A Containerized setup for ELK Stack. This repo includes a dockerized setup for ELK stack and also include a nginx server which creates logs that can be used as seed logs or data for your ELK stack setup.
Feel free to modify the logstash or filebeat to include different set of logs from your hosts. You can also setup filebeat on remote hosts from where you are planning to send logs to Elasticsearch.
These instructions will get you a copy of the project up and running on your local machine for development and testing purposes.
What things you need to install the software and how to install them:
git clone [email protected]:ananthkamath/elk-docker.git && cd elk-docker
If you want to make changes to logstash or filebeat config, update the required configs in ./logstash or ./filebeat.
docker-compose up -d
Kibana dashboard will be accessible at localhost:5601
To view the index you setup via logstash and filebeat in elasticsearch in Kibana Index Management
If you are not seeing the index yet, visit Nginx Page few times or create logs via the application on you remote host machine.
Once you have created the index visit discover page
Use packer to build AWS AMI to be used by terraform to deploy on spot instances
cd packer
packer init .
packer fmt .
packer build elk-docker-ami.pkr.hcl
Use terraform script to spin up ELK Docker on AWS spot instance in default VPC. Feel free to update the terraform config accordingly
cd terraform
terraform init
terraform fmt
terraform validate
terraform plan -out=tfplan
terraform apply