diff --git a/docker-compose.build.yml b/docker-compose.build.yml
index fd0601794..a850eac1b 100644
--- a/docker-compose.build.yml
+++ b/docker-compose.build.yml
@@ -45,3 +45,6 @@ services:
   admin:
     image: ghcr.io/opexdev/admin:$TAG
     build: admin/admin-app
+  filebeat:
+    image: ghcr.io/opexdev/filebeat:$TAG
+    build: docker-images/filebeat
diff --git a/docker-compose.override.yml b/docker-compose.override.yml
index 15de102ab..42d161abf 100644
--- a/docker-compose.override.yml
+++ b/docker-compose.override.yml
@@ -41,3 +41,5 @@ services:
     build: captcha/captcha-app
   admin:
     build: admin/admin-app
+  filebeat:
+    build: docker-images/filebeat
diff --git a/docker-compose.yml b/docker-compose.yml
index ba0bf4dbb..fd96279eb 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -481,6 +481,35 @@ services:
     deploy:
       restart_policy:
         condition: on-failure
+  elasticsearch:
+    image: elastic/elasticsearch:8.3.2
+    environment:
+      - ES_JAVA_OPTS=-Xms1g -Xmx1g
+      - discovery.type=single-node
+      - ingest.geoip.downloader.enabled=false
+      - node.name=elasticsearch
+      - network.publish_host=elasticsearch
+    volumes:
+      - elasticsearch_data:/usr/share/elasticsearch/data
+    networks:
+      - default
+  kibana:
+    image: elastic/kibana:8.3.2
+    environment:
+      - SERVER_PUBLICBASEURL=$KIBANA_PUBLIC_URL
+      - ELASTICSEARCH_SSL_VERIFICATIONMODE=certificate
+    networks:
+      - default
+  filebeat:
+    image: ghcr.io/opexdev/opex-filebeat
+    user: root
+    environment:
+      - FILEBEAT_API_KEY=$FILEBEAT_API_KEY
+    volumes:
+      - /var/lib/docker:/var/lib/docker:ro
+      - /var/run/docker.sock:/var/run/docker.sock
+    networks:
+      - default
 volumes:
   zookeeper-data:
   zookeeper-log:
@@ -499,6 +528,7 @@ volumes:
   referral-data:
   storage-data:
   admin-data:
+  elasticsearch_data:
 networks:
   default:
     driver: bridge
diff --git a/docker-images/filebeat/Dockerfile b/docker-images/filebeat/Dockerfile
new file mode 100644
index 000000000..17c6916d4
--- /dev/null
+++ b/docker-images/filebeat/Dockerfile
@@ -0,0 +1,2 @@
+FROM elastic/filebeat:8.3.2
+COPY filebeat.yml /usr/share/filebeat/filebeat.yml
diff --git a/docker-images/filebeat/filebeat.yml b/docker-images/filebeat/filebeat.yml
new file mode 100644
index 000000000..cb86e7279
--- /dev/null
+++ b/docker-images/filebeat/filebeat.yml
@@ -0,0 +1,24 @@
+filebeat.inputs:
+  - type: filestream
+    paths:
+      - '/var/lib/docker/containers/*/*.log'
+
+processors:
+  - add_docker_metadata:
+      host: "unix:///var/run/docker.sock"
+
+  - decode_json_fields:
+      fields: [ "message" ]
+      target: "json"
+      overwrite_keys: true
+
+output.elasticsearch:
+  hosts: [ "elasticsearch:9200" ]
+  protocol: https
+  api_key: ${FILEBEAT_API_KEY}
+  ssl.verification_mode: "none"
+  indices:
+    - index: "filebeat-%{[agent.version]}-%{+yyyy.MM.dd}"
+
+logging.json: true
+logging.metrics.enabled: false