1
0
mirror of https://github.com/vimagick/dockerfiles.git synced 2024-12-12 11:14:57 +02:00
dockerfiles/elk/README.md

98 lines
1.9 KiB
Markdown
Raw Normal View History

2016-10-29 09:20:25 +02:00
ELK
===
- Elasticsearch
- Logstash
- Kibana
2019-08-03 08:36:15 +02:00
- APM Server
2018-01-16 04:29:51 +02:00
2018-01-26 05:03:57 +02:00
## How it works
![](https://logz.io/wp-content/uploads/2017/03/elk-pipeline-in-docker-environment.png)
## Up and running
```bash
$ sysctl -w vm.max_map_count=262144
$ vi /etc/sysctl.conf
vm.max_map_count = 262144
2018-01-26 13:28:53 +02:00
$ chown -R 1000:1000 data
2018-01-26 05:03:57 +02:00
$ docker-compose up -d
```
2019-11-04 20:09:26 +02:00
## Docker Config
- https://github.com/elastic/dockerfiles
- https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html
- https://www.elastic.co/guide/en/logstash/current/docker-config.html
- https://www.elastic.co/guide/en/kibana/current/docker.html
## Logstash Config
- https://www.elastic.co/guide/en/logstash/current/configuration-file-structure.html
- https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html
2018-01-16 04:29:51 +02:00
## Delete indices older than 7 days
2018-11-05 11:35:07 +02:00
File: delete-indices.yml
2018-01-16 04:29:51 +02:00
```yaml
---
actions:
1:
action: delete_indices
description: >-
Delete indices older than 7 days (based on index name), for logstash-
prefixed indices. Ignore the error if the filter does not result in an
actionable list of indices (ignore_empty_list) and exit cleanly.
options:
ignore_empty_list: True
disable_action: False
filters:
- filtertype: pattern
kind: prefix
value: logstash-
- filtertype: age
source: name
direction: older
timestring: '%Y.%m.%d'
unit: days
unit_count: 7
```
2018-11-05 11:35:07 +02:00
File: ~/.curator/curator.yml
```yaml
client:
hosts:
- 127.0.0.1
```
2018-01-16 04:29:51 +02:00
```bash
$ pip install elasticsearch-curator
$ curator delete-indices.yml
```
2018-01-25 10:01:00 +02:00
## Send container's log to ELK
```nginx
input {
gelf {
port => 12201
}
}
```
```yaml
test:
image: alpine
command: 'sh -c "while :; do date; sleep 1; done"'
log_driver: gelf
log_opt:
gelf-address: udp://x.x.x.x:12201
tag: test
```
Search `tag: test` in kibana to show recent logging.