diff --git a/README.md b/README.md
index 1f1da2f..0ad1776 100644
--- a/README.md
+++ b/README.md
@@ -254,6 +254,7 @@ A collection of delicious docker recipes.
 - [x] puckel/docker-airflow
 - [x] drone/drone
 - [x] drupal
+- [x] elastalert
 - [x] elk
 - [x] ghost
 - [x] gitlab/gitlab-ce
diff --git a/elastalert/README.md b/elastalert/README.md
new file mode 100644
index 0000000..de277a7
--- /dev/null
+++ b/elastalert/README.md
@@ -0,0 +1,13 @@
+ElastAlert
+==========
+
+http://elastalert.readthedocs.io/en/latest/
+
+```bash
+$ docker-compose up -d
+$ docker-compose exec elastalert sh
+>>> cd /opt/elastalert/rules
+>>> elastalert-test-rule xxx.yaml
+>>> exit
+$ docker-compose restart
+```
diff --git a/elastalert/data/config.yaml b/elastalert/data/config.yaml
new file mode 100644
index 0000000..9d7b677
--- /dev/null
+++ b/elastalert/data/config.yaml
@@ -0,0 +1,49 @@
+# The elasticsearch hostname for metadata writeback
+# Note that every rule can have its own elasticsearch host
+es_host: elasticsearch
+
+# The elasticsearch port
+es_port: 9200
+
+# This is the folder that contains the rule yaml files
+# Any .yaml file will be loaded as a rule
+rules_folder: rules
+
+# How often ElastAlert will query elasticsearch
+# The unit can be anything from weeks to seconds
+run_every:
+  seconds: 60
+
+# ElastAlert will buffer results from the most recent
+# period of time, in case some log sources are not in real time
+buffer_time:
+  minutes: 15
+
+# Optional URL prefix for elasticsearch
+#es_url_prefix: elasticsearch
+
+# Connect with TLS to elasticsearch
+#use_ssl: True
+
+# Verify TLS certificates
+#verify_certs: True
+
+# GET request with body is the default option for Elasticsearch.
+# If it fails for some reason, you can pass 'GET', 'POST' or 'source'.
+# See http://elasticsearch-py.readthedocs.io/en/master/connection.html?highlight=send_get_body_as#transport
+# for details
+#es_send_get_body_as: GET
+
+# Option basic-auth username and password for elasticsearch
+#es_username: someusername
+#es_password: somepassword
+
+# The index on es_host which is used for metadata storage
+# This can be a unmapped index, but it is recommended that you run
+# elastalert-create-index to set a mapping
+writeback_index: elastalert_status
+
+# If an alert fails for some reason, ElastAlert will retry
+# sending the alert until this time period has elapsed
+alert_time_limit:
+  hours: 2
diff --git a/elastalert/docker-compose.yml b/elastalert/docker-compose.yml
new file mode 100644
index 0000000..af4fa04
--- /dev/null
+++ b/elastalert/docker-compose.yml
@@ -0,0 +1,11 @@
+elastalert:
+  image: bitsensor/elastalert
+  ports:
+    - "3030:3030"
+  volumes:
+    - ./data/config.yaml:/opt/elastalert/config.yaml
+    - ./data/rules:/opt/elastalert/rules
+  environment:
+    - ES_HOST=elasticsearch
+    - ES_PORT=9200
+  restart: always