Elastic Logging Plugin configuration options

edit

Elastic Logging Plugin configuration options

edit

This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.

Use the following options to configure the Elastic Logging Plugin for Docker. You can pass these options with the --log-opt flag when you start a container, or you can set them in the daemon.json file for all containers.

Usage examples

edit

To set configuration options when you start a container:

docker run --log-driver=elastic/elastic-logging-plugin:7.6.2 \
           --log-opt output.elasticsearch.hosts="https://myhost:9200" \
           --log-opt output.elasticsearch.username="myusername" \
           --log-opt output.elasticsearch.password="mypassword" \
           --log-opt output.elasticsearch.index="elastic-log-driver-%{+yyyy.MM.dd}" \
           -it debian:jessie /bin/bash

To set configuration options for all containers in the daemon.json file:

{
  "log-driver" : "elastic/elastic-logging-plugin:7.6.2",
  "log-opts" : {
    "output.elasticsearch.hosts" : "https://myhost:9200",
    "output.elasticsearch.username" : "myusername",
    "output.elasticsearch.password" : "mypassword",
    "output.elasticsearch.index" : "elastic-log-driver-%{+yyyy.MM.dd}"
  }
}

For more examples, see Usage examples.

Elastic Cloud options

edit
Option Description

cloud.id

The Cloud ID found in the Elastic Cloud web console. This ID is used to resolve the Elastic Stack URLs when connecting to Elasticsearch Service on Elastic Cloud.

cloud.auth

The username and password combination for connecting to Elasticsearch Service on Elastic Cloud. The format is "username:password".

Elasticsearch output options

edit
Option Default Description

output.elasticsearch.hosts

"localhost:9200"

The list of Elasticsearch nodes to connect to. Specify each node as a URL or IP:PORT. For example: http://192.0.2.0, https://myhost:9230 or 192.0.2.0:9300. If no port is specified, the default is 9200.

output.elasticsearch.protocol

http

The protocol (http or https) that Elasticsearch is reachable on. If you specify a URL for hosts, the value of protocol is overridden by whatever scheme you specify in the URL.

output.elasticsearch.username

The basic authentication username for connecting to Elasticsearch.

output.elasticsearch.password

The basic authentication password for connecting to Elasticsearch.

output.elasticsearch.index

A format string value that specifies the index to write events to when you’re using daily indices. For example: "dockerlogs-%{+yyyy.MM.dd}".

Advanced:

output.elasticsearch.backoff.init

1s

The number of seconds to wait before trying to reconnect to Elasticsearch after a network error. After waiting backoff.init seconds, the Elastic Logging Plugin tries to reconnect. If the attempt fails, the backoff timer is increased exponentially up to backoff.max. After a successful connection, the backoff timer is reset.

output.elasticsearch.backoff.max

60s

The maximum number of seconds to wait before attempting to connect to Elasticsearch after a network error.

output.elasticsearch.bulk_max_size

50

The maximum number of events to bulk in a single Elasticsearch bulk API index request. Specify 0 to allow the queue to determine the batch size.

output.elasticsearch.compression_level

0

The gzip compression level. Valid compression levels range from 1 (best speed) to 9 (best compression). Specify 0 to disable compression. Higher compression levels reduce network usage, but increase CPU usage.

output.elasticsearch.escape_html

false

Whether to escape HTML in strings.

output.elasticsearch.headers

Custom HTTP headers to add to each request created by the Elasticsearch output. Specify multiple header values for the same header name by separating them with a comma.

output.elasticsearch.loadbalance

false

Whether to load balance when sending events to multiple hosts. The load balancer also supports multiple workers per host (see output.elasticsearch.worker.)

output.elasticsearch.max_retries

3

The number of times to retry publishing an event after a publishing failure. After the specified number of retries, the events are typically dropped. Specify 0 to retry indefinitely.

output.elasticsearch.parameters

A dictionary of HTTP parameters to pass within the URL with index operations.

output.elasticsearch.path

An HTTP path prefix that is prepended to the HTTP API calls. This is useful for cases where Elasticsearch listens behind an HTTP reverse proxy that exports the API under a custom prefix.

