The Elastic stack (ELK) powered by Docker and Compose.
MIT License
Bot releases are hidden (Show)
Default Elastic version: 8.15.1
Note
See version selection to run a different version.
[^1]: ARG
directives in Dockerfiles
Default Elastic version: 8.12.1
Note
See version selection to run a different version.
Default Elastic version: 8.7.1
Note
See version selection to run a different version.
setup
container must now be run manually with docker-compose up setup
. This makes the process of initializing users and groups more explicit, and allows re-initializing built-in users and groups with less effort. Please refer to #798 for more information.1.28.0
.curator
extension was updated to v8.0. Curator is now major version locked with Elasticsearch. Please refer to the Curator Reference for more information.Default Elastic version: 8.6.2
Note
See version selection to run a different version.
unless-stopped
restart policy by default. As a result, their respective container gets restarted automatically after exiting, including after a reboot of the Docker host (but not when stopped manually with docker-compose [stop|down]
).127.0.0.1
(localhost) instead of 0.0.0.0
after upgrading to v8.6.
Default Elastic version: 8.5.2
Note
See version selection to run a different version.
elastic
superuser to send data to Elasticsearch. Instead, passwords for the filebeat_internal
, metricbeat_internal
and heartbeat_internal
users (inactive by default) must be set respectively in the .env
file.monitoring_internal
user (inactive by default) must be set in the .env
file for this to work.beat_system
user (inactive by default) must be set in the .env
file for this to work..env
file, and forcing the creation of missing internal users and roles.setup
container when switching between the main
and tls
branches.
Default Elastic version: 8.5.1
Note
See version selection to run a different version.
Default Elastic version: 8.3.3
Note
See version selection to run a different version.
5000
to 50000
to avoid conflicts with IANA registered ports (UPnP, Docker Registry, Apple's AirPlay Receiver, ...)Default Elastic version: 8.2.2
Note
See version selection to run a different version.
Default Elastic version: 8.0.0
Note
See version selection to run a different version.
setup
service to automate the management of required roles and user passwords1.26.0
3.7
ELK_VERSION
to ELASTIC_VERSION
Default Elastic version: 8.0.0
Note
See version selection to run a different version.
The main
branch now follows the 8.x release series of Elastic components.
Moving forward, all changes on the main
branch should be considered incompatible with the 7.x release series, which is now being tracked on the release-7.x
branch.
List of changes impacting docker-elk:
The output to Elasticsearch is handled as a data stream.
Starting with v8.0.0, the elasticsearch
output for Logstash sends log data to a data stream instead of logstash-*
indices by default. The name of the default data stream is logs-generic-default
. docker-elk remains unopinionated and simply uses Elastic's defaults like it always has, so users who prefer to retain the old behaviour need to explicitly opt-out of data streams in their Logstash pipelines.
Refs:
The (legacy) monitoring data collection is now disabled.
This feature was deprecated since v7.9.0, and removed in v8.0.0.
Ref: https://www.elastic.co/guide/en/logstash/8.0/monitoring-internal-collection-legacy.html
The command line tool elasticsearch-setup-passwords
was deprecated in favour of a new elasticsearch-reset-password
tool.
Passwords for built-in users must now be generated one by one.
Ref: https://www.elastic.co/guide/en/elasticsearch/reference/8.0/setup-passwords.html
An index pattern for logs-*
indices is automatically created.
It used to be required to manually create an index pattern for indices managed by Logstash, even when using the default Logstash indices. This is no longer the case since the output data is now being handled as a data stream, and Kibana automatically creates index patterns for these.
Kibana is now the new management interface, and the only one available moving forward.
The old standalone Enterprise Search interface was removed in v8.0.0.
Ref: https://www.elastic.co/guide/en/enterprise-search/8.0/user-interfaces.html