The ELK stack powered by Docker – Updated !

Hola,

In a previous post, I’ve introduced the ELK stack powered by Docker & Fig (see the ELK stack powered by Docker).

I’ve recently decided to update the project to replace the usage of fig with compose and to replace all my custom images with the latest official images !

It is now based on the following Docker images available on Dockerhub:

01/11/2015 : Project updated !

As the project is based on the latest Docker images versions, it means Elasticsearch 2.x, Logstash 2.x and Kibana 4.2.x ! Feel free to discover the new features of these releases (have a look here: https://www.elastic.co/blog/release-we-have).

Note: For the nostalgic folks, you can still access the 1.x version (Elasticsearch 1.x, Logstash 1.x and Kibana 4.1.x) on the 1.x branch ! Here it is: https://github.com/deviantony/docker-elk/tree/1.x

Usage

Pre-requisites

You’ll need Docker and Docker Compose.

The following installation procedures have been tested on Ubuntu 14.04.

Docker installation

Use the following command to install Docker:

$ curl -sSL https://get.docker.com/ubuntu/ | sudo sh

Docker Compose installation

Follow the procedure available at https://docs.docker.com/compose/install/ to install the latest version of Docker Compose.

Use the stack

First, you’ll need to checkout the git repository:

$ git clone https://github.com/deviantony/docker-elk.git

By default, the stack is shipped with a simple Logstash configuration, it will listen for any TCP input on port 5000.

Then start the stack using Compose:

$ cd docker-elk
$ docker-compose up

Compose will start a container for each service of the ELK stack and output their logs.

If you’re still using the default input configuration for Logstash, you can inject some data into Elasticsearch from a file:

$ nc localhost 5000 < /some/log/file.log

Then you can check the results in Kibana by hitting the following URL in your browser: http://localhost:5601

Enjoy 🙂

Advertisements

17 thoughts on “The ELK stack powered by Docker – Updated !

  1. thanks for writing this blog. I get this error on docker-compose up:



    Status: Downloaded newer image for elasticsearch:latest
    —> 6497ea6759c8
    Step 1 : RUN plugin -i elasticsearch/marvel/latest
    —> Running in 3f9080db5596
    ERROR: unknown command [-i]. Use [-h] option to list available commands
    Service ‘elasticsearch’ failed to build: The command ‘/bin/sh -c plugin -i elasticsearch/marvel/latest’ returned a non-zero code: 64

    Any suggestions appreciated.

    -Sundar

    1. Yeah, it’s actually using the latest versions of the containers (Elasticsearch 2.0, Logstash 2.0) and the actual Dockerfiles are not compatibles. I’ll work on it to create a 2.x and 1.x version.

  2. Thanks! This is great. Helped me a lot in understanding the ELK stack.

    The only thing that didn’t work for me was Marvel. It appears to be no longer included, since I’m getting a 404 error:
    {“statusCode”:404,”error”:”Not Found”,”message”:”Unknown app marvel”}

  3. Just tried this and it seemed to work fine, but then I wanted to start over and know I’m met with “Service ‘kibana’ needs to be built, but –no-build was passed.” when running docker-compose up…
    So can get the ELK up and running

    1. I will have a look at it in the next few days. Did not checked if it was still working with the new versions of docker/compose. Could you open an issue on the github project? Cheers

  4. Hi,

    Please explain how the elastic search indices are persistent even after the containers are stopped and restarted .The docker image for elasticsearch did not have any persistent volume mounted for this purpose so I understand that indices are stored somewhere else.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s