mirror of
https://github.com/vimagick/dockerfiles.git
synced 2024-11-28 09:08:36 +02:00
85 lines
1.4 KiB
Markdown
85 lines
1.4 KiB
Markdown
ELK
|
|
===
|
|
|
|
- Elasticsearch
|
|
- Logstash
|
|
- Kibana
|
|
|
|
## How it works
|
|
|
|
|
|
|
|
## Up and running
|
|
|
|
```bash
|
|
$ sysctl -w vm.max_map_count=262144
|
|
$ vi /etc/sysctl.conf
|
|
vm.max_map_count = 262144
|
|
$ chown -R 1000:1000 data
|
|
$ docker-compose up -d
|
|
```
|
|
|
|
## Delete indices older than 7 days
|
|
|
|
File: delete-indices.yml
|
|
|
|
```yaml
|
|
---
|
|
actions:
|
|
1:
|
|
action: delete_indices
|
|
description: >-
|
|
Delete indices older than 7 days (based on index name), for logstash-
|
|
prefixed indices. Ignore the error if the filter does not result in an
|
|
actionable list of indices (ignore_empty_list) and exit cleanly.
|
|
options:
|
|
ignore_empty_list: True
|
|
disable_action: False
|
|
filters:
|
|
- filtertype: pattern
|
|
kind: prefix
|
|
value: logstash-
|
|
- filtertype: age
|
|
source: name
|
|
direction: older
|
|
timestring: '%Y.%m.%d'
|
|
unit: days
|
|
unit_count: 7
|
|
```
|
|
|
|
File: ~/.curator/curator.yml
|
|
|
|
```yaml
|
|
client:
|
|
hosts:
|
|
- 127.0.0.1
|
|
```
|
|
|
|
```bash
|
|
$ pip install elasticsearch-curator
|
|
$ curator delete-indices.yml
|
|
```
|
|
|
|
## Send container's log to ELK
|
|
|
|
```nginx
|
|
input {
|
|
gelf {
|
|
port => 12201
|
|
}
|
|
}
|
|
```
|
|
|
|
```yaml
|
|
test:
|
|
image: alpine
|
|
command: 'sh -c "while :; do date; sleep 1; done"'
|
|
log_driver: gelf
|
|
log_opt:
|
|
gelf-address: udp://x.x.x.x:12201
|
|
tag: test
|
|
```
|
|
|
|
Search `tag: test` in kibana to show recent logging.
|
|
|