Skip to content

Instantly share code, notes, and snippets.

@xandout

xandout/docker-compose.yml

Last active June 30, 2019 16:33
Show Gist options
  • Save xandout/5edd913b7c4f63c3d5b79e121c6461dd to your computer and use it in GitHub Desktop.
Save xandout/5edd913b7c4f63c3d5b79e121c6461dd to your computer and use it in GitHub Desktop.
Download ZIP
Docker, ELK, Syslog, Magic
Raw
docker-compose.yml
version: '2.4'
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.1.1
volumes:
- es-data:/usr/share/elasticsearch/data
environment:
- discovery.type=single-node
- cluster.name=docker-cluster
- "ES_JAVA_OPTS=-Xms2G -Xmx2G"
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
kibana:
image: docker.elastic.co/kibana/kibana:7.1.1
ports:
- 5601:5601
logstash:
image: docker.elastic.co/logstash/logstash:7.1.1
ports:
- 514:5140
volumes:
- ./logstash.conf:/usr/share/logstash/pipeline/logstash.conf:ro
env_file:
- ./.env
volumes:
es-data:
Raw
logstash.conf
input syslog {
port => 5140
tags => ["your", "tags", "here"]
}
filter {
# https://www.elastic.co/guide/en/logstash/current/filter-plugins.html
# I typically use grok to parse my messages, use include/exclude to include/exclude. date filter to parse dates and set the "@timestamp" key to use my log's timestamp not the ingest timestamp
}
output {
elasticsearch {
hosts => ["http://elasticsearch:9200"] #"elasticsearch" is the container name defined in compose and the hostname for that container inside the bridged network docker-compose created for you. docker network logstash
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment