ssplatt · September 9, 2020 21:18
diff --git a/elk.json b/elk.json
 {
   "ID": "",
   "Name": "ELK Stack",
   "Description": "Elasticsearch, Logstash, and Kibana",
   "ConfigFiles": null,
   "Services": [
     {
       "Name": "ELK Stack",
       "Command": "",
       "Description": "Elasticsearch, Logstash, and Kibana",
       "Tags": null,
       "ImageID": "",
       "Instances": {
         "Min": 0,
         "Max": 0
       },
       "ChangeOptions": null,
       "Launch": "auto",
       "HostPolicy": "",
       "Hostname": "",
       "Privileged": false,
       "ConfigFiles": {},
       "Context": null,
       "Endpoints": null,
       "Services": [
        {
            "Title": "elasticsearch-cluster",
            "Description": "Elasticsearch Service",
            "RAMCommitment": "1G",
            "CPUCommitment": 1,
            "Launch": "auto",
            "Name": "Elasticsearch",
            "Version": "1.5.2",
            "Command": "/usr/local/elasticsearch/bin/elasticsearch",
            "ConfigFiles": {
                "/usr/local/elasticsearch/config/elasticsearch.yml": {
                    "FileName": "/usr/local/elasticsearch/config/elasticsearch.yml",
                    "Owner": "root:root",
                    "Permissions": "0664",
                    "Content": "http.port: 9201"
                },
                "/usr/local/elasticsearch/config/logging.yml": {
                    "FileName": "/usr/local/elasticsearch/config/logging.yml",
                    "Owner": "root:root",
                    "Permissions": "0664",
                    "Content": "es.logger.level: INFO\nrootLogger: ${es.logger.level}, console, file\nlogger:\n  action: DEBUG\n  com.amazonaws: WARN\n  index.search.slowlog: TRACE, index_search_slow_log_file\n  index.indexing.slowlog: TRACE, index_indexing_slow_log_file\nadditivity:\n  index.search.slowlog: false\n  index.indexing.slowlog: false\nappender:\n  console:\n    type: console\n    layout:\n      type: consolePattern\n      conversionPattern: \"[%d{ISO8601}][%-5p][%-25c] %m%n\"\n  file:\n    type: dailyRollingFile\n    file: ${path.logs}/${cluster.name}.log\n    datePattern: \"'.'yyyy-MM-dd\"\n    layout:\n      type: pattern\n      conversionPattern: \"[%d{ISO8601}][%-5p][%-25c] %m%n\"\n  index_search_slow_log_file:\n    type: dailyRollingFile\n    file: ${path.logs}/${cluster.name}_index_search_slowlog.log\n    datePattern: \"'.'yyyy-MM-dd\"\n    layout:\n      type: pattern\n      conversionPattern: \"[%d{ISO8601}][%-5p][%-25c] %m%n\"\n  index_indexing_slow_log_file:\n    type: dailyRollingFile\n    file: ${path.logs}/${cluster.name}_index_indexing_slowlog.log\n    datePattern: \"'.'yyyy-MM-dd\"\n    layout:\n      type: pattern\n      conversionPattern: \"[%d{ISO8601}][%-5p][%-25c] %m%n\"\n"
                }
            },
            "Endpoints": [
                {
                    "Name": "elasticsearch",
                    "Application": "elasticsearch",
                    "PortNumber": 9201,
                    "Protocol": "tcp",
                    "Purpose": "export",
                    "Vhosts": ["elasticsearch"],
                    "AddressConfig": {
                      "Port": 9201,
                      "Protocol": "tcp"
                    }
                },
                {
                    "Name": "elasticsearch-peer",
                    "Application": "elasticsearch-transport",
                    "PortNumber": 9300,
                    "Protocol": "tcp",
                    "Purpose": "export"
                },
                {
                    "Name": "elasticsearch-peers",
                    "Application": "elasticsearch-node",
                    "PortNumber": 9301,
                    "Protocol": "tcp",
