1
0
mirror of https://github.com/vimagick/dockerfiles.git synced 2024-11-28 09:08:36 +02:00
dockerfiles/elk
2018-01-26 23:02:32 +08:00
..
arm/elasticsearch update 2016-11-01 18:24:37 +08:00
data add gelf support to ELK 2018-01-25 16:01:00 +08:00
delete-indices.yml add script for elk 2018-01-16 10:30:12 +08:00
docker-compose.yml update elk 2018-01-26 23:02:32 +08:00
README.md fix ELK 2018-01-26 19:28:53 +08:00

ELK

  • Elasticsearch
  • Logstash
  • Kibana

How it works

Up and running

$ sysctl -w vm.max_map_count=262144
$ vi /etc/sysctl.conf
  vm.max_map_count = 262144
$ chown -R 1000:1000 data
$ docker-compose up -d

Delete indices older than 7 days

---
actions:
  1:
    action: delete_indices
    description: >-
      Delete indices older than 7 days (based on index name), for logstash-
      prefixed indices. Ignore the error if the filter does not result in an
      actionable list of indices (ignore_empty_list) and exit cleanly.      
    options:
      ignore_empty_list: True
      disable_action: False
    filters:
    - filtertype: pattern
      kind: prefix
      value: logstash-
    - filtertype: age
      source: name
      direction: older
      timestring: '%Y.%m.%d'
      unit: days
      unit_count: 7
$ pip install elasticsearch-curator
$ curator delete-indices.yml

Send container's log to ELK

input {
  gelf {
    port => 12201
  }
}
test:
  image: alpine
  command: 'sh -c "while :; do date; sleep 1; done"'
  log_driver: gelf
  log_opt:
    gelf-address: udp://x.x.x.x:12201
    tag: test

Search tag: test in kibana to show recent logging.