PattaraponLertratananont/docker-compose-elk.yml

## docker-compose-elk.yml
version: "3.0"
services:
  elasticsearch:
    container_name: elasticsearch
    image: docker.elastic.co/elasticsearch/elasticsearch:8.5.0
    environment:
      ES_JAVA_OPTS: "-Xmx256m -Xms256m"
      discovery.type: single-node
    ports:
      - 9200:9200
      - 9300:9300
    volumes:
      - ./elasticsearch/elasticsearch_data:/usr/share/elasticsearch/data
      - ./elasticsearch/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
  kibana:
    container_name: kibana
    image: docker.elastic.co/kibana/kibana:8.5.0
    ports:
      - 5601:5601
    volumes:
      - ./kibana/kibana.yml/:/usr/share/kibana/config/kibana.yml
    depends_on:
      - elasticsearch

  logstash:
    container_name: logstash
    image: docker.elastic.co/logstash/logstash:8.5.0
    ports:
      - 5044:5044
    volumes:
      - ./logstash/logstash.yml/:/usr/share/logstash/config/logstash.yml
      - ./logstash/logstash.conf/:/usr/share/logstash/pipeline/logstash.conf
    depends_on:
      - elasticsearch

## docker-compose-filebeat.yml
version: "3.0"
services:
  filebeat:
    container_name: filebeat
    image: docker.elastic.co/beats/filebeat:8.5.0
    user: root
    volumes:
      - /var/run:/var/run
      - /var/lib/docker/containers:/var/log/containers
      - ./filebeat/filebeat.yml/:/usr/share/filebeat/filebeat.yml

## elasticsearch.yml
cluster.name: "docker-cluster"
network.host: 0.0.0.0

xpack.license.self_generated.type: basic
xpack.security.enabled: true
xpack.monitoring.collection.enabled: true

## filebeat.yml
filebeat.autodiscover:
  providers:
    - type: docker
      templates:
        - condition:
            contains:
              docker.container.name: <docker container name>
          config:
            - type: container
              id: <unique id>
              paths:
                - /var/log/containers/${data.docker.container.id}/*.log
              processors:
                - add_docker_metadata: ~

filebeat.inputs:
  - type: filestream
    id: <unique id>
    paths: /var/log/*.txt

filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: true

setup.template.settings:
  index.number_of_shards: 1

output.logstash.hosts: "logstash:5044"

## kibana.yml
server.name: kibana
server.host: "0.0.0.0"
elasticsearch.hosts: [ "http://elasticsearch:9200" ]
xpack.monitoring.ui.container.elasticsearch.enabled: true

elasticsearch.username: kibana_system
elasticsearch.password: "changeme"

## logstash.conf
input {
  beats {
    port => 5044
  }
}

output {
  elasticsearch {
        hosts => "elasticsearch:9200"
        user => "logstash_internal"
        password => "changeme"
        index => "your-index"
    }
}

## logstash.yml
http.host: "0.0.0.0"
	version: "3.0"
	services:
	elasticsearch:
	container_name: elasticsearch
	image: docker.elastic.co/elasticsearch/elasticsearch:8.5.0
	environment:
	ES_JAVA_OPTS: "-Xmx256m -Xms256m"
	discovery.type: single-node
	ports:
	- 9200:9200
	- 9300:9300
	volumes:
	- ./elasticsearch/elasticsearch_data:/usr/share/elasticsearch/data
	- ./elasticsearch/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
	kibana:
	container_name: kibana
	image: docker.elastic.co/kibana/kibana:8.5.0
	ports:
	- 5601:5601
	volumes:
	- ./kibana/kibana.yml/:/usr/share/kibana/config/kibana.yml
	depends_on:
	- elasticsearch

	logstash:
	container_name: logstash
	image: docker.elastic.co/logstash/logstash:8.5.0
	ports:
	- 5044:5044
	volumes:
	- ./logstash/logstash.yml/:/usr/share/logstash/config/logstash.yml
	- ./logstash/logstash.conf/:/usr/share/logstash/pipeline/logstash.conf
	depends_on:
	- elasticsearch
	version: "3.0"
	services:
	filebeat:
	container_name: filebeat
	image: docker.elastic.co/beats/filebeat:8.5.0
	user: root
	volumes:
	- /var/run:/var/run
	- /var/lib/docker/containers:/var/log/containers
	- ./filebeat/filebeat.yml/:/usr/share/filebeat/filebeat.yml
	cluster.name: "docker-cluster"
	network.host: 0.0.0.0

	xpack.license.self_generated.type: basic
	xpack.security.enabled: true
	xpack.monitoring.collection.enabled: true
	filebeat.autodiscover:
	providers:
	- type: docker
	templates:
	- condition:
	contains:
	docker.container.name: <docker container name>
	config:
	- type: container
	id: <unique id>
	paths:
	- /var/log/containers/${data.docker.container.id}/*.log
	processors:
	- add_docker_metadata: ~

	filebeat.inputs:
	- type: filestream
	id: <unique id>
	paths: /var/log/*.txt

	filebeat.config.modules:
	path: ${path.config}/modules.d/*.yml
	reload.enabled: true

	setup.template.settings:
	index.number_of_shards: 1

	output.logstash.hosts: "logstash:5044"
	server.name: kibana
	server.host: "0.0.0.0"
	elasticsearch.hosts: [ "http://elasticsearch:9200" ]
	xpack.monitoring.ui.container.elasticsearch.enabled: true

	elasticsearch.username: kibana_system
	elasticsearch.password: "changeme"
	input {
	beats {
	port => 5044
	}
	}

	output {
	elasticsearch {
	hosts => "elasticsearch:9200"
	user => "logstash_internal"
	password => "changeme"
	index => "your-index"
	}
	}