Hi,
I'm creating a cluster with elasticsearch (2 elastic nodes and a kibana/logstash/filebeat node).
Logstash "apparently" seems to work because filebeat sends the data to logstash and consequently logstash sends them to elastic that stores them correctly. However I don't see logstash monitoring on Kibana. Could you help me understand this?
Docker Compose
version: '3.3'
...
es01:
depends_on:
- setup
image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
volumes:
- /mnt/certs:/usr/share/elasticsearch/config/certs
- esdata01:/usr/share/elasticsearch/data
ports:
- 9200:9200
- 9300:9300
environment:
- node.name=es01
- cluster.name=${CLUSTER_NAME}
#- cluster.initial_master_nodes=["es01", "es02"]
- cluster.initial_master_nodes=["es01", "es02"]
#- node.roles=[master]
#- discovery.seed_hosts=["x.x.x.x:9300","y.y.y.y:9301"]
- discovery.seed_hosts=["x.x.x.x:9300", "y.y.y.y:9301"]
- network.publish_host=x.x.x.x
- ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
- network.host=0.0.0.0
- http.host=0.0.0.0
- bootstrap.memory_lock=true
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.key=certs/es01/es01.key
- xpack.security.http.ssl.certificate=certs/es01/es01.crt
- xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.key=certs/es01/es01.key
- xpack.security.transport.ssl.certificate=certs/es01/es01.crt
- xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.license.self_generated.type=${LICENSE}
- transport.port=9300
- http.port=9200
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "50"
healthcheck:
test:
[
"CMD-SHELL",
"curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
]
interval: 10s
timeout: 10s
retries: 120
deploy:
mode: global
placement:
constraints: [node.hostname == elastic-01]
es02:
depends_on:
- es01
image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
volumes:
- /mnt/certs:/usr/share/elasticsearch/config/certs
- esdata02:/usr/share/elasticsearch/data
ports:
- 9201:9201
- 9301:9301
environment:
- node.name=es02
- cluster.name=${CLUSTER_NAME}
#- cluster.initial_master_nodes=["es01", "es02"]
- cluster.initial_master_nodes=["es02", "es01"]
#- node.roles=[master]
#- discovery.seed_hosts=["x.x.x.x:9300","y.y.y.y:9301"]
- discovery.seed_hosts=["y.y.y.y:9301", "x.x.x.x:9300"]
- network.publish_host=y.y.y.y
- ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
- network.host=0.0.0.0
- http.host=0.0.0.0
- bootstrap.memory_lock=true
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.key=certs/es02/es02.key
- xpack.security.http.ssl.certificate=certs/es02/es02.crt
- xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.key=certs/es02/es02.key
- xpack.security.transport.ssl.certificate=certs/es02/es02.crt
- xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.license.self_generated.type=${LICENSE}
- transport.port=9301
- http.port=9201
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "50"
healthcheck:
test:
[
"CMD-SHELL",
"curl -s --cacert config/certs/ca/ca.crt https://localhost:9201 | grep -q 'missing authentication credentials'",
]
interval: 10s
timeout: 10s
retries: 120
deploy:
mode: global
placement:
constraints: [node.hostname == elastic-02]
kibana:
depends_on:
- es01
- es02
image: docker.elastic.co/kibana/kibana:${STACK_VERSION}
volumes:
- /mnt/certs:/usr/share/kibana/config/certs
- kibanadata:/usr/share/kibana/data
ports:
- ${KIBANA_PORT}:5601
environment:
- SERVERNAME=kibana
- ELASTICSEARCH_HOSTS=["https://x.x.x.x:9200","https://y.y.y.y:9201"]
- ELASTICSEARCH_USERNAME=kibana_system
- ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
- ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
ulimits:
memlock:
soft: -1
hard: -1
healthcheck:
test:
[
"CMD-SHELL",
"curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
]
interval: 10s
timeout: 10s
retries: 120
links:
- es01:es01
- es02:es02
deploy:
mode: global
placement:
constraints: [node.hostname == kibana-01]
logstash:
image: docker.elastic.co/logstash/logstash:${STACK_VERSION}
depends_on:
- es01
- es02
- kibana
ulimits:
memlock:
soft: -1
hard: -1
user: root
volumes:
- /mnt/certs:/usr/share/logstash/certs
- logstashdata01:/usr/share/logstash/data
- /opt/logstash/logstash.conf:/usr/share/logstash/pipeline/logstash.conf
- /opt/logstash/logstash_ingest_data/:/usr/share/logstash/ingest_data/
- /opt/logstash/logstash.yml:/usr/share/logstash/config/logstash.yml:ro,Z
ports:
- 5044:5044
stdin_open: true
tty: true
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "50"
links:
- es01:es01
- es02:es02
deploy:
mode: global
placement:
constraints: [node.hostname == kibana-01]
filebeat:
user: root
container_name: filebeat
image: docker.elastic.co/beats/filebeat:8.15.1
links:
- logstash:logstash
depends_on:
- logstash
volumes:
- /var/run/docker.sock:/host_docker/docker.sock
- /var/lib/docker:/host_docker/var/lib/docker
- /opt/tmp/mylog:/usr/share/filebeat/mylog
- /opt/tmp/filebeat.yml:/usr/share/filebeat/filebeat.yml
command: ["--strict.perms=false"]
ulimits:
memlock:
soft: -1
hard: -1
stdin_open: true
tty: true
deploy:
mode: global
placement:
constraints: [node.hostname == kibana-01]
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "50"
volumes:
esdata01:
esdata02:
kibanadata:
logstashdata01:
Logstash.conf
input {
beats {
port => 5044
}
}
filter {
}
output {
elasticsearch {
hosts=> ["https://x.x.x.x:9200", "https://y.y.y.y:9201"]
user=> "elastic"
password=> "changeme"
ssl_certificate_authorities=> "certs/ca/ca.crt"
ssl_enabled => true
index => "logstash-%{+YYYY.MM.dd}"
}
}
Logstash.yml
http.host: 0.0.0.0
node.name: logstash
Thanks for your availability