Running Logstash on Dockeredit

Docker images for Logstash are available from the Elastic Docker registry. The base image is ubuntu:20.04.

A list of all published Docker images and tags is available at The source code is in GitHub.

These images are free to use under the Elastic license. They contain open source and free commercial features and access to paid commercial features. Start a 30-day trial to try out all of the paid commercial features. See the Subscriptions page for information about Elastic license levels.

Pulling the imageedit

Obtaining Logstash for Docker is as simple as issuing a docker pull command against the Elastic Docker registry.

docker pull

Alternatively, you can download other Docker images that contain only features available under the Apache 2.0 license. To download the images, go to

Verifying the imageedit

Although it’s optional, we highly recommend verifying the signatures included with your downloaded Docker images to ensure that the images are valid.

Elastic images are signed with Cosign which is part of the Sigstore project. Cosign supports container signing, verification, and storage in an OCI registry. Install the appropriate Cosign application for your operating system.

Run the following commands to verify the container image signature for Logstash v8.14.1:

cosign verify --key 

Download the Elastic public key to verify container signature

Verify the container against the Elastic public key

The command prints the check results and the signature payload in JSON format, for example:

Verification for --
The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - Existence of the claims in the transparency log was verified offline
  - The signatures were verified against the specified public key