output.elasticsearch.pipeline

A format string value that specifies the ingest node pipeline to write events to.

output.elasticsearch.proxy_url

The URL of the proxy to use when connecting to the Elasticsearch servers. Specify a URL or IP:PORT.

output.elasticsearch.timeout

90

The HTTP request timeout in seconds for the Elasticsearch request.

output.elasticsearch.worker

1

The number of workers per configured host publishing events to Elasticsearch. Use with load balancing mode (output.elasticsearch.loadbalance) set to true. Example: If you have 2 hosts and 3 workers, in total 6 workers are started (3 for each host).

Logstash output options

edit
Option Default Description

output.logstash.hosts

"localhost:5044"

The list of known Logstash servers to connect to. If load balancing is disabled, but multiple hosts are configured, one host is selected randomly (there is no precedence). If one host becomes unreachable, another one is selected randomly. If no port is specified, the default is 5044.

output.logstash.index

The index root name to write events to. For example "dockerlogs" generates "dockerlogs-7.6.2" indices.

Advanced:

output.logstash.backoff.init

1s

The number of seconds to wait before trying to reconnect to Logstash after a network error. After waiting backoff.init seconds, the Elastic Logging Plugin tries to reconnect. If the attempt fails, the backoff timer is increased exponentially up to backoff.max. After a successful connection, the backoff timer is reset.

output.logstash.backoff.max

60s

The maximum number of seconds to wait before attempting to connect to Logstash after a network error.

output.logstash.bulk_max_size

2048

The maximum number of events to bulk in a single Logstash request. Specify 0 to allow the queue to determine the batch size.

output.logstash.compression_level

0

The gzip compression level. Valid compression levels range from 1 (best speed) to 9 (best compression). Specify 0 to disable compression. Higher compression levels reduce network usage, but increase CPU usage.

output.logstash.escape_html

false

Whether to escape HTML in strings.

output.logstash.loadbalance

false

Whether to load balance when sending events to multiple Logstash hosts. If set to false, the driver sends all events to only one host (determined at random) and switches to another host if the selected one becomes unresponsive.

output.logstash.pipelining

2

The number of batches to send asynchronously to Logstash while waiting for an ACK from Logstash. Specify 0 to disable pipelining.

output.logstash.proxy_url

The URL of the SOCKS5 proxy to use when connecting to the Logstash servers. The value must be a URL with a scheme of socks5://. You can embed a username and password in the URL (for example, socks5://user:password@socks5-proxy:2233).

output.logstash.proxy_use_local_resolver

false

Whether to resolve Logstash hostnames locally when using a proxy. If false, name resolution occurs on the proxy server.

output.logstash.slow_start

false

When enabled, only a subset of events in a batch are transferred per transaction. If there are no errors, the number of events per transaction is increased up to the bulk max size (see output.logstash.bulk_max_size). On error, the number of events per transaction is reduced again.

output.logstash.timeout

30

The number of seconds to wait for responses from the Logstash server before timing out.

output.logstash.ttl

0

Time to live for a connection to Logstash after which the connection will be re-established. Useful when Logstash hosts represent load balancers. Because connections to Logstash hosts are sticky, operating behind load balancers can lead to uneven load distribution across instances. Specify a TTL on the connection to distribute connections across instances. Specify 0 to disable this feature. This option is not supported if output.logstash.pipelining is set.

output.logstash.worker

1

The number of workers per configured host publishing events to Logstash. Use with load balancing mode (output.logstash.loadbalance) set to true. Example: If you have 2 hosts and 3 workers, in total 6 workers are started (3 for each host).

Kafka output options

edit

Coming in a future update. This documentation is a work in progress.

Need the docs now? See the Kafka output docs for Filebeat. The Elastic Logging Plugin supports most of the same options, just make sure you use the fully qualified setting names.

Redis output options

edit

Coming in a future update. This documentation is a work in progress.

Need the docs now? See the Redis output docs for Filebeat. The Elastic Logging Plugin supports most of the same options, just make sure you use the fully qualified setting names.