The vm.max_map_count kernel setting needs to be set to at least 262144 for production use
sysctl -w vm.max_map_count=262144
docker run \
-tid \
--name elasticsearch \
-p 9200:9200 \
-p 9300:9300 \
docker.elastic.co/elasticsearch/elasticsearch:6.7.0
docker run \
-tid \
--name kibana \
--net=host \
-p 5601:5601 \
docker.elastic.co/kibana/kibana:6.7.0
git clone https://github.com/deviantony/docker-elk.git
cd docker-elk
docker-compose up
sudo nano filebeat.docker.yml
filebeat:
config:
modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
autodiscover:
providers:
- type: docker
hints.enabled: true
prospectors:
- input_type: log
paths:
- /var/log/*.log
output.logstash:
hosts: ["localhost:5044"]
#output.elasticsearch:
# hosts: ["http://<HOST>:<IP>"]
logging:
files:
rotateeverybytes: 10485760 # = 10MB
docker run -tid \
--name=filebeat \
--user=root \
--volume="$(pwd)/filebeat.docker.yml:/usr/share/filebeat/filebeat.yml:ro" \
--volume="/var/lib/docker/containers:/var/lib/docker/containers:ro" \
--volume="/var/run/docker.sock:/var/run/docker.sock:ro" \
docker.elastic.co/beats/filebeat:6.7.0 filebeat
Go to Management -> Index Patterns and create your index.
