Elasticsearch + Docker Compose: Use Keystore - Demonstration

Introduction

Code on Github: Elasticsearch + Docker-Compose Keystore

We will setup Elasticsearch, Kibana, beats, and Logstash with Docker Compose.

This video assumes you already have a setup of Elaticesearch, Kibana, Beats, and Logstash without using a Container. If not then you can go here setup. And you should understand Elastic Agent, Fleet Server and APM TBD.

Requirements

• A new instance of Linux machine like Ubuntu 20.04 to act as the Server
• Docker and Docker-Compose Installed
• Docker containers from previous Docker + ELK video

Step 1 - Demonstration [02:55]

Build with the below docker compose command.

docker-compose up --build -d

Get the IP address of your server for it will be used as the url to the docker containers.

hostname -i

Visit Kibana page with http://<YOUR IP ADDRESS>:5601. Then login with the elastic username and password present at the .env file

username: elastic password: changeme

Kibana Login page

Go to Fleet > Settings. Run the ./get-cert-details.sh to determine your CA finger print and your CA. Populate the information as shown in this screenshot:

Fleet Server changes

then click on Save and apply settings, and then proceed to click on Save and deploy. Now go back to the Fleet > Agent and refresh the tab. You should see something similar to the image below, which indicates that Elastic Agent, AM and Fleet Server are up abd running.

Elastic Agent, APM, and Fleet Server Running Success

Step 2 - Confirm services are operational [07:28]

APM

To view the APM services go to Observability > APM > Services, and you should see something similar to the image below

APM Success

Metricbeat

Go to Observability > Overview, and scroll down to the host section. You should see a similar result as below to confirm that metricbeats container is publishing result to Kibana.

Metricbeat Success

Filebeat

Go to Observability > Discover, and click on create data view. You should fill in the details as shown in the image below:

Create Filebeat Data View

And click save. You will see something similar to the below image, which confirms that filebeat works successfully:

Filebeat Success

Logstash

Click on create data view. You should fill in the details as shown in the image below:

Create Logstash Data View

Confirm Services Remain Operational [14:33]

Got to your server terminal and run the below command to change the filebeat log file:

vi filebeat_ingest_data/test.log

and write in the text as shown in the image below, into the file:

Make changes to the log in test.log file for Filebeat

Do the same for Logstash with;

vi logstash_ingest_data/test.log

and write in the text as shown in the image below, into the file:

Make changes to the log in test.log file for Logstash

Go to Stack Management and confirm that all services are up and running.

All Services in Stack Management