Refer https://elk-docker.readthedocs.io/#installation
$ sudo docker run -p 5601:5601 -p 9200:9200 -p 5044:5044 -it --name elk sebp/elk
Running the container using Docker Compose
elk:
image: sebp/elk
ports:
- "5601:5601"
- "9200:9200"
- "5044:5044"
$ sudo docker-compose up elk
$ sudo docker exec -it <container-name> /bin/bash
# /opt/logstash/bin/logstash --path.data /tmp/logstash/data \\
-e 'input { stdin { } } output { elasticsearch { hosts => ["localhost"] } }'
http://localhost:9200/_search?pretty&size=1000 You will see:
{
...
"hits": {
...
"hits": [ {
"_index": "logstash-...",
"_type": "logs",
...
"_source": { "message": "this is a dummy entry", "@version": "1", "@timestamp": ... }
} ]
}
}
/opt/logstash/bin/logstash --debug
/opt/logstash/bin/logstash -f your-config-file
/opt/logstash/bin/logstash-plugin list
input {
http {
host => "0.0.0.0"
port => 5044
type => http
response_headers => {
"Access-Control-Allow-Origin" => "*"
"Content-Type" => "text/plain"
"Access-Control-Allow-Headers" => "Origin, X-Requested-With, Content-Type,
Accept"
}
}
tcp {
host => "0.0.0.0"
port => 5045
codec => json_lines
type => logback
}
}
filter {
if [headers][request_method] == "OPTIONS" {
drop {}
}
}
output {
if [type]=="http" and [headers.request_method]!="OPTIONS" {
elasticsearch {
hosts => ["127.0.0.1:9200"]
manage_template => false
#index => "%{APP_NAME}-%{[@metadata][beat]}-%{+YYYY.MM.dd}"
index => "http-%{+YYYY.MM.dd}"
}
}
if [type]=="logback" {
elasticsearch {
hosts => ["127.0.0.1:9200"]
manage_template => false
#index => "%{APP_NAME}-%{[@metadata][beat]}-%{+YYYY.MM.dd}"
index => "logback-%{APP_NAME}-%{+YYYY.MM.dd}"
}
}
}