This project provides an example configuration for a containerised stack to collect, aggregate and visualise metrics and logs from host, containers and running applications. It relies heavily on the the Elastic Stack and docker engine features such as logging and is designed to be extended to provide additional behaviour and should not be considered production ready due to lack of HA, replication, security and redundancy etc. If desired this could be configured, but is not in scope for this project.

The core components are:

• Elasticsearch - Document database for storing the log and metric data sample documents
• Metricbeat - Agent to pull host and container metrics to be pushed to logstash
• Logstash - Data pipeline and transformation tool
• Kibana - Visualisation and searching tool for data store in Elasticsearch
• Portainer - Docker Engine management UI
• Application - The target application (Spring boot 2.1.x) HTTP server to demonstrate logging

Docker Swarm enabled engine 19+ Docker compose 1.24.1+ At least 4G memory, but may work with less!

Swarm can be enabled on a single node by issuing:

docker swarm init

Using the CLI in your favourite shell working in the root of this repo once cloned

Build the Spring application:

docker-compose -f application.yml build

Pull all the images:

docker-compose -f portainer.yml -f elastic.yml -f elk.yml pull

Deploy Portainer to get a nice UI over Docker

docker stack deploy -c portainer.yml portainer

Point a browser at http://localhost:9000

Deploy elasticsearch and kibana along with populating the metricbeat index template:

docker stack deploy -c elastic.yml elk

Wait until the metricbeat-index-management has completed successfully, then deploy the rest of the ELK stack into the same stack:

docker stack deploy -c elk.yml elk

And the application into a separate stack:

docker stack deploy -c application.yml application

This will have started all of the applications with metricbeat collecting metrics about the docker swarm containers, hosts and logging configured and available for the application.

The relevant visualisation tools are available in a browser at the following. WARNING - no or minimal security configuration has been made to the services and will need to be configured to your risk profile as desired for production.

• Portainer - http://localhost:9000/#/home
• Kibana - http://localhost:5601
• Grafana - http://localhost:3000
• Application - http://localhost:8080/greeting?message=

There is a datasource and simple dashboard pre-configured in Grafana to show how data can be visualised.

A simple test for the log aggregation can be performed using curl / putty by requesting

curl "localhost:8080/greeting?message=hello"

docker stack rm application elk portainer

docker volume rm elk_esdata elk_grafana-storage