EleasticSearch, LogStash, Kibana

EleasticSearch, LogStash, Kibana

ELK Stack

ELK Stack

ELK in one docker image

• install

sudo docker run -p 5601:5601 -p 9200:9200 -p 5044:5044 -p 5000:5000 -it --name elk sebp/elk

• ports
  • 5601 (Kibana web interface).
  • 9200 (Elasticsearch JSON interface).
  • 5044 (Logstash Beats interface, receives logs from Beats such as Filebeat – see the Forwarding logs section below).

  • 5000 (Logstash Lumberjack interface, receives logs from Logstash forwarders – see the Forwarding logs section below).

    
    
    

    ELK Ports

Steps

• First try
  × curl -XGET http://localhost:9200/_stats
  • /opt/logstash/bin/logstash -e 'input { stdin { } } output { elasticsearch { hosts => ["127.0.0.1"] } }'
  • curl -XPUT 'http://localhost:9200/_template/filebeat?pretty' -d@/etc/filebeat/filebeat.template.json
  • sudo /etc/init.d/filebeat start
  • sudo /etc/init.d/filebeat stop

Linking a Docker container to the ELK container

sudo docker run -p 5601:5601 -p 9200:9200 -p 5044:5044 -p 5000:5000 -it --name elk sebp/elk
sudo docker run -p 80:80 -it --link elk:elk your/image

Storing log data

• sudo docker run -p 5601:5601 -p 9200:9200 -p 5000:5000 -v /var/lib/elasticsearch --name elk_data sebp/elk
• sudo docker run -p 5601:5601 -p 9200:9200 -p 5000:5000 --volumes-from elk_data --name elk sebp/elk