BELK stack in docker to read logs from log directory with Filebeat, parse in Logstash, store in Elasticsearch and display in Kibana. Logs are from 23/Jul/2019 to 29/Jul/2019 (take a look on that to search in Kibana).
In some cases, it is need to set up the vm.max_map_count=262144 for Elasticsearch.
The example data are from the month of July 2019. The logs will be read from the ./logs/ directory.
Tested on docker 2.0.0.3
docker-compose up -dor stop and start environment
docker-compose stop
docker-compose up -dor delete and restart environment
docker-compose rm -fs
docker-compose up -ddocker-compose stopInstead of restart the application, just restart the container:
docker restart container_namecurl http://localhost:9200/All logs
docker-compose logs -fSingle container
docker logs -f container_namedocker exec -it container_name bash- Config for Elasticsearch, Logstash, Filebeat and Kibana: ../config/
- Logs to be read by Filebeat: ../logs/
- docker-compose.yml: the definition of BELK architecture