Docker is an excellent way to “knock up an idea”, demo it and hopefully bits will stick.

Here is an example of how to setup elk and docker.

The great is the knowledge out there to do a task and this really is a very simplified method to get going.

I will assume that you have docker installed. If not visit docker.com, download for your environment and run.

There is an excellent base container for ELK (Ref: here) and you can grab it by going to your command line and typing:

sudo docker pull sebp/elk

All being well in just a few minutes you will have the container ready for use.

I created a directory from my DockerProjects folder called elk and added a file to this directory:

filename = docker-compose.yml  (I’ll put some yml tips together one day)

elk:
image: sebp/elk
ports:
- "5601:5601"
- "9200:9200"
- "5044:5044"

Now from the command line:

docker-compose up elk

All being well you will have a running container on your local machine.

Use docker ps to find the id of the running container and you can “climb inside” to play and tweak.

docker ps

docker exec -it  /bin/bash

From here I added my logstash config for the rabbit demo I was doing…

After pumping logs into logstash from filebeat (or any method you wish)

go to http://localhost:5601 and have fun with Kibana.

Thanks: http://elk-docker.readthedocs.io/ for a great guide and a neat set of tips.