Deploy Elastic Stack 5.2.0+ on swarm mode cluster, access container logs in elk.
+------------+ +------------+ +------------+
| Dockerd | | Dockerd | | Dockerd |
| GELF UDP | | GELF UDP | | GELF UDP |
+------------+ +------------+ +------------+
| | |
+------------+ +------------+ +------------+
| Logstash | | Logstash | | Logstash |
| Shipper | | Shipper | | Shipper |
+------------+ +------------+ +------------+
| | |
| +------------+ |
|___________________| Redis |__________________|
| Broker |
+------------+
|
+------------+
| Logstash |
| Indexer |
+------------+
|
+----------------+
| Elasticsearch |
+----------------+
|
+------------+
| Kibana |
+------------+
- Docker 1.13.0+
- Compose 1.10.0+
- Optional when deploy test example within this project
- Netshare plugin 0.32
- Add new environment files, eg.
env_files/test
When deploy test example within this project, you only need to modify
ELASTICSEARCH_DATA_PATHandREDIS_DATA_PATHthese two variables inenv_files/test/common.envfile.
- Create the
.envfile used bydocker-compose
./env.sh test
- Create the
elk stackcompose file
docker-compose config > elk-stack.yml
- Deploy
elk stacktoswarm modecluster
docker stack deploy -c elk-stack.yml $COMPOSE_PROJECT_NAME
- Create the
logstash shippercompose file
docker-compose -f logstash-shipper.yml config > elk-logstash-shipper.yml
- Deploy
logstash shipperto every node inswarm modecluster
docker stack deploy -c elk-logstash-shipper.yml elk-logstash
- Send some container logs to
logstash shipperbygelflogging drivers
docker run --rm --log-driver gelf --log-opt gelf-address=udp://127.0.0.1:9500 -d alpine echo hello world
- Browser to
Kibanapages
http://swarm-node-host:5601
- Configure an index pattern with
logstash-*inKibana, then select the time range of today
- Increase the default operating system vm.max_map_count limits
sudo sysctl -w vm.max_map_count=262144
- You can use other volume plugins by fork this project then modify the
driveranddriver_optsunder the top-levelvolumeskey