                    "Purpose": "import_all"
                }
            ],
            "HealthChecks": {
                "cluster_health": {
                    "Script": "curl -s -XGET 'http://localhost:9201/_cluster/health?pretty=true' | jq '.status' | grep -q green",
                    "Interval": 10.0
                }
            },
            "ImageID": "ssplatt/elasticsearch:1.5.2",
            "Instances": {
                "min": 1,
                "default": 1
            },
            "Volumes": [
                {
                    "#####":         "drwxr-xr-x 3 root root 4.0K Feb  2 03:19 /var/data/elasticsearch",
                    "Owner":         "root:root",
                    "Permission":    "0755",
                    "ResourcePath":  "elasticsearch-cluster",
                    "ContainerPath": "/var/data/elasticsearch"
                }
            ]
        },
         {
           "Name": "Logstash",
           "Version": "1.5.0",
           "Command": "/opt/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf -l /var/log/logstash/logstash.log",
           "Description": "logstash agent",
           "Tags": [ "daemon" ],
           "ImageID": "logstash:1.5.0",
           "Instances": {
             "Min": 1,
             "Max": 0
           },
           "ChangeOptions": null,
           "Launch": "auto",
           "HostPolicy": "",
           "Hostname": "",
           "Privileged": false,
           "ConfigFiles": {
             "/etc/logstash/conf.d/logstash.conf": {
               "Filename": "/etc/logstash/conf.d/logstash.conf",
               "Owner": "root:root",
               "Permissions": "0644",
               "Content": "input {\n        tcp {\n                port => 5140\n                type => syslog\n        }\n}\n\nfilter {\n        grok {\n                match => [ 'message', '%{SYSLOGLINE}' ]\n                add_field => [ 'received_at', '%{@timestamp}' ]\n                add_field => [ 'received_from', '%{host}' ]\n        }\n        syslog_pri { }\n        date {\n                match => [ 'timestamp', 'MMM  d HH:mm:ss', 'MMM dd HH:mm:ss', 'ISO8601' ]\n        }\n        geoip {\n                add_tag => [ 'geoip' ]\n                source => 'clientip'\n        }\n}\n\noutput {\n        elasticsearch { host => 'localhost' protocol => 'http' port => '9201' }\n}"
             }
           },
           "Context": null,
           "Endpoints": [
             {
               "Name": "logstash",
               "Purpose": "export",
               "Protocol": "tcp",
               "PortNumber": 5140,
               "PortTemplate": "",
               "VirtualAddress": "",
               "Application": "logstash",
               "AddressConfig": {
                 "Port": 5140,
                 "Protocol": "tcp"
               },
               "VHosts": [ "logstash" ]
             }
           ],
           "Services": [],
           "Tasks": null,
           "LogFilters": null,
           "Volumes": null,
           "LogConfigs": [
             {
               "Path": "/var/log/logstash/logstash.log",
               "Type": "system",
               "Filters": null,
               "LogTags": null
             }
           ],
           "Snapshot": {
             "Pause": "",
             "Resume": ""
           },
           "RAMCommitment": "1G",
           "CPUCommitment": 1,
           "Runs": null,
           "Actions": null,
           "HealthChecks": {
             "running": {
               "Script": "ps -ef | grep [l]ogstash",
               "Interval": 20
             }
           },
           "Prereqs": null,
           "MonitoringProfile": {
             "MetricConfigs": null,
             "GraphConfigs": null,
