ELK Stack on Kubernetes: Nginx Log Collection and Visualization

Collecting, parsing, storing, and visualizing application logs on Kubernetes requires wiring together multiple components in a specific sequence. This template deploys a complete ELK stack on Kubernetes for Nginx log monitoring, including Filebeat for log collection, Logstash for parsing, Elasticsearch for storage, and Kibana for visualization, all preconfigured as a working pipeline on Docker Desktop Kubernetes.

What's Included

Component	Type	Port	Role
Nginx	Deployment + Service	80	Application server generating logs at /var/log/nginx
Filebeat	Deployment	-	Log collection agent that forwards entries to Logstash
Logstash	Deployment + Service	5044	Log parsing and transformation pipeline
Elasticsearch	StatefulSet + Service	9200	Log storage and search backend
Kibana	Deployment + Service	5601	Log visualization and query interface
Ingress	Ingress	80	Routes external traffic to Nginx and Kibana at http://elk.local/

Architecture Overview

Nginx generates access and error logs at /var/log/nginx. Filebeat tails those log files and ships entries to Logstash over port 5044. Logstash parses and transforms the raw log data before forwarding it to Elasticsearch, which indexes and stores the logs for search. Kibana connects to Elasticsearch on port 9200 and provides a UI for querying and visualizing the indexed data. An Ingress exposes both Nginx and Kibana externally at http://elk.local/.

Prerequisites

Docker Desktop with Kubernetes enabled
NGINX Ingress Controller installed
elk.local added to your /etc/hosts file pointing at 127.0.0.1
KubeKanvas CLI installed and running on your computer (Optional, if you want to use one-click deployment)

How to Deploy

Click on the button at the top right corner of this page to load the manifest into the editor.
Add 127.0.0.1 elk.local to your /etc/hosts file before deploying.
Review the Filebeat configuration to confirm the log path matches the Nginx log volume mount.
Deploy the template to your cluster via the Play button in the top right bar. If you prefer to deploy manually, download the YAML and apply it with kubectl.
Wait for all pods to reach Running status. You can monitor progress in the Release Monitor screen.

How to Test

Confirm all five pods are running: kubectl get pods -n <namespace> — Nginx, Filebeat, Logstash, Elasticsearch, and Kibana should all show Running.
Open http://elk.local/ in your browser and confirm the Nginx default page loads, generating log entries.
Access Kibana at http://elk.local/ or via port-forward: kubectl port-forward svc/kibana 5601:5601 -n <namespace>, then open it at http://localhost:5601.
In Kibana, go to Discover and create an index pattern for Elasticsearch. Confirm Nginx log entries are appearing.
If no logs appear in Kibana, check Filebeat for connectivity errors: kubectl logs <filebeat-pod> -n <namespace>.

Use Cases

Nginx log monitoring on Kubernetes: Collecting and visualizing Nginx access and error logs from a pod without external log infrastructure.
ELK stack local development: Running the full Filebeat, Logstash, Elasticsearch, and Kibana pipeline on Docker Desktop for learning and prototyping.
Log pipeline validation: Testing a Filebeat to Logstash to Elasticsearch pipeline locally before deploying it to a staging or production cluster.
Structured log search: Indexing parsed Nginx logs in Elasticsearch and querying them in Kibana using KQL or Lucene syntax.

Summary

This template configures a complete ELK stack on Kubernetes for Nginx log collection, parsing, storage, and visualization using Filebeat, Logstash, Elasticsearch, and Kibana.

Tags:

ElasticsearchKubernetesLog MonitoringFilebeatLogstashKibana

Created by:

Mahmood

ELK Stack on Kubernetes: Nginx Log Collection and Visualization template preview

3 uses

What's Included

Component	Type	Port	Role
Nginx	Deployment + Service	80	Application server generating logs at /var/log/nginx
Filebeat	Deployment	-	Log collection agent that forwards entries to Logstash
Logstash	Deployment + Service	5044	Log parsing and transformation pipeline
Elasticsearch	StatefulSet + Service	9200	Log storage and search backend
Kibana	Deployment + Service	5601	Log visualization and query interface
Ingress	Ingress	80	Routes external traffic to Nginx and Kibana at http://elk.local/

Architecture Overview

How to Deploy

Click on the button at the top right corner of this page to load the manifest into the editor.

Add 127.0.0.1 elk.local to your /etc/hosts file before deploying.

Review the Filebeat configuration to confirm the log path matches the Nginx log volume mount.

Deploy the template to your cluster via the Play button in the top right bar. If you prefer to deploy manually, download the YAML and apply it with kubectl.

Wait for all pods to reach Running status. You can monitor progress in the Release Monitor screen.

How to Test

Confirm all five pods are running: kubectl get pods -n <namespace> — Nginx, Filebeat, Logstash, Elasticsearch, and Kibana should all show Running.

Open http://elk.local/ in your browser and confirm the Nginx default page loads, generating log entries.

Access Kibana at http://elk.local/ or via port-forward: kubectl port-forward svc/kibana 5601:5601 -n <namespace>, then open it at http://localhost:5601.

In Kibana, go to Discover and create an index pattern for Elasticsearch. Confirm Nginx log entries are appearing.

If no logs appear in Kibana, check Filebeat for connectivity errors: kubectl logs <filebeat-pod> -n <namespace>.

Use Cases

Nginx log monitoring on Kubernetes: Collecting and visualizing Nginx access and error logs from a pod without external log infrastructure.

ELK stack local development: Running the full Filebeat, Logstash, Elasticsearch, and Kibana pipeline on Docker Desktop for learning and prototyping.

Log pipeline validation: Testing a Filebeat to Logstash to Elasticsearch pipeline locally before deploying it to a staging or production cluster.

Structured log search: Indexing parsed Nginx logs in Elasticsearch and querying them in Kibana using KQL or Lucene syntax.