Based on the official Docker images:
- Install Docker version 1.10.0+
- Install Docker Compose version 1.6.0+
- Clone this repository
On distributions which have SELinux enabled out-of-the-box you will need to either re-context the files or set SELinux into Permissive mode in order for docker-elk to start properly. For example on Redhat and CentOS, the following will apply the proper context:
$ chcon -R system_u:object_r:admin_home_t:s0 docker-elk/Start the ELK stack using docker-compose:
$ docker-compose upYou can also choose to run it in background (detached mode):
$ docker-compose up -dGive Kibana about 2 minutes to initialize, then access the Kibana web UI by hitting http://localhost:5601 with a web browser.
By default, the stack exposes the following ports:
- 5000: Logstash TCP input.
- 31311: Logstash http input.(with logstash-input-http plugin)
- 9200: Elasticsearch HTTP
- 9300: Elasticsearch TCP transport
- 5601: Kibana
When Kibana launches for the first time, it is not configured with any index pattern.
NOTE: You need to inject data into Logstash before being able to configure a Logstash index pattern via the Kibana web UI. Then all you have to do is hit the Create button.
Refer to Connect Kibana with Elasticsearch for detailed instructions about the index pattern configuration.
Run this command to create a Logstash index pattern:
$ curl -XPUT -D- 'http://localhost:9200/.kibana/index-pattern/logstash-*' \
-H 'Content-Type: application/json' \
-d '{"title" : "logstash-*", "timeFieldName": "@timestamp", "notExpandable": true}'This command will mark the Logstash index pattern as the default index pattern:
$ curl -XPUT -D- 'http://localhost:9200/.kibana/config/5.5.1' \
-H 'Content-Type: application/json' \
-d '{"defaultIndex": "logstash-*"}'