Use Elasticseach 2.x, Logstash 2.x and latest Kibana version.

cb1eae11 · Anthony Lapenna · 57e09b93 · cb1eae11 · cb1eae11 · cb1eae11
Commit cb1eae11 authored Nov 01, 2015 by Anthony Lapenna
Showing with 38 additions and 7 deletions

README.md README.md +29 -5

docker-compose.yml docker-compose.yml +1 -0

Dockerfile elasticsearch/Dockerfile +2 -1

Dockerfile kibana/Dockerfile +3 -0

logstash.conf logstash/config/logstash.conf +3 -1

No files found.
--- a/README.md
+++ b/README.md
@@ -2,9 +2,9 @@

 [![Join the chat at https://gitter.im/deviantony/fig-elk](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/deviantony/fig-elk?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)

-Run the ELK (Elasticseach, Logstash, Kibana) stack with Docker and Docker-compose.
+Run the latest version of the ELK (Elasticseach, Logstash, Kibana) stack with Docker and Docker-compose.

-It will give you the ability to quickly test your logstash filters and check how the data can be processed in Kibana.
+It will give you the ability to analyze any data set by using the searching/aggregation capabilities of Elasticseach and the visualization power of Kibana.

 Based on the official images:

@@ -20,9 +20,13 @@ Based on the official images:
 2. Install [Docker-compose](http://docs.docker.com/compose/install/).
 3. Clone this repository

+## Configuration
+
+In order for Logstash to work, you'll need to replace the *MY_IP_ADDRESS* keywork with the IP address of your network interface in the logstash.conf configuration file.
+
 ## SELinux

-On distributions which have SELinux enabled out-of-the-box you will need to either re-context the files or set SELinux into Permissive mode in order for fig-elk to start properly.
+On distributions which have SELinux enabled out-of-the-box you will need to either re-context the files or set SELinux into Permissive mode in order for docker-elk to start properly.
 For example on Redhat and CentOS, the following will apply the proper context:

 ````bash
@@ -52,10 +56,19 @@ $ nc localhost 5000 < /path/to/logfile.log

 And then access Kibana UI by hitting [http://localhost:5601](http://localhost:5601) with a web browser.

+*Note*: The default index will be the Marvel index, in order to use the Logstash index you'll need to create it first. Go to Kibana settings to create your index.
+After that, you'll be able to switch to the newly created logstash index in the Discover view.
+
+You can also access:
+* Marvel: [http://localhost:5601/app/marvel](http://localhost:5601/app/marvel)
+* Sense: [http://localhost:5601/app/sense](http://localhost:5601/app/sense)
+
+*Note*: In order to use Sense, you'll need to query the IP address associated to your *network device* instead of localhost.
+
 By default, the stack exposes the following ports:
 * 5000: Logstash TCP input.
-* 9200: Elasticsearch HTTP (with Marvel plugin accessible via [http://localhost:9200/_plugin/marvel](http://localhost:9200/_plugin/marvel))
-* 5601: Kibana 4 web interface
+* 9200: Elasticsearch HTTP
+* 5601: Kibana

 *WARNING*: If you're using *boot2docker*, you must access it via the *boot2docker* IP address instead of *localhost*.

@@ -128,12 +141,23 @@ Then, you'll need to map your configuration file inside the container in the `do
 ```yml
 elasticsearch:
  build: elasticsearch/
+  command: elasticsearch -Des.network.host=0.0.0.0
  ports:
    - "9200:9200"
  volumes:
    - ./elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
 ```

+You can also specify the options you want to override directly in the command field:
+
+```yml
+elasticsearch:
+  build: elasticsearch/
+  command: elasticsearch -Des.network.host=0.0.0.0 -Des.cluster.name: my-cluster
+  ports:
+    - "9200:9200"
+```
+
 # Storage

 ## How can I store Elasticsearch data?

--- a/docker-compose.yml
+++ b/docker-compose.yml
 elasticsearch:
  build: elasticsearch/
+  command: elasticsearch -Des.network.host=0.0.0.0
  ports:
    - "9200:9200"
 logstash:

--- a/elasticsearch/Dockerfile
+++ b/elasticsearch/Dockerfile
 FROM elasticsearch:latest

-RUN plugin -i elasticsearch/marvel/latest
+RUN plugin install license
+RUN plugin install marvel-agent
--- a/kibana/Dockerfile
+++ b/kibana/Dockerfile
@@ -5,4 +5,7 @@ RUN apt-get update && apt-get install -y netcat
 COPY entrypoint.sh /tmp/entrypoint.sh
 RUN chmod +x /tmp/entrypoint.sh

+RUN kibana plugin --install elasticsearch/marvel/latest
+RUN kibana plugin --install elastic/sense
+
 CMD ["/tmp/entrypoint.sh"]
--- a/logstash/config/logstash.conf
+++ b/logstash/config/logstash.conf
@@ -7,5 +7,7 @@ input {
 ## Add your filters here

 output {
-	elasticsearch { }
+	elasticsearch {
+		hosts => "MY_IP_ADDRESS:9200"
+	}
 }