Heroku logs & ELK (Logstash + Elasticsearch + Kibana) demo

Requirements:

• Docker
• Docker Compose
• Docker Machine (if you are not using Linux)
• Heroku Toolbelt

See the demo in action:

First, start up the 3 containers (Logstash, Elasticsearch & Kibana). They'll bind the following localhost ports to each container's service:

• Port 9208: Elasticsearch HTTP endpoint
• Port 9308: Elasticsearch discovery endpoint
• Port 5608: Kibana Web UI
• Port 15148: Logstash incoming syslog endpoint

# Navigate to the project folder:
cd [wherever the project is]

# Start up the required containers:
docker-compose up -d

# You can see the logs of the started containers:
docker-compose logs

Next, start a heroku log session and re-direct it to the logstash server. Please note that this is not the recommended way to capture logs from a heroku app in a production environment - more on that later on -, but it's just to see the ELK stack in action quickly.

# Invoke the heroku log stream and redirect the output to our logstash server:

heroku logs -t --app [my app name] >> /dev/tcp/localhost/15148

In production

The best way for this to work in a production environment is configuring a heroku log drain pointing to a published logstash syslog endpoint:

heroku drains:add --app [my app name] syslog://logstash.mydomain.tld:1514