apm-server.apm-server.yml

apm-server:
  host: "0.0.0.0:8200"
  frontend:
    enabled: true
  rum:
    enabled: true
register.ingest.pipeline:
  enabled: true
setup.kibana:
  host: "kibana:5601"
setup.template.pattern: 'apm-server-*'
# output.elasticsearch:
#   hosts:
#     - "elasticsearch:9200"
output.logstash:
  hosts:
    - "logstash:5044"

elasticsearch.elasticsearch.yml

cluster.name: "mal"
network.host: 0.0.0.0
discovery.type: single-node

filebeat.filebeat.yml

filebeat.modules:
  - module: nginx
    access:
      enabled: true
    error:
      enabled: true

  - module: system
    syslog:
      enable: true
    auth:
      enable: true

filebeat.inputs:
  - type: log
    enabled: true
    paths:
      - "/var/log/*.log"

output.logstash:
  hosts:
    - "logstash.ie.X.com:5044"

setup.kibana:
  host: "kibana.ie.X.com:5601"

kibana.kibana.yml

server.host: "0.0.0.0"
server.name: "kibana"
elasticsearch.url: "http://elasticsearch:9200"
xpack.infra.sources.default.logAlias: "default-*"

logstash.custom_logstash_grok_patterns

CUSTOM_LOGLEVEL ([Aa]lert|ALERT|[Tt]race|TRACE|[Dd]ebug|DEBUG|[Nn]otice|NOTICE|[Ii]nfo|INFO|[Ww]arn?(?:ing)?|WARN?(?:ING)?|[Ee]rr(?:or)?|ERR(?:OR)?|[Cc]rit?(?:ical)?|CRIT?(?:ICAL)?|[Ff]atal|FATAL|[Ss]evere|SEVERE|EMERG(?:ENCY)?|[Ee]merg(?:ency)?)

logstash.logstash.conf

input {
  udp {
    port => 12200
    codec => json_lines
    add_field => {
      "input" => "udp"
    }
  }

  gelf {
    add_field => {
      "input" => "gelf"
    }
  }

  http {
    add_field => {
      "input" => "http"
    }
  }

  beats {
    port => 5044
  }
}

output {
  if [@metadata][beat] {
    elasticsearch {
      hosts => ["http://elasticsearch:9200"]
      index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
    }
  } else if [input] == "gelf" {
    elasticsearch {
      hosts => ["http://elasticsearch:9200"]
      index => "docker-%{+YYYY.MM.dd}"
    }
  } else {
    elasticsearch {
      hosts => ["http://elasticsearch:9200"]
      index => "default-%{+YYYY.MM.dd}"
    }
  }

  if !([input] == "beats") {
    stdout {
      codec => json_lines
    }
  }
}

logstash.logstash.yml

http.host: "0.0.0.0"

logstash.pipelines.yml

- pipeline.id: main
  path.config: "/usr/share/logstash/pipeline"

metricbeat.metricbeat.yml

metricbeat.autodiscover:
  providers:
    - type: docker
      templates:
        - condition.contains:
            docker.container.image: redis
          config:
            - module: redis
              enabled: true
              period: 5m
              metricsets:
                - "info"
                - "keyspace"
              hosts:
                - "${data.host}:${data.port}"
        - condition.contains:
            docker.container.image: nginx
          config:
            - module: nginx
              enabled: true
              period: 5m
              metricsets:
                - "stubstatus"
              hosts:
                - "http://${data.host}"
              server_status_path: "/stub_status"
        - condition.contains:
            docker.container.image: memcached
          config:
            - module: memcached
              enabled: true
              period: 5m
              metricsets:
                - "stats"
              hosts:
                - "${data.host}:${data.port}"
        - condition.contains:
            docker.container.image: postgres
          config:
            - module: postgresql
              enabled: true
              period: 5m
              metricsets:
                - "database"
                - "bgwriter"
                - "activity"
                - "statement"
              hosts:
                - "postgres://${data.host}:5432?sslmode=disable"
              username: postgres
        - condition.contains:
            docker.container.image: docker.elastic.co/logstash/logstash
          config:
            - module: logstash
              enabled: true
              period: 5m
              metricsets:
                - "node"
                - "node_stats"
              hosts:
                - "${data.host}:9600"
              ssl.verification_mode: "none"
        - condition.contains:
            docker.container.image: docker.elastic.co/kibana/kibana
          config:
            - module: kibana
              enabled: true
              period: 5m
              metricsets:
                - "stats"
                - "status"
              hosts:
                - "${data.host}:${data.port}"
        - condition.contains:
            docker.container.image: docker.elastic.co/elasticsearch/elasticsearch
          config:
            - module: elasticsearch
              metricsets:
                - "node"
                - "node_stats"
                - "index"
                - "index_recovery"
                - "index_summary"
                - "shard"
              period: 5m
              hosts:
                - "${data.host}:9200"

metricbeat.modules:
  - module: docker
    enabled: true
    period: 5m
    metricsets:
      - "container"
      - "cpu"
      - "diskio"
      - "healthcheck"
      - "info"
      - "image"
      - "memory"
      - "network"
    hosts:
      - "unix:///var/run/docker.sock"
  - module: postgresql
    enabled: true
    period: 5m
    metricsets:
      - "database"
      - "bgwriter"
      - "activity"
      - "statement"
    hosts:
      - "${PRIMARY_POSTGRES_DATABASE_URI}"
processors:
  - add_docker_metadata: ~
  - add_locale: ~
output.logstash:
  hosts:
    - "logstash:5044"
setup.kibana:
  host: "kibana:5601"

packetbeat.packetbeat.yml

packetbeat.interfaces.device: any

packetbeat.flows:
  timeout: 30s
  period: 5m

packetbeat.protocols:
  - type: dns
  - type: http
    send_headers: true
    send_all_headers: true
  - type: tls
    send_certificates: false

packetbeat.procs:
  enabled: true
  monitored:
    - process: nginx
      cmdline_grep: nginx

processors:
  - add_locale: ~

output.logstash:
  hosts:
    - "logstash.ie.X.com:5044"

setup.kibana:
  host: "kibana.ie.X.com:5601"