How to monitor own host

[ktorn]

Problem description

I have a Ubuntu 22.04.4 LTS host with some docker containers running, and tried to install docker-elk on the same host to monitor my containers. The installation went very smoothly (great job!), passwords changed, and containers restarted. However when going to the dashboard, and examining some of the default ones, like Syslog, all the panes are empty and show errors like Field host.hostname was not found. and Field @timestamp was not found.

Extra information

Stack configuration

git diff : only passwords have changed

Docker setup

$ docker version

docker version
Client:
 Version:           24.0.7
 API version:       1.43
 Go version:        go1.21.1
 Git commit:        24.0.7-0ubuntu2~22.04.1
 Built:             Wed Mar 13 20:23:54 2024
 OS/Arch:           linux/amd64
 Context:           default

Server:
 Engine:
  Version:          24.0.7
  API version:      1.43 (minimum version 1.12)
  Go version:       go1.21.1
  Git commit:       24.0.7-0ubuntu2~22.04.1
  Built:            Wed Mar 13 20:23:54 2024
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.7.12
  GitCommit:
 runc:
  Version:          1.1.12-0ubuntu2~22.04.1
  GitCommit:
 docker-init:
  Version:          0.19.0
  GitCommit:

$ docker compose version
Docker Compose version v2.29.1

Container logs

$  docker compose logs
...

Logs too long to post here. Created a gist

[antoineco]

To monitor the host you probably want to run docker-elk with the following 2 extensions enabled:

• https://github.com/deviantony/docker-elk/tree/main/extensions/metricbeat (metrics)
• https://github.com/deviantony/docker-elk/tree/main/extensions/filebeat (additional logs)

Pay attention to their respective README, both extensions require enabling additional users inside the .env file.

[antoineco]

Closing due to inactivity.