Detailed explanation of using Docker to quickly deploy the ELK environment (latest version 5.5.1)

After installing Docker on the Linux server, Pull the relevant official Docker image:

docker pull docker.elastic.co/elasticsearch/elasticsearch:5.5.1
docker pull docker.elastic.co/kibana/kibana:5.5.1
docker pull docker.elastic.co/logstash/logstash:5.5.1

Start the Elastic Search container:

docker run -p 9200:9200 -e "http.host=0.0.0.0" -e "transport.host=127.0.0.1" \
--name my-elastic -d docker.elastic.co/elasticsearch/elasticsearch:5.5.1

Start the Kibana container:

docker run -p 5601:5601 -e "ELASTICSEARCH_URL=http://localhost:9200" --name my-kibana \
--network host -d docker.elastic.co/kibana/kibana:5.5.1

Create logstash/logstash.yml and configure xpack to monitor logstash:

http.host: "0.0.0.0"
path.config: /usr/share/logstash/pipeline
xpack.monitoring.elasticsearch.url: http://localhost:9200
xpack.monitoring.elasticsearch.username: elastic
xpack.monitoring.elasticsearch.password: changeme

Create logstash/conf.d/logstash.conf and configure the input and output of logstash:

input {
 file {
  path => "/tmp/access_log"
  start_position => "beginning"
 }
}
output {
 elasticsearch
  hosts => ["localhost:9200"]
  user => "elastic"
  password => "changeme"
 }
}

Start the Logstash container:

docker run -v /home/ubuntu/logstash/conf.d:/usr/share/logstash/pipeline/:ro -v /tmp:/tmp:ro \
-v /home/ubuntu/logstash/logstash.yml:/usr/share/logstash/config/logstash.yml:ro --name my-logstash \
--network host -d docker.elastic.co/logstash/logstash:5.5.1

Test it and add two lines of information to /tmp/access.log:

echo "Hello World!" >> /tmp/access_log
echo "Hello ELK!" >> /tmp/access_log

Open the kibana link http://yourhost:5601 and log in using the username/password: elastic/changeme. On the "Configure an index pattern" page, click the Create button. Click the Monitor menu to view the status of the ELK node

Kibana Monitor

Click the Discover menu in Kibana to see the relevant log information:

Kibana Discover

Deploy using Elastic Search cluster

Elastic officially provides a method to start the Elastic Search cluster with docker-compose. First, install docker-compose

curl -L https://github.com/docker/compose/releases/download/1.15.0/docker-compose-Linux-x86_64 \
> /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
docker-compose --version

Create an elasticsearch/docker-compose.yml file:

version: '2'
services:
 elasticsearch1:
  image: docker.elastic.co/elasticsearch/elasticsearch:5.5.1
  container_name: elasticsearch1
  environment:
   - cluster.name=docker-cluster
   - bootstrap.memory_lock=true
   - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
  ulimits:
   memlock:
    soft: -1
    hard: -1
  mem_limit: 1g
  volumes:
   - esdata1:/usr/share/elasticsearch/data
  ports:
   - 9200:9200
  networks:
   -esnet
 elasticsearch2:
  image: docker.elastic.co/elasticsearch/elasticsearch:5.5.1
  environment:
   - cluster.name=docker-cluster
   - bootstrap.memory_lock=true
   - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
   - "discovery.zen.ping.unicast.hosts=elasticsearch1"
  ulimits:
   memlock:
    soft: -1
    hard: -1
  mem_limit: 1g
  volumes:
   - esdata2:/usr/share/elasticsearch/data
  networks:
   -esnet

volumes:
 esdata1:
  driver: local
 esdata2:
  driver: local

networks:
 esnet:

Append a line to the /etc/sysctl.conf file

vm.max_map_count = 262144

Execute the command to apply the changes:

sudo sysctl -p

Execute the following command in the directory where docker-compose.yml is located to start the elastic search cluster:

docker stop my-elastic && docker rm my-elastic
docker-compose up &

In the Monitor menu in Kibana, you can see that the Elastic Search cluster is working properly:

Elastic Cluster

Change the default password

The default account password for Elastic Docker Images is elastic/changeme. Using the default password is unsafe. Suppose you want to change the password to elastic0. Execute the command on the server where Docker is located to change the password of user elastic:

curl -XPUT -u elastic 'localhost:9200/_xpack/security/user/elastic/_password' -H "Content-Type: application/json" \
-d '{
 "password" : "elastic0"
}'

Set the password and restart Kibana:

docker stop my-kibana && docker rm my-kibana
docker run -p 5601:5601 -e "ELASTICSEARCH_URL=http://localhost:9200" -e "ELASTICSEARCH_PASSWORD=elastic0" \
--name my-kibana --network host -d docker.elastic.co/kibana/kibana:5.5.1

Modify the passwords in logstash/logstash.yml and logstash/conf.d/logstash.conf, and then restart the logstash service

docker restart my-logstash

Test it and add two lines of information to /tmp/access.log:

echo "Hello World!" >> /tmp/access_log
echo "Hello ELK!" >> /tmp/access_log

Open the kibana link http://yourhost:5601 and log in using username/password: elastic/elastic0. On the "Configure an index pattern" page, click the Create button. Click the Monitor menu to view the status of the ELK node. The default password has been changed successfully.

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.

You may also be interested in:

Sample code for deploying ELK using Docker-compose
Detailed explanation of how to use Docker to quickly deploy the ELK environment (latest version 5.5.1)

<<: js realizes packaging multiple pictures into zip

>>: How to install mysql via yum on centos7