Source Repository for Meetup 1/8/2018 - Any Elk, Happy Ops
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
docker
.gitignore
LICENSE
README.md

README.md

Angry ELK, Happy Ops

Source Repository for Meetup 1/8/2018 - Any Elk, Happy Ops

How to use

Compose

If you just wish to use the images and toy around with the stack on your own, you can use the build-all.sh script in the docker/images directory to build the images locally. Once built, you can use the docker-compose.yml file in the docker/compose directory to stand up the services locally.

Swarm

If you want to use the images in a (local) docker Swarm, you can use the setup-swarm.sh file in the docker/swarm directory to setup a local swarm

Assumptions

It is assumed that docker is logging via the json-file driver... This can be setup by applying the following setting to your daemon.json file (for singe instances). See the official documentation here: https://docs.docker.com/engine/admin/logging/overview/

{
 "log-driver": "json-file"
}

Images (As tagged by build.sh Scripts)

  • angry-elk/elasticsearch
  • angry-elk/logstash

Resources

Below you will find some general resource links that are helpful when standing up an ELK stack in Production. All links are assuming version 6.1 for Elastic.co products.

General

Elasticsearch

Logstash

Docker Swarm Testing

ELK Stack

Best Practices (Assuming Linux)

  • vm.max_map_count=262144
    • To Check: grep vm.max_map_count /etc/sysctl.conf
    • To Set (as root): sysctl -w vm.max_map_count=262144
      • Works on Mac and Linux

Shout-outs