             "ThresholdConfigs": null
           },
           "MemoryLimit": 0,
           "CPUShares": 0,
           "PIDFile": ""
         },
 		 {
           "Name": "Kibana",
           "Version": "4.0.2",
           "Command": "/app/bin/kibana",
           "Description": "kibana app",
           "Tags": [
             "daemon"
           ],
           "ImageID": "ssplatt/kibana:4.0.2",
           "Instances": {
             "Min": 1,
             "Max": 0
           },
           "ChangeOptions": null,
           "Launch": "auto",
           "HostPolicy": "",
           "Hostname": "",
           "Privileged": false,
           "ConfigFiles": {
             "/app/config/kibana.yml": {
               "Filename": "/app/config/kibana.yml",
               "Owner": "root:root",
               "Permissions": "0644",
               "Content": "port: 5601\nhost: '0.0.0.0'\nelasticsearch_url: 'http://localhost:9201'\nelasticsearch_preserve_host: true\nkibana_index: '.kibana'\n# kibana_elasticsearch_username: user\n# kibana_elasticsearch_password: pass\n# kibana_elasticsearch_client_crt: /path/to/your/client.crt\n# kibana_elasticsearch_client_key: /path/to/your/client.key\n# ca: /path/to/your/CA.pem\ndefault_app_id: 'discover'\nrequest_timeout: 300000\nshard_timeout: 0\nverify_ssl: false\n# ssl_key_file: /path/to/your/server.key\n# ssl_cert_file: /path/to/your/server.crt\npid_file: /var/run/kibana.pid\nbundled_plugin_ids:\n - plugins/dashboard/index\n - plugins/discover/index\n - plugins/doc/index\n - plugins/kibana/index\n - plugins/markdown_vis/index\n - plugins/metric_vis/index\n - plugins/settings/index\n - plugins/table_vis/index\n - plugins/vis_types/index\n - plugins/visualize/index"
             }
           },
           "Context": null,
           "Endpoints": [
             {
               "Name": "kibana",
               "Purpose": "export",
               "Protocol": "tcp",
               "PortNumber": 5601,
               "PortTemplate": "",
               "VirtualAddress": "",
               "Application": "kibana",
               "VHosts": [ "kibana"	]
             }
           ],
           "Services": [],
           "Tasks": null,
           "LogFilters": null,
           "Volumes": null,
           "LogConfigs": null,
           "Snapshot": {
             "Pause": "",
             "Resume": ""
           },
           "RAMCommitment": "1G",
           "CPUCommitment": 1,
           "Runs": null,
           "Actions": null,
           "HealthChecks": {
             "http response": {
               "Script": "curl -s -XGET -w '%{http_code}' 'http://localhost:5601' -o /dev/null | grep -q 200",
               "Interval": 10
             }
           },
           "Prereqs": null,
           "MonitoringProfile": {
             "MetricConfigs": null,
             "GraphConfigs": null,
             "ThresholdConfigs": null
           },
           "MemoryLimit": 0,
           "CPUShares": 0,
           "PIDFile": "/var/run/kibana.pid"
         }
       ],
       "Tasks": null,
       "LogFilters": null,
       "Volumes": null,
       "LogConfigs": null,
       "Snapshot": {
         "Pause": "",
         "Resume": ""
       },
       "RAMCommitment": "1G",
       "CPUCommitment": 3,
       "Runs": null,
       "Actions": null,
       "HealthChecks": null,
       "Prereqs": null,
       "MonitoringProfile": {
         "MetricConfigs": null,
         "GraphConfigs": null,
         "ThresholdConfigs": null
       },
       "MemoryLimit": 0,
       "CPUShares": 0,
       "PIDFile": ""
     }
   ]
 }
	{
	"ID": "",
	"Name": "ELK Stack",
	"Description": "Elasticsearch, Logstash, and Kibana",
	"ConfigFiles": null,
	"Services": [
	{
	"Name": "ELK Stack",
	"Command": "",
