a docker-compose project to run a full elk stack including cribl/LogStream.
Created this docker-compose project for my own usecase to test and evaluate elk with cribl. Feel free to use for your own purpose.
docker-compose up -d --build
after building and all containers are up and running, the services are available on your local machine
- Kibana: http://localhost:5601
- Elasticsearch: http://localhost:9200
- Cribl/LogStream: http://localhost:19000
- Login to cribl with admin:admin and enable the in_elastic source on port 10080 and add (or generate) the authentication token based on the filebeat.yml configuration file.
- Setup a destination to elasticsearch
- Change the main pipeline to your created elasticsearch (not to devnull as it was preset)
- Login to Kibana to create an index pattern named "filebeat-*"
and you should be good to go! for more information see the documentation: https://docs.cribl.io/docs/sources-elastic
There are two addition container images running
- nginx (to generate logfiles)
- fakelogs (generates Logfile every 2 seconds) --> see docker hub for more information: https://hub.docker.com/r/mingrammer/flog
Filebeat is running as a own container to collect logging date, the volume is mounted to <path>/filebeat/logs/.
Just add any type of .log file manually or generated by any application in the target folder <path>/filebeat/logs/ to get streamed to cribl and elk.