Enabling Centralized Application Logging using the Elastic (ELK) Stack from Stratch: A 15-minutes walkthrough

A Quick 15-minutes walkthrough with a Squid Proxy and Docker

It has been a couple of years since I setup an Elastic stack (ELK) to be used for centralized application logging. A lot changed since then and while taking a fresh new look over this, I decided to write this quick walkthrough to share my insights and get you up and running fast.

Starting from scratch

What is the Elastic (ELK) Stack?

In a nutshell, Elastic (previsouly known as Elastic Search) provides three core projects: Elasticsearch - a search and analytics engine, Logstash - data processing and transformation pipeline and Kibana - web UI to visualize data. Together, they form the acronym ELK.

Afterwards, Elastic launched a fourth project called Beats - lightweight and single-purpose data shippers - and decided to rename the combination of all projects to simply Elastic Stack.

If you want to learn more about the history behind it you can find a really nice explanation here: https://www.elastic.co/elk-stack

Where does the Squid Proxy and Docker fit?

I picked Squid as my guinea pig application and my goal was to send, store and visualize the squid logs in a central place. Squid was chosen because it is an application/service commonly used in a real production environment. I…