Elastic Logstash Kibana (ELK) and multiline Java (SpringBoot) logs

One day I decided to collect all my Docker containers logs in one place.

The receipt from the Internet was pretty simple:

• Install Elastic Logstash Kibana (ELK) to the logs server (https://www.elastic.co/).
• Run Logspout (https://github.com/gliderlabs/logspout) with Logstash plugin (https://github.com/looplab/logspout-logstash) on each machine you have containers you would like to collect logs.
• Start the container with Java (SpringBoot) application.

Install ELK and Logspout

To run ELK in Docker, you can use this instruction: https://github.com/deviantony/docker-elk

Docker Compose file to run Logspout:

version: "3.7"
services:
  logspout:
    image: bekt/logspout-logstash
    restart: on-failure
    environment:
      ROUTE_URIS: logstash+tcp://<logstash server IP address>:<logstash server port>
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock

But the devil is in the details.

By default, your log message will have unparsed JSON text, this format is absolutely unuseful.