When it comes to logging, one popular solution is to set up an Elasticsearch stack. The natural combination could be Elasticsearch-Logstash-Kibana (ELK).

We use an ELK stack from https://github.com/deviantony/docker-elk with modification to improve it by adding Docker Swarm configs, and to deploy each of them independently. The original Docker Compose file, docker-compose.yml, are split into three YML files, each for Elasticsearch, Kibana, and Logstash, respectively. Services must be deployed this way because we do not want to bring the whole logging system down when we change each service's configs. The fork used in this chapter is available at https://github.com/chanwit/docker-elk.

The following figure shows what the stack will look like. All ELK components will be in elk_net. The Logstash instance will be exposed on port 5000. On each Docker host, its local Logspout agent will forward log messages from the Docker host to the Logstash instance. Logstash will then transform each message...