docker commands

Bootstrap the host

sysctl -w vm.max_map_count=262144

Create a shared volume for generated certificates

docker volume create certs

Create an elasticsearch network

docker network create elastic

Start elasticsearch

docker run --name es01 --net elastic -p 9200:9200 -m 512m -e ES_JAVA_OPTS="-Xms512m -Xmx512m" -it elasticsearch:8.4.3

Start kibana

docker run --name kibana --net elastic -p 5601:5601 -m 256m -e ELASTICSEARCH_HOSTS="https://es01:9200" -e ENROLLMENT_TOKEN=blahblahblah -it kibana:8.4.3

logstash

This will use docker to run logstash. It will listen on port 5044. The settings directory will be available to logstash with the logstash.yml, pipelines.yml, etc. in it. The ro makes sure it’s read only, and the Z makes sure the SELinux context is correct (at least temporarily). Same thing for the pipeline (where the pipelines are stored, surprise!).

docker run --rm -it -p 5044:5044 -v ~/local/elk/settings/:/usr/share/logstash/config/:ro,Z -v ~/local/elk/pipeline/:/usr/share/logstash/pipeline/:ro,Z docker.elastic.co/logstash/logstash:8.12.1