This tutorial how to install ELK stack on Docker Containers
Install Docker on Debian-Based Distributions
apt update apt install apt-transport-https ca-certificates curl software-properties-common -y echo 'deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable' >> /etc/apt/sources.list.d/docker.list curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - apt update apt install docker-ce -y curl -L https://github.com/docker/compose/releases/download/1.20.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose
Pull Elasticstack Image & Prepare
git clone https://github.com/elastic/stack-docker /user/share/elastic sysctl -w vm.max_map_count=262144
Set the PWD Environment Variable
echo 'PWD=/usr/share/elastic/' >> /usr/share/elastic/.env
Create Elasticstack containers
docker-compose -f .\setup.yml up
Save the password given at the end
NOTE: The password will only be given this once
Run the containers
docker-compose up -d
http://<IP Address>:5601 for Kibana (with your eth0 IP address)
- Username: kibana
- Password: Given earlier
http://<IP Address>:5601 for Elastic (with your eth0 IP address)
- Username: elastic
- Password: Given earlier
Configure the values in the config files
# APM /user/share/elastic/config/apm-server/apm-server.yml # Auditbeat /user/share/elastic/config/auditbeat/auditbeat.yml # Filebeat /user/share/elastic/config/filebeat/filebeat.yml # Heartbeat /user/share/elastic/config/heartbeat/heartbeat.yml # Metricbeat /user/share/elastic/config/metricbeat/metricbeat.yml # Packetbeat /user/share/elastic/config/packetbeat/packetbeat.yml
setup.kibana: host: "https://localhost:5601" protocol: "https" ssl.enabled: true
Configure the values in
server.ssl.enabled: true server.ssl.certificate: /usr/share/kibana/config/certs/kibana/kibana.crt server.ssl.key: /usr/share/kibana/config/certs/kibana/kibana.key
Then restart the stack
- You can then monitor status via
docker container ls
NOTE: It can takes a minute or so after containers are "healthy", and more time for Kibana to successfully connect to the elasticsearch service
- Docker is a set of platform as a service products that use OS-level virtualization to deliver software in packages called containers. Containers are isolated from one another and bundle their own software, libraries and configuration files; they can communicate with each other through well-defined channels.
- Elasticsearch is a search engine based on the Lucene library. It provides a distributed, multitenant-capable full-text search engine with an HTTP web interface and schema-free JSON documents.
- Logstash is a free and open server-side data processing pipeline that ingests data from a multitude of sources, transforms it, and then sends it to your favorite "stash."
- Kibana is a data visualization dashboard for Elasticsearch. It provides visualization capabilities on top of the content indexed on an Elasticsearch cluster. Users can create bar, line and scatter plots, or pie charts and maps on top of large volumes of data.