Logstash shutdown recurrenctly in docker-container

@wobmene @bellackn Sorry for the delayed answer to the above question which I had asked a long back.

To resolve the above issues, I have reconfigured ELKB with the following configuration. There might be possible that I am not giving you a full qualified justification of the above answer, but I tried my best.

quinn is the name I used for this build and services.

ELKB Repository structure

elkb    - elasticsearch        Dockerfile        elasticsearch.yml    - filebeat        Dockerfile        filebeat.yml    - kibana        Dockerfile        kibana.yml    - logstash        - pipeline            logstash.conf        Dockerfile        logstash.yml    docker-compose.yml

ELKB ports

 - elasticsearch: 9200/9300   - logstash: 9600   - kibana: 5601   - filbeats: 5044

elkb/docker-compose.yml

# Docker version 19.03.5# docker-compose version 1.25.3version: "3.7"services:  elasticsearch:    container_name: elasticsearch    build:      context: ./elasticsearch      dockerfile: Dockerfile    ports:      - 9200:9200      - 9300:9300    volumes:      - ./elasticsearch/data:/usr/share/elasticsearch/data:rw      - ./elasticsearch/logs:/usr/share/elasticsearch/logs:rw    restart: always    ulimits:      memlock:        soft: -1        hard: -1    networks:      - quinn_elkb  quinn_logstash:    container_name: quinn_logstash    build:      context: ./logstash      dockerfile: Dockerfile    ports:      - 9600:9600      - 5000:5000/udp      - 5000:5000/tcp    volumes:      - ./logstash/input-logs:/usr/share/logstash/logs      - ./logstash/data:/var/lib/logstash:rw      - ./logstash/logs:/var/logs/logstash:rw    restart: always    ulimits:      memlock:        soft: -1        hard: -1    networks:      - quinn_elkb    links:      - elasticsearch    depends_on:      - elasticsearch  quinn_kibana:    container_name: quinn_kibana    build:      context: ./kibana      dockerfile: Dockerfile    ports:      - 5601:5601    restart: always    ulimits:      memlock:        soft: -1        hard: -1    networks:      - quinn_elkb    links:      - elasticsearch    depends_on:      - elasticsearch  quinn_filebeat:    container_name: quinn_filebeat    build:      context: ./filebeat      dockerfile: Dockerfile    ports:      - 5044:5044    volumes:      - ./../logs:/input-logs    restart: always    ulimits:      memlock:        soft: -1        hard: -1    networks:      - quinn_elkb    links:      - elasticsearch    depends_on:      - elasticsearchnetworks:  quinn_elkb:    driver: bridgevolumes:  elasticsearch:    driver: local

elkb/elasticsearch/Dockerfile

FROM docker.elastic.co/elasticsearch/elasticsearch:7.6.2COPY ./elasticsearch.yml /usr/share/elasticsearch/config/elasticsearch.ymlRUN mkdir -p /var/log/elasticsearchRUN chown -R elasticsearch:elasticsearch /var/log/elasticsearchRUN mkdir -p /var/lib/elasticsearchRUN chown -R elasticsearch:elasticsearch /var/lib/elasticsearchEXPOSE 9200EXPOSE 9300

