Run the latest version of the ELK (Elasticseach, Logstash, Kibana) stack with Docker and Docker-compose.
It will give you the ability to analyze any data set by using the searching/aggregation capabilities of Elasticseach and the visualization power of Kibana.
My idea behind this fork is to have a cheap, and somewhat highly available monitoring solution that can be setdown anywhere with very little time configuring. This main branch will have monitoring only. I have another branch I am working on to add alerting but any alerts will need to customized to an environment so I am not including it in this branch.
Uses Docker images which support Raspberry Pi based on the official images:
- Install Docker on Raspberry Pi.
- Install Docker-compose on Raspberry Pi.
- Clone this repository on Raspberry Pi.
NOTE: Give a try to HypriotOS if you want to easily install Docker on your Raspberry Pi.
Start the ELK stack using docker-compose in your Raspberry Pi:
$ docker-compose upYou can also choose to run it in background (detached mode):
$ docker-compose up -dOr it can be run in swarm mode possibly with a load balancer in front of the swarm:
$ docker-stack deploy -c docker-compose.yml elkNow that the stack is running, you'll want to inject logs in it. The shipped logstash configuration allows you to send content via tcp:
$ nc localhost 5000 < /path/to/logfile.logAnd then access Kibana UI by hitting http://raspberry-pi-ip:5601 with a web browser.
NOTE: You'll need to inject data into logstash before being able to create a logstash index in Kibana. Then all you should have to do is to hit the create button.
See: https://www.elastic.co/guide/en/kibana/current/setup.html#connect
You can also access:
By default, the stack exposes the following ports:
- 5000: Logstash TCP input.
- 9200: Elasticsearch HTTP
- 9300: Elasticsearch TCP transport
- 5601: Kibana
You can get more information about how to configure ELK stack in the original Docker ELK stack repository.
NOTE: Configuration is not dynamically reloaded, you will need to restart the stack after any change in the configuration of a component.
Tested on Raspberry Pi 2
Additional:
I have compiled and added filebeat for RPI so that you can test/monitor your RPI hosts