Elasticsearch + Docker Compose: Part 1 - Elasticsearch, Kibana, Beats, Logstash

Introduction

Code on Github: Elasticsearch + Docker

We will setup Elasticsearch, Kibana, beats, and Logstash with Docker Compose.

This video assumes you already know how to setup Elaticesearch, Kibana, Beats, and Logstash without using a Container. If not then you can go here for Publicly Signed Certificates setup. If you want to use Self Signed Certificates, go here TBD.

Requirements

A new instance of Linux machine like Ubuntu 20.04 to act as the Server
Docker and Docker-Compose Installed

Step 1 - Get the Codes [02:15]

Initialize a new git repository.

git init; git remote add origin https://github.com/evermight/elastic-stack-docker-part-one.git; git fetch -a; git checkout main

List out all files in the directory.

ls -alh

Build with the below docker compose command.

docker-compose up --build -d

Get the IP address of your server for it will be used as the url to the docker containers.

hostname -i

Visit Kibana page with http://<YOUR IP ADDRESS>:5601. Then login with the elastic username and password present at the .env file

username: elastic password: changeme

alt text Kibana Login page

Step 2 - Confirm Metricbeat Success [06:50]

Go to Observability > Overview, and scroll down to the host section. You should see a similar result as below to confirm that metricbeats container is publishing result to Kibana.

alt text Metricbeat Success

Step 3 - Confirm Filebeat Success [07:03]

Go to Observability > Discover, and click on create data view. You should fill in the details as shown in the image below:

alt text Create Data View

And click save. You will see something similar to the below image, which confirms that filebeat works successfully:

alt text Filebeat Success

To add another log file for filebeat to ingest, follow the below steps:

cp /var/log/cron /filebeat_ingest_data/cron.log

Step 4 - Confirm Logstash Success [09:21]

Go to Stack Management > Index Management, and check if Logstash is available. If Logstash is not available you will see something similar to the image below:

alt text Logstash Presence confirmation

Got to your server terminal and run the below command:

cd logstash_ingest_data vi test.log

and write in the text as shown in the image below, into the file:

alt text Add a log into a test.log file for Logstash

Go to Stack Management > Index Management, and reload it. You should see something similar to the image below, which confirms that logstash has picked up the test.log file:

alt text Logstash Indices Created