Docker ELK Stack

Prerequisites

• Install the appropriate Docker application for your operating system.
• If you’re running on Linux, install Docker Compose.

  Make sure that Docker is allotted at least 4GB of memory. In Docker Desktop, you configure resource usage on the Advanced tab in Preferences (macOS) or Settings (Windows).

Prepare the environment

1. Clone this repository to your local machine.

Start your cluster with security enabled and configured

1. Create the .env file and enter strong password values for both the ELASTIC_PASSWORD and KIBANA_PASSWORD variables.

   You must use the ELASTIC_PASSWORD value for further interactions with the cluster. The KIBANA_PASSWORD value is only used internally when configuring Kibana.

2. Create and start the three-node Elasticsearch cluster and Kibana instance:

   docker-compose up -d

3. When the deployment has started, open a browser and navigate to http://localhost:5601 to access Kibana, where you can load sample data and interact with your cluster.

Stop and remove the deployment

To stop the cluster, run docker-compose down. The data in the Docker volumes is preserved and loaded when you restart the cluster with docker-compose up.

docker-compose down

To delete the network, containers, and volumes when you stop the cluster, specify the -v option:

docker-compose down -v

Test the deployment

1. Open the terminal on your computer. Run the following command to check the health of your cluster:

   curl --location 'http://localhost' \
   --header 'Content-Type: application/json' \
   --data '{
       "message": "Hello World!",
       "timestamp": "2023-06-11T22:32:03.762Z"
   }'

2. Go to Kibana's menu. Click on Management and then Stack Management.
3. Click on Kibana and then Data Views. Click on Create data view.
4. Type logstash-* in the Index pattern field and click on Save data view to Kibana.
5. Go back to Kibana's menu. Navigate to Analytics and then Discover.