./run.sh- The latest images of ELK-components (elasticsearch, logstash and kibana) will be downloaded from diabol docker-hub repo using the
docker pullcommand - One instance of each component will be started according to the
docker-compose.ymlfile - The logstash component will parse the demolog entrys found in the log file in
logstash/demologs - This behaviour can be overridden by editing the
command:-clause of the logstash service in thedocker-compose.ymlfile. - The
/opt/logstash/config/demo.confpart of thecommandindicates that the demo config file found in thelogstash/configdirectory is used - A file of your choosing can be used instead - You will most likely want to add a
volumefor your log files - The components can also be started with the
docker-compose upcommand (which is executed at the end ofrun.sh) - This will make the startup faster because no
docker pullwill be issued - Make sure to run the
run.shcommand if changes have been made to images
- Creating your own elk-stack images is totally possible by editing the
Dockerfilefiles and then build them with thedocker buildcommand, e.g.docker build -t local/myelastic .in the directory containing theDockerfile - There are number of reasons to create a your own images, these may include:
- To be able to always use the latest versions of elk-stack components released by elastic
- To be able to use another linux distribution of your liking
- You can also add other services in the
docker-compose.ymlfile - It can be useful to use a caching mechanism before parsing your log files with logstash
- Multiple logstash instances for different kinds of log files can be useful to keep the logstash config readable