	"Description": "Elasticsearch, Logstash, and Kibana",
	"Tags": null,
	"ImageID": "",
	"Instances": {
	"Min": 0,
	"Max": 0
	},
	"ChangeOptions": null,
	"Launch": "auto",
	"HostPolicy": "",
	"Hostname": "",
	"Privileged": false,
	"ConfigFiles": {},
	"Context": null,
	"Endpoints": null,
	"Services": [
	{
	"Title": "elasticsearch-cluster",
	"Description": "Elasticsearch Service",
	"RAMCommitment": "1G",
	"CPUCommitment": 1,
	"Launch": "auto",
	"Name": "Elasticsearch",
	"Version": "1.5.2",
	"Command": "/usr/local/elasticsearch/bin/elasticsearch",
	"ConfigFiles": {
	"/usr/local/elasticsearch/config/elasticsearch.yml": {
	"FileName": "/usr/local/elasticsearch/config/elasticsearch.yml",
	"Owner": "root:root",
	"Permissions": "0664",
	"Content": "http.port: 9201"
	},
	"/usr/local/elasticsearch/config/logging.yml": {
	"FileName": "/usr/local/elasticsearch/config/logging.yml",
	"Owner": "root:root",
	"Permissions": "0664",
	"Content": "es.logger.level: INFO\nrootLogger: ${es.logger.level}, console, file\nlogger:\n action: DEBUG\n com.amazonaws: WARN\n index.search.slowlog: TRACE, index_search_slow_log_file\n index.indexing.slowlog: TRACE, index_indexing_slow_log_file\nadditivity:\n index.search.slowlog: false\n index.indexing.slowlog: false\nappender:\n console:\n type: console\n layout:\n type: consolePattern\n conversionPattern: \"[%d{ISO8601}][%-5p][%-25c] %m%n\"\n file:\n type: dailyRollingFile\n file: ${path.logs}/${cluster.name}.log\n datePattern: \"'.'yyyy-MM-dd\"\n layout:\n type: pattern\n conversionPattern: \"[%d{ISO8601}][%-5p][%-25c] %m%n\"\n index_search_slow_log_file:\n type: dailyRollingFile\n file: ${path.logs}/${cluster.name}_index_search_slowlog.log\n datePattern: \"'.'yyyy-MM-dd\"\n layout:\n type: pattern\n conversionPattern: \"[%d{ISO8601}][%-5p][%-25c] %m%n\"\n index_indexing_slow_log_file:\n type: dailyRollingFile\n file: ${path.logs}/${cluster.name}_index_indexing_slowlog.log\n datePattern: \"'.'yyyy-MM-dd\"\n layout:\n type: pattern\n conversionPattern: \"[%d{ISO8601}][%-5p][%-25c] %m%n\"\n"
	}
	},
	"Endpoints": [
	{
	"Name": "elasticsearch",
	"Application": "elasticsearch",
	"PortNumber": 9201,
	"Protocol": "tcp",
	"Purpose": "export",
	"Vhosts": ["elasticsearch"],
	"AddressConfig": {
	"Port": 9201,
	"Protocol": "tcp"
	}
	},
	{
	"Name": "elasticsearch-peer",
	"Application": "elasticsearch-transport",
	"PortNumber": 9300,
	"Protocol": "tcp",
	"Purpose": "export"
	},
	{
	"Name": "elasticsearch-peers",
	"Application": "elasticsearch-node",
	"PortNumber": 9301,
	"Protocol": "tcp",
	"Purpose": "import_all"
	}
	],
	"HealthChecks": {
	"cluster_health": {
	"Script": "curl -s -XGET 'http://localhost:9201/_cluster/health?pretty=true' \| jq '.status' \| grep -q green",
	"Interval": 10.0
	}
	},
	"ImageID": "ssplatt/elasticsearch:1.5.2",
	"Instances": {
	"min": 1,
	"default": 1
	},
	"Volumes": [
	{
	"#####": "drwxr-xr-x 3 root root 4.0K Feb 2 03:19 /var/data/elasticsearch",
	"Owner": "root:root",
	"Permission": "0755",
	"ResourcePath": "elasticsearch-cluster",
	"ContainerPath": "/var/data/elasticsearch"
	}
	]
	},
	{
	"Name": "Logstash",
	"Version": "1.5.0",
	"Command": "/opt/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf -l /var/log/logstash/logstash.log",
	"Description": "logstash agent",
	"Tags": [ "daemon" ],
	"ImageID": "logstash:1.5.0",
	"Instances": {
	"Min": 1,
	"Max": 0
	},
	"ChangeOptions": null,
	"Launch": "auto",
	"HostPolicy": "",
	"Hostname": "",
	"Privileged": false,
	"ConfigFiles": {
	"/etc/logstash/conf.d/logstash.conf": {
	"Filename": "/etc/logstash/conf.d/logstash.conf",
	"Owner": "root:root",
	"Permissions": "0644",
