Docker SIEM install

Mike_Kirby · December 19, 2023, 2:33pm

I am at the beginning of a new ELK SIEM installation and am looking to verify a couple of items.

When creating the SIEM in docker the documentation does not say to pull the Logstash component. Is there a reason for this? Can it be pulled with the same string as elasticsearch and kibana

docker pull docker.elastic.co/logstash/logstash:8.11.3

When creating this in a docker environment, should I be configuring the 3 servers (ES, Kib,Log) as normal servers in terms of sizing?

Thank you for the feedback. Wanting to set this up correctly the first time.

Mike_Kirby · January 8, 2024, 2:14pm

I have been able to get past this phase of the installation.

I created the 3 servers as per normal. From there I used Podman to create pods for the SIEM components and then containers in the pods.

Logstash and Kibana are running however, I am unable to start the Elasticsearch containers.

system · February 5, 2024, 2:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elk running on docker Elasticsearch docker	7	516	April 1, 2020
Does Elasticsearch Docker Image Contain Logstash and/or Kibana? Elasticsearch docker	3	455	September 3, 2019
Has anyone successfully stood up a multi-node elasticsearch cluster with kibana and logstash through docker images? Elasticsearch docker	1	269	August 31, 2023
I am trying to setup elk on docker, but it is not pulling data from my log file which already has data Kibana elastic-stack-security , docker	2	7	October 15, 2024
ELK Multi node Cluster using docker compose Elasticsearch docker	4	57	September 27, 2024