elkb/elasticsearch/elasticsearch.yml

# ======================== Elasticsearch Configuration =========================## NOTE: Elasticsearch comes with reasonable defaults for most settings.#       Before you set out to tweak and tune the configuration, make sure you#       understand what are you trying to accomplish and the consequences.## The primary way of configuring a node is via this file. This template lists# the most important settings you may want to configure for a production cluster.## Please consult the documentation for further information on configuration options:# https://www.elastic.co/guide/en/elasticsearch/reference/index.html## ---------------------------------- Cluster -----------------------------------## Use a descriptive name for your cluster:#cluster.name: quinn_es_cluster## ------------------------------------ Node ------------------------------------## Use a descriptive name for the node:#node.name: quinn_es_node_1## Add custom attributes to the node:##node.attr.rack: r1## ----------------------------------- Paths ------------------------------------## Path to directory where to store the data (separate multiple locations by comma):## ${path.data}## Path to log files:## ${path.logs}## ----------------------------------- Memory -----------------------------------## Lock the memory on startup:#bootstrap.memory_lock: true## Make sure that the heap size is set to about half the memory available# on the system and that the owner of the process is allowed to use this# limit.## Elasticsearch performs poorly when the system is swapping the memory.## ---------------------------------- Network -----------------------------------## Set the bind address to a specific IP (IPv4 or IPv6):#network.host: 0.0.0.0## Set a custom port for HTTP:#http.port: 9200## For more information, consult the network module documentation.## --------------------------------- Discovery ----------------------------------## Pass an initial list of hosts to perform discovery when this node is started:# The default list of hosts is ["127.0.0.1", "[::1]"]## discovery.seed_hosts: ["127.0.0.1", "[::1]", "0.0.0.0"]discovery.seed_hosts: ["0.0.0.0"]## Bootstrap the cluster using an initial set of master-eligible nodes:#cluster.initial_master_nodes: ["quinn_es_node_1"]## For more information, consult the discovery and cluster formation module documentation.## ---------------------------------- Gateway -----------------------------------## Block initial recovery after a full cluster restart until N nodes are started:##gateway.recover_after_nodes: 3## For more information, consult the gateway module documentation.## ---------------------------------- Various -----------------------------------## Require explicit names when deleting indices:##action.destructive_requires_name: true

elkb/filebeat/Dockerfile

FROM docker.elastic.co/beats/filebeat:7.6.2COPY filebeat.yml /usr/share/filebeat/filebeat.ymlUSER rootRUN mkdir -p /input-logs/# RUN chown root:filebeat /usr/share/filebeat/filebeat.ymlRUN chmod go-w /usr/share/filebeat/filebeat.ymlUSER filebeatEXPOSE 5044

elkb/filebeat/filebeat.yml

filebeat.inputs:  - type: log    enabled: true    paths:      # here is the reference of docker directory.      # The current directory of docker is /usr/share/filebeat      - ../../../input-logs/**/*.logprocessors:  - add_docker_metadata: ~reload.enabled: truereload.period: 10soutput.logstash:  hosts: ["quinn_logstash:5044"]logging.json: truelogging.metrics.enabled: false

elkb/kibana/Dockerfile

FROM docker.elastic.co/kibana/kibana:7.6.2COPY ./kibana.yml /usr/share/kibana/config/kibana.ymlEXPOSE 5601

elkb/kibana/kibana.yml

server.name: quinn_kibanaserver.host: "0.0.0.0"elasticsearch.hosts: ["http://elasticsearch:9200"]xpack.monitoring.ui.container.elasticsearch.enabled: true## X-Pack security credentials# elasticsearch.username: elastic# elasticsearch.password: changeme

elkb/logstash/pipeline/logstash.conf

input {  beats {    port => 5044  }}output {  elasticsearch {    hosts => "elasticsearch:9200"    index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"  }  stdout { codec => rubydebug }}

elkb/logstash/Dockerfile

FROM docker.elastic.co/logstash/logstash:7.6.2COPY ./logstash.yml /usr/share/logstash/config/logstash.ymlCOPY ./pipeline/logstash.conf /usr/share/logstash/pipeline/logstash.confEXPOSE 9600

elkb/logstash/logstash.yml

http.host: "0.0.0.0"xpack.monitoring.elasticsearch.hosts: "http://elasticsearch:9200"xpack.monitoring.enabled: true# xpack.monitoring.elasticsearch.username: elastic# xpack.monitoring.elasticsearch.password: changeme

I have read the following articles; all have an excellent reference that helps to resolve the above issues and configure the ELKB.

https://medium.com/@sece.cosmin/docker-logs-with-elastic-stack-elk-filebeat-50e2b20a27c6https://github.com/cosminseceleanu/tutorialshttps://elk-docker.readthedocs.io/#prerequisiteshttps://github.com/elastic/stack-docker/blob/master/docker-compose.ymlhttps://github.com/elastic/elasticsearch/blob/master/distribution/docker/docker-compose.ymlhttp://cambio.name/index.php/node/522