	"Content": "input {\n tcp {\n port => 5140\n type => syslog\n }\n}\n\nfilter {\n grok {\n match => [ 'message', '%{SYSLOGLINE}' ]\n add_field => [ 'received_at', '%{@timestamp}' ]\n add_field => [ 'received_from', '%{host}' ]\n }\n syslog_pri { }\n date {\n match => [ 'timestamp', 'MMM d HH:mm:ss', 'MMM dd HH:mm:ss', 'ISO8601' ]\n }\n geoip {\n add_tag => [ 'geoip' ]\n source => 'clientip'\n }\n}\n\noutput {\n elasticsearch { host => 'localhost' protocol => 'http' port => '9201' }\n}"
	}
	},
	"Context": null,
	"Endpoints": [
	{
	"Name": "logstash",
	"Purpose": "export",
	"Protocol": "tcp",
	"PortNumber": 5140,
	"PortTemplate": "",
	"VirtualAddress": "",
	"Application": "logstash",
	"AddressConfig": {
	"Port": 5140,
	"Protocol": "tcp"
	},
	"VHosts": [ "logstash" ]
	}
	],
	"Services": [],
	"Tasks": null,
	"LogFilters": null,
	"Volumes": null,
	"LogConfigs": [
	{
	"Path": "/var/log/logstash/logstash.log",
	"Type": "system",
	"Filters": null,
	"LogTags": null
	}
	],
	"Snapshot": {
	"Pause": "",
	"Resume": ""
	},
	"RAMCommitment": "1G",
	"CPUCommitment": 1,
	"Runs": null,
	"Actions": null,
	"HealthChecks": {
	"running": {
	"Script": "ps -ef \| grep [l]ogstash",
	"Interval": 20
	}
	},
	"Prereqs": null,
	"MonitoringProfile": {
	"MetricConfigs": null,
	"GraphConfigs": null,
	"ThresholdConfigs": null
	},
	"MemoryLimit": 0,
	"CPUShares": 0,
	"PIDFile": ""
	},
	{
	"Name": "Kibana",
	"Version": "4.0.2",
	"Command": "/app/bin/kibana",
	"Description": "kibana app",
	"Tags": [
	"daemon"
	],
	"ImageID": "ssplatt/kibana:4.0.2",
	"Instances": {
	"Min": 1,
	"Max": 0
	},
	"ChangeOptions": null,
	"Launch": "auto",
	"HostPolicy": "",
	"Hostname": "",
	"Privileged": false,
	"ConfigFiles": {
	"/app/config/kibana.yml": {
	"Filename": "/app/config/kibana.yml",
	"Owner": "root:root",
	"Permissions": "0644",
	"Content": "port: 5601\nhost: '0.0.0.0'\nelasticsearch_url: 'http://localhost:9201'\nelasticsearch_preserve_host: true\nkibana_index: '.kibana'\n# kibana_elasticsearch_username: user\n# kibana_elasticsearch_password: pass\n# kibana_elasticsearch_client_crt: /path/to/your/client.crt\n# kibana_elasticsearch_client_key: /path/to/your/client.key\n# ca: /path/to/your/CA.pem\ndefault_app_id: 'discover'\nrequest_timeout: 300000\nshard_timeout: 0\nverify_ssl: false\n# ssl_key_file: /path/to/your/server.key\n# ssl_cert_file: /path/to/your/server.crt\npid_file: /var/run/kibana.pid\nbundled_plugin_ids:\n - plugins/dashboard/index\n - plugins/discover/index\n - plugins/doc/index\n - plugins/kibana/index\n - plugins/markdown_vis/index\n - plugins/metric_vis/index\n - plugins/settings/index\n - plugins/table_vis/index\n - plugins/vis_types/index\n - plugins/visualize/index"
	}
	},
	"Context": null,
	"Endpoints": [
	{
	"Name": "kibana",
	"Purpose": "export",
	"Protocol": "tcp",
	"PortNumber": 5601,
	"PortTemplate": "",
	"VirtualAddress": "",
	"Application": "kibana",
	"VHosts": [ "kibana" ]
	}
	],
	"Services": [],
	"Tasks": null,
	"LogFilters": null,
	"Volumes": null,
	"LogConfigs": null,
	"Snapshot": {
	"Pause": "",
	"Resume": ""
	},
	"RAMCommitment": "1G",
	"CPUCommitment": 1,
	"Runs": null,
	"Actions": null,
	"HealthChecks": {
	"http response": {
	"Script": "curl -s -XGET -w '%{http_code}' 'http://localhost:5601' -o /dev/null \| grep -q 200",
	"Interval": 10
	}
	},
	"Prereqs": null,
	"MonitoringProfile": {
	"MetricConfigs": null,
	"GraphConfigs": null,
	"ThresholdConfigs": null
	},
	"MemoryLimit": 0,
	"CPUShares": 0,
	"PIDFile": "/var/run/kibana.pid"
	}
	],
	"Tasks": null,
	"LogFilters": null,
	"Volumes": null,
	"LogConfigs": null,
	"Snapshot": {
	"Pause": "",
	"Resume": ""
	},
	"RAMCommitment": "1G",
	"CPUCommitment": 3,
	"Runs": null,
	"Actions": null,
	"HealthChecks": null,
	"Prereqs": null,
	"MonitoringProfile": {
	"MetricConfigs": null,
	"GraphConfigs": null,
	"ThresholdConfigs": null
	},
	"MemoryLimit": 0,
	"CPUShares": 0,
	"PIDFile": ""
	}
	]
	}