Run the ELK (Elasticseach, Logstash, Kibana) stack with Docker and Docker-compose.
It will give you the ability to quickly test your logstash filters and check how the data can be processed in Kibana.
Based on 3 Docker images:
- Install Docker.
- Install Docker-compose.
- Clone this repository
- Update the logstash-configuration in logstash-conf/logstash.conf (test your filters here)
- docker-compose up
- nc localhost 5000 < /some/log/file.log
- http://localhost:8080 to see the messages show up in Kibana 3.
- http://localhost:5601 to use Kibana 4.
NOTE: If you're using boot2docker, you must access it via the boot2docker IP address:
- http://boot2docker-ip-address:8080 to see the messages show up in Kibana 3.
- http://boot2docker-ip-address:5601 to use Kibana 4.
This will create 4 Docker containers with Elasticsearch, Logstash, Kibana 3 and Kibana 4 running in them and connected to each other. Four ports are exposed for access:
- 5000: Logstash TCP input.
- 9200: Elasticsearch HTTP (With Marvel plugin accessible via http://localhost:9200/_plugin/marvel)
- 8080: Kibana 3 web interface.
- 5601: Kibana 4 web interface.