Kiba>> docker-elk>> 返回
项目作者: githubcdr

项目描述 :
Elasticsearch Logstash Kibana 5 on Alpine Docker
高级语言: Dockerfile
项目地址: git://github.com/githubcdr/docker-elk.git
创建时间: 2016-10-31T21:00:32Z
项目社区:https://github.com/githubcdr/docker-elk
开源协议:MIT License
下载


Elasticsearch, Logstash and Kibana 5.6.16

This is a small container at only 300Mb compressed, running a full functional ELK 5 stack.

Important

Make sure your docker hosts has the folowing sysctl setting, this is required for ELK

insert in /etc/sysctl.conf

  1. vm.max_map_count = 262144

or run

  1. sysctl -w vm.max_map_count=262144

Features

  • filebeat support
  • cisco syslog support
  • yum.log support via filebeat
  • nginx accesslogs support
  • updated upstream grok patterns
  • running on Alpine Linux with s6, small, clean and efficient
  • Maxmind geo data enabled
  • Each process runs as own user, in docker ;)
  • multi input index is created based on type

Instructions

Start the container

  1. docker run -d -p 5601:5601 -p 9200:9200 -p 5044:5044 \
  2.   -v /var/lib/elasticsearch:/var/lib/elasticsearch \
  3.   --name elk \
  4.   cdrocker/elk5:latest

Check progress with

  1. docker logs -f elk

You can now open kibana http://elasticsearchhost:5601

There will probably be no index patterns, you’ll have to import them manually. For beats you can use the new import_dashboards script which automate this process. (Install filebeat for this functionality.)

  1. /usr/share/filebeat/scripts/import_dashboards -es http://<elasticsearch>:9200
  2. /usr/share/metricbeat/scripts/import_dashboards -es http://<elasticsearch>:9200
  3. /usr/share/packetbeat/scripts/import_dashboards -es http://<elasticsearch>:9200

Todo

  • Add java environment options
  • autoupdate GEO data
  • curator install
  • auto cleanup of old indices
  • elasticsearch plugins