The first stage is to launch an ElasticSearch instance for storing the collected log lines. Using the official image, we need to expose the two ports required for ElasticSearch. It's important to ensure that the port 9200 and 9300 are only accessible to the appropriate machines via firewall settings. Ensure you add IP restrictions and networking to ensure you restrict access to the public.
It's important to set the environment variable LOGSPOUT=ignore when launching your ELK infrastructure. This indicates that LogSpout shouldn't be aggregating the logs for this container.
Launch Elasticsearch with the following command
docker run -d \ -p 9200:9200 \ -p 9300:9300 \ --name elk_es \ -e LOGSPOUT=ignore \ elasticsearch:1.5.2