2015-02-27 19:03:06 +01:00
# Docker ELK stack
2014-12-15 13:59:41 +01:00
2015-02-21 08:52:34 +01:00
[](https://gitter.im/deviantony/fig-elk?utm_source=badge& utm_medium=badge& utm_campaign=pr-badge& utm_content=badge)
2015-02-27 19:03:06 +01:00
Run the ELK (Elasticseach, Logstash, Kibana) stack with Docker and Docker-compose.
2014-11-18 21:08:33 +01:00
2015-02-14 09:02:31 +01:00
It will give you the ability to quickly test your logstash filters and check how the data can be processed in Kibana.
2015-04-24 08:30:14 +02:00
Based on the 3 following Docker images:
2014-11-19 19:04:36 +01:00
* [elk-elasticsearch ](https://github.com/deviantony/docker-elk-elasticsearch )
* [elk-logstash ](https://github.com/deviantony/docker-elk-logstash )
* [elk-kibana ](https://github.com/deviantony/docker-elk-kibana )
2015-04-24 08:30:14 +02:00
# HOW TO
## Setup
2014-11-18 21:08:33 +01:00
1. Install [Docker ](http://docker.io ).
2015-02-27 19:03:06 +01:00
2. Install [Docker-compose ](http://docs.docker.com/compose/install/ ).
2014-11-19 17:43:45 +01:00
3. Clone this repository
2015-04-24 04:34:50 +02:00
2015-04-24 08:30:14 +02:00
### SELinux
On distributions which have SELinux enabled out-of-the-box you will need to either re-context the files or set SELinux into Permissive mode in order for fig-elk to start properly.
For example on Redhat and CentOS, the following will apply the proper context:
2015-04-24 04:34:50 +02:00
```
.-root@centos ~
`-$ chcon -R system_u:object_r:admin_home_t:s0 fig-elk/
```
2015-04-24 08:30:14 +02:00
## Usage
2014-11-18 21:08:33 +01:00
2015-04-24 08:30:14 +02:00
### Start the stack and inject logs
First step, you can edit the logstash-configuration in *logstash-conf/logstash.conf* . You can add filters you want to test for example.
Then, start the ELK stack using *docker-compose* :
```
$ docker-compose up
```
You can also choose to run it in background (detached mode):
```
$ docker-compose up -d
```
Now that the stack is running, you'll want to inject logs in it. The shipped logstash configuration allows you to send content via tcp:
```
$ nc localhost 5000 < /path/to/logfile.log
```
### Playing with the stack
The stack exposes 4 ports on your localhost:
2015-04-13 12:21:50 +02:00
2014-11-18 21:08:33 +01:00
* 5000: Logstash TCP input.
2015-04-24 08:30:14 +02:00
* 9200: Elasticsearch HTTP (with Marvel plugin accessible via [http://localhost:9200/_plugin/marvel ](http://localhost:9200/_plugin/marvel ))
* 8080: Kibana 3 web interface, access it via [http://localhost:8080 ](http://localhost:8080 )
* 5601: Kibana 4 web interface, access it via [http://localhost:5601 ](http://localhost:5601 )
### Boot2docker
If you're using *boot2docker* , you must access it via the *boot2docker* IP address:
* http://boot2docker-ip-address:9200/_plugin/marvel to access the Marvel plugin.
* http://boot2docker-ip-address:8080 to use Kibana 3.
* http://boot2docker-ip-address:5601 to use Kibana 4.
