ELK with Filebeat by Docker-compose - Simple & Easy way to file logging
- mylog -> filebeat -> logstash -> elasticsearch <- kibana
- Docker & Docker-compose install (Ubuntu)
# Docker install
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
sudo usermod -aG docker $(whoami)
# Docker-compose install
sudo apt-get install docker-compose
- Git clone this repository
git clone https://github.com/gnokoheat/elk-with-filebeat-by-docker-compose
cd elk-with-filebeat-by-docker-compose/
- Set to making your log file into 'mylog' folder and change log index template.
- Filebeat can auto-detect to *.log file was made, updated and push it to logstash.
- Change your log index file of "logstash.template.json".
- Docker-compose up command
docker-compose up -d
- logstash.template.json : Change it to your log index
# Make your own log index
{
...
"mappings": {
"properties": {
"name": {
"type": "keyword"
},
"class": {
"type": "keyword"
},
"state": {
"type": "integer"
},
"@timestamp": {
"type": "date"
}
}
}
}
- logstash.conf
# Change 'timestamp' to your log custom timestamp key
filter {
...
date{
match => ["timestamp", "UNIX_MS"]
target => "@timestamp"
}
}
# Change 'time.localtime' to your location time
filter {
...
ruby {
code => "event.set('indexDay', event.get('[@timestamp]').time.localtime('+09:00').strftime('%Y%m%d'))"
}
}