Running Logstash on Docker

edit

Docker images for Logstash are available from the Elastic Docker registry. The base image is ubuntu:20.04.

A list of all published Docker images and tags is available at www.docker.elastic.co. The source code is in GitHub.

These images are free to use under the Elastic license. They contain open source and free commercial features and access to paid commercial features. Start a 30-day trial to try out all of the paid commercial features. See the Subscriptions page for information about Elastic license levels.

Pulling the image

edit

Obtaining Logstash for Docker is as simple as issuing a docker pull command against the Elastic Docker registry.

docker pull docker.elastic.co/logstash/logstash:8.9.2

Alternatively, you can download other Docker images that contain only features available under the Apache 2.0 license. To download the images, go to www.docker.elastic.co.

Verifying the image

edit

Although it’s optional, we highly recommend verifying the signatures included with your downloaded Docker images to ensure that the images are valid.

Elastic images are signed with Cosign which is part of the Sigstore project. Cosign supports container signing, verification, and storage in an OCI registry. Install the appropriate Cosign application for your operating system.

Run the following commands to verify the container image signature for Logstash v8.9.2:

wget https://artifacts.elastic.co/cosign.pub 
cosign verify --key cosign.pub docker.elastic.co/logstash/logstash:8.9.2 

Download the Elastic public key to verify container signature

Verify the container against the Elastic public key

The command prints the check results and the signature payload in JSON format, for example:

Verification for docker.elastic.co/logstash/logstash:8.9.2 --
The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - Existence of the claims in the transparency log was verified offline
  - The signatures were verified against the specified public key