erichelgeson
commented
9 years ago Just had the same experience, new to the ELK stack so not sure where to get started.
Closed spuder closed 9 years ago
erichelgeson
commented
9 years ago Just had the same experience, new to the ELK stack so not sure where to get started.
vjm
commented
9 years ago +1
Any ideas on why logstash keeps exiting?
blacktop
commented
9 years ago Hi all! Sorry for the delay.
So I will start to debug the logstash and see what I can do. However, this was essentially an experiment for me and in practice you normally wouldn't want to run all your services in one container. It's great for demos though :wink:
So what you want is to use docker-compose and link a few Elasticsearch containers to an Kibana/Nginx to a logstash container and then use logstash-forwarder to send your logs to the ELK stack.
I am interested in making general purpose building blocks that can be easily combined and I am still trying to figure out the best way to do that.
Right now if you use the kibana4 branch or do a docker pull blacktop/elk:4 you can run it with:
$ docker run -it --name elk4 -p 80:80 -p 9200:9200 blacktop/elk:4 Then you can index directly to it with something like elasticsearch-py or something and see it in kibana.
Kibana 4 is very beautiful and very 'Splunk-like' however, you can't get passed the settings screen until it has an index to parse. Just FYI. So start it like I mentioned and then do something like:
https://elasticsearch-py.readthedocs.org/en/master/
from datetime import datetime
from elasticsearch import Elasticsearch
es = Elasticsearch(['http://<enter boot2docker ip or ip assigned to docker container here>'])
for i in range(10000):
doc = {
'author': 'kimchy',
'text': 'Elasticsearch: cool. bonsai cool.',
'timestamp': datetime.now()
}
res = es.index(index="test-index", doc_type='tweet', id=i, body=doc)
# print(res['created'])
res = es.get(index="test-index", doc_type='tweet', id=1)
print(res['_source'])
es.indices.refresh(index="test-index")
res = es.search(index="test-index", body={"query": {"match_all": {}}})
print("Got %d Hits:" % res['hits']['total'])
for hit in res['hits']['hits']:
print("%(timestamp)s %(author)s: %(text)s" % hit["_source"])Now navigate to the boot2docker ip or docker ip in a web browser. You will be prompted for a user/pass which defaults to user: admin, password: admin. Now enter * in the index field and select timestamp then you can go to the Discover tab and see those absolutely gorgeous logs!
Once you have the docker container up and running, you will get the following errors in the logs.
I assume that this is because a config file has not been made. It would be nice if the documentation explained how to add a config file to the volumes