Elastic Logging Plugin configuration options
editElastic Logging Plugin configuration options
editUse the following options to configure the Elastic Logging Plugin for Docker. You can
pass these options with the --log-opt flag when you start a container, or
you can set them in the daemon.json file for all containers.
Usage examples
editTo set configuration options when you start a container:
docker run --log-driver=elastic/elastic-logging-plugin:8.17.0 \
--log-opt hosts="https://myhost:9200" \
--log-opt user="myusername" \
--log-opt password="mypassword" \
-it debian:jessie /bin/bash
To set configuration options for all containers in the daemon.json file:
{
"log-driver" : "elastic/elastic-logging-plugin:8.17.0",
"log-opts" : {
"hosts" : "https://myhost:9200",
"user" : "myusername",
"password" : "mypassword"
}
}
For more examples, see Usage examples.
Elastic Cloud options
edit| Option | Description |
|---|---|
|
The Cloud ID found in the Elastic Cloud web console. This ID is used to resolve the Elastic Stack URLs when connecting to Elasticsearch Service on Elastic Cloud. |
|
The username and password combination for connecting to Elasticsearch Service on Elastic Cloud. The
format is |
Elasticsearch output options
edit| Option | Default | Description |
|---|---|---|
|
|
The list of Elasticsearch nodes to connect to. Specify each node as a |
|
The basic authentication username for connecting to Elasticsearch. |
|
|
The basic authentication password for connecting to Elasticsearch. |
|
|
A format string
value that specifies the index to write events to when you’re using daily
indices. For example: |
|
Advanced: |
||
|
|
A custom value that will be inserted into the document as |
|
|
The number of seconds to wait before trying to reconnect to Elasticsearch after
a network error. After waiting |
|
|
The maximum number of seconds to wait before attempting to connect to Elasticsearch after a network error. |
|
Instead of using usernames and passwords, you can use API keys to secure communication with Elasticsearch. |
|
|
A format string value that specifies the Elasticsearch ingest pipeline to write events to. |
|
|
|
The http request timeout in seconds for the Elasticsearch request. |
|
The URL of the proxy to use when connecting to the Elasticsearch servers. The
value may be either a complete URL or a |
|
Configuring the local log
editThis plugin fully supports docker logs, and it maintains a local copy of logs that can be read without a connection to Elasticsearch. The plugin mounts the /var/lib/docker directory on the host to write logs to /var/log/containers on the host. If you want to change the log location on the host, you must change the mount inside the plugin:
-
Disable the plugin:
docker plugin disable elastic/elastic-logging-plugin:8.17.0
-
Set the bindmount directory:
docker plugin set elastic/elastic-logging-plugin:8.17.0 LOG_DIR.source=NEW_LOG_LOCATION
-
Enable the plugin:
docker plugin enable elastic/elastic-logging-plugin:8.17.0
The local log also supports the max-file, max-size and compress options that are a part of the Docker default file logger. For example:
docker run --log-driver=elastic/elastic-logging-plugin:8.17.0 \
--log-opt hosts="myhost:9200" \
--log-opt user="myusername" \
--log-opt password="mypassword" \
--log-opt max-file=10 \
--log-opt max-size=5M \
--log-opt compress=true \
-it debian:jessie /bin/bash
In situations where logs can’t be easily managed, for example, you can also configure the plugin to remove log files when a container is stopped. This will prevent you from reading logs on a stopped container, but it will rotate logs without user intervention. To enable removal of logs for stopped containers, you must change the DESTROY_LOGS_ON_STOP environment variable:
-
Disable the plugin:
docker plugin disable elastic/elastic-logging-plugin:8.17.0
-
Enable log removal:
docker plugin set elastic/elastic-logging-plugin:8.17.0 DESTROY_LOGS_ON_STOP=true
-
Enable the plugin:
docker plugin enable elastic/elastic-logging-plugin:8.17.0