diff --git a/logstash/Dockerfile b/logstash/Dockerfile
new file mode 100644
index 00000000..3096b670
--- /dev/null
+++ b/logstash/Dockerfile
@@ -0,0 +1,25 @@
+FROM itzg/ubuntu-openjdk-7
+
+MAINTAINER itzg
+
+ENV DOCKER_VERSION 1.5.0.rc2-1
+
+RUN wget -qO /tmp/logstash.deb http://download.elastic.co/logstash/logstash/packages/debian/logstash_${DOCKER_VERSION}_all.deb
+
+RUN dpkg -i /tmp/logstash.deb && rm /tmp/logstash.deb
+
+WORKDIR /opt/logstash
+
+# For collectd reception
+EXPOSE 25826
+
+# /conf is the default directory where our logstash will read pipeline config files
+# /logs is an optional attach point to reference something like /var/log on the host
+VOLUME ["/conf","/logs"]
+
+ENV PLUGIN_UPDATES 2015-04-12
+
+RUN bin/plugin install logstash-input-heartbeat
+RUN bin/plugin install logstash-output-elasticsearch_groom
+
+CMD ["bin/logstash","agent","-f","/conf"]
diff --git a/logstash/conf/example.conf b/logstash/conf/example.conf
new file mode 100644
index 00000000..566b81f1
--- /dev/null
+++ b/logstash/conf/example.conf
@@ -0,0 +1,25 @@
+input {
+  heartbeat {
+    type => 'groom'
+    interval => 11
+    add_field => {
+      scope => 'open'
+      cutoff => '4w'
+      action => 'close'
+    }
+  }
+}
+
+output {
+
+  if [type] == 'groom' {
+    elasticsearch_groom {
+      host => 'es:9200'
+      index => 'logstash-%{+YYYY.MM.dd}'
+      scope => '%{scope}'
+      age_cutoff => '%{cutoff}'
+      action => '%{action}'
+    }
+  }
+}
+