jirkapinkas/elastic kibana logstash docker-compose.yml

## elastic kibana logstash docker-compose.yml
Poznámka: Všechny soubory budou ve stejném adresáři

==================
docker-compose.yml:
==================

version: '3.7'
services:
  elastic:
    image: elasticsearch:7.3.0
    ports:
      - "9200:9200"
      - "9300:9300"
    environment:
      discovery.type: single-node
  kibana:
    image: kibana:7.3.0
    ports:
      - "5601:5601"
    environment:
      ELASTICSEARCH_HOSTS: http://elastic:9200
  logstash:
    image: logstash:7.3.0
    ports:
      - "9600:9600"
    environment:
      xpack.monitoring.elasticsearch.hosts: http://elastic:9200
    volumes:
      - ./logstash.conf:/logstash.conf
      - ./debug.log:/debug.log
    command: logstash -f /logstash.conf


=============
logstash.conf:
(inspiroval jsem se zde: https://gist.github.com/daniellavoie/43e25d1fb74bc99dc3915a03901777e2)
=============

input {
  file {
    path => "/debug.log"
      start_position => "beginning"
    sincedb_path => "/dev/null"
  }
}
filter {
  if [message] =~ "\tat" {
    grok {
      match => ["message", "^(\tat)"]
      add_tag => ["stacktrace"]
    }
  }

  grok {
    match => [ "message",
               "(?<timestamp>%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{TIME})  %{LOGLEVEL:level} %{NUMBER:pid} --- .+? :\s+(?<logmessage>.*)"
             ]
  }

  date {
    match => [ "timestamp" , "yyyy-MM-dd HH:mm:ss.SSS" ]
  }

  mutate {
    remove_field => ["message"]
  }
}
output {
  elasticsearch { hosts => ["elastic:9200"] }
}


====================================================================================================
Očekává se, že ve stejném adresáři jako je docker-compose.yml je soubor s logy (s názvem debug.log).
A nakonec jenom spustit "docker-compose up" a přejít na: http://localhost:5601/app/kibana
====================================================================================================
	Poznámka: Všechny soubory budou ve stejném adresáři

	==================
	docker-compose.yml:
	==================

	version: '3.7'
	services:
	elastic:
	image: elasticsearch:7.3.0
	ports:
	- "9200:9200"
	- "9300:9300"
	environment:
	discovery.type: single-node
	kibana:
	image: kibana:7.3.0
	ports:
	- "5601:5601"
	environment:
	ELASTICSEARCH_HOSTS: http://elastic:9200
	logstash:
	image: logstash:7.3.0
	ports:
	- "9600:9600"
	environment:
	xpack.monitoring.elasticsearch.hosts: http://elastic:9200
	volumes:
	- ./logstash.conf:/logstash.conf
	- ./debug.log:/debug.log
	command: logstash -f /logstash.conf




	=============
	logstash.conf:
	(inspiroval jsem se zde: https://gist.github.com/daniellavoie/43e25d1fb74bc99dc3915a03901777e2)
	=============

	input {
	file {
	path => "/debug.log"
	start_position => "beginning"
	sincedb_path => "/dev/null"
	}
	}
	filter {
	if [message] =~ "\tat" {
	grok {
	match => ["message", "^(\tat)"]
	add_tag => ["stacktrace"]
	}
	}

	grok {
	match => [ "message",
	"(?<timestamp>%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{TIME}) %{LOGLEVEL:level} %{NUMBER:pid} --- .+? :\s+(?<logmessage>.*)"
	]
	}

	date {
	match => [ "timestamp" , "yyyy-MM-dd HH:mm:ss.SSS" ]
	}

	mutate {
	remove_field => ["message"]
	}
	}
	output {
	elasticsearch { hosts => ["elastic:9200"] }
	}


	====================================================================================================
	Očekává se, že ve stejném adresáři jako je docker-compose.yml je soubor s logy (s názvem debug.log).
	A nakonec jenom spustit "docker-compose up" a přejít na: http://localhost:5601/app/kibana
	====================================================================================================