docker commands¶
Bootstrap the host¶
sysctl -w vm.max_map_count=262144
Create an elasticsearch network¶
docker network create elastic
Start elasticsearch¶
docker run --name es01 --net elastic -p 9200:9200 -m 512m -e ES_JAVA_OPTS="-Xms512m -Xmx512m" -it elasticsearch:8.4.3
Start kibana¶
docker run --name kibana --net elastic -p 5601:5601 -m 256m -e ELASTICSEARCH_HOSTS="https://es01:9200" -e ENROLLMENT_TOKEN=blahblahblah -it kibana:8.4.3
logstash¶
This will use docker to run logstash. It will listen on port 5044. The settings directory will be available to logstash with the logstash.yml, pipelines.yml, etc. in it. The ro makes sure it’s read only, and the Z makes sure the SELinux context is correct (at least temporarily). Same thing for the pipeline (where the pipelines are stored, surprise!).
docker run --rm -it -p 5044:5044 -v ~/local/elk/settings/:/usr/share/logstash/config/:ro,Z -v ~/local/elk/pipeline/:/usr/share/logstash/pipeline/:ro,Z docker.elastic.co/logstash/logstash:8.12.1