
        $handler = new SocketHandler("udp://{$config['host']}:{$config['port']}");
        $handler->setFormatter(new LogstashFormatter(config('app.name')));
        $handler->pushProcessor(new WebProcessor);

        return new Logger('logstash', [$handler]);
    }
}

All done! Now you may send your first log like this

Log::channel('logstash')->info('Hello from Laravel');

Final word

Logs are always handy, Don’t remove them from your applications 🙂

I hope you enjoyed the post. Let me know what you think about it.

See you in the next one!

Cheers 🍻

logstashkibanaDockerelasticsearch