Skip to main content

Version: 3.9.0

Log with Elasticsearch

Elasticsearch is a popular JSON-based datastore for storing and indexing large volumes of data. It is often used to store logs from various sources and works with tools like Logstash and Kibana to form an entire observability stack known as the Elastic (ELK) Stack.

APISIX supports forwarding its logs directly to Elasticsearch through the elasticsearch-logger plugin. These logs can then be searched, filtered, and visualized through Kibana to gather insights to manage applications.

This guide will show you how to enable the elasticsearch-logger plugin to integrate APISIX with the ELK stack for observability.

Forward APISIX logs to Elasticsearch


Start Elasticsearch and Kibana


APISIX currently supports Elasticsearch versions up to and including 7.x. This guide uses version 7.17.1 for both Elasticsearch and Kibana.

Start an Elasticsearch instance in Docker:

docker run -d \
--name elasticsearch \
--network apisix-quickstart-net \
-v elasticsearch_vol:/usr/share/elasticsearch/data/ \
-p 9200:9200 \
-p 9300:9300 \
-e ES_JAVA_OPTS="-Xms512m -Xmx512m" \
-e discovery.type=single-node \
-e \

Start a Kibana instance in Docker to visualize the indexed data in Elasticsearch:

docker run -d \
--name kibana \
--network apisix-quickstart-net \
-p 5601:5601 \
-e ELASTICSEARCH_HOSTS="http://elasticsearch:9200" \

If successful, you should see the Kibana web dashboard on localhost:5601.

Enable elasticsearch-logger Plugin

Create a route to forward all requests to /ip to

curl -i "" -X PUT -d '
"id": "quickstart-client-ip",
"uri": "/ip",
"upstream": {
"nodes": {
"type": "roundrobin"

An HTTP/1.1 200 OK response verifies that the route is created successfully.

Enable the elasticsearch-logger plugin as a global rule for all routes, or on the route created above:

Enable the elasticsearch-logger plugin on all routes:

curl "" -X PUT -d '
"id": "elasticsearch",
"plugins": {
"elasticsearch-logger": {
"endpoint_addr": "http://elasticsearch:9200",
"field": {
"index": "gateway",
"type": "logs"
"ssl_verify": false,
"timeout": 60,
"retry_delay": 1,
"buffer_duration": 60,
"max_retry_count": 0,
"batch_max_size": 5,
"inactive_timeout": 5

Customize Log Format

As an optional step, you can customize the log format for elasticsearch-logger. The log format of most APISIX logging plugins could be customized locally on the plugin (e.g. bound to a route) and/or globally with plugin metadata.

Add host address, timestamp, and client IP address to the logs with built-in variables:

curl "" -X PUT -d '

Configure Kibana

Send some requests to the route to generate an access log entry:

for i in {1..10}; do
curl -i ""

Open Kibana dashboard on localhost:5601 and click the Discover tab from the menu. Create a new index pattern to fetch the data from Elasticsearch:

Create index pattern

Create a pattern gateway to match the indexed data in Elasticsearch:

Create index pattern for the gateway index

If your configuration is correct, you can go back to the discover page and view the logs from APISIX:

Search through APISIX logs in Kibana

Next Steps

See elasticsearch-logger plugin reference to learn more about the plugin configuration options (coming soon). Logo

API Management for Modern Architectures with Edge, API Gateway, Kubernetes, and Service Mesh.


API7 Cloud

SOC2 Type IRed Herring

Copyright © APISEVEN Ltd. 2019 – 2024. Apache, Apache APISIX, APISIX, and associated open source project names are trademarks of the

Apache Software Foundation