docker - logstash

Dockerfile

FROM dockerfile/java:oracle-java7

ENV KB_PKG_NAME kibana-4.0.0-beta3

RUN \
  cd / && \
  wget https://download.elasticsearch.org/kibana/kibana/$KB_PKG_NAME.tar.gz && \
  tar xvzf $KB_PKG_NAME.tar.gz && \
  rm -f $KB_PKG_NAME.tar.gz && \
  mv /$KB_PKG_NAME /kibana

#ADD config/kibana.yml /kibana/config/kibana.yml

RUN \
  sed -i "s/elasticsearch:.*/elasticsearch: http:\/\/`curl http://169.254.169.254/latest/meta-data/local-ipv4`:9200/" /kibana/config/kibana.yml

CMD ["/kibana/bin/kibana"]

EXPOSE 5601

logstash.conf

input {
         log4j {
             port => "4560"
             type => "log4j"
         }
         syslog {
             port => "5514"
             type => "syslog"
         }
         tcp {
             charset => "UTF-8"
             format => "json"
             port => "28777"
             type => "nodejs"
         }
}

filter {
  if [program] == "apache-access" {
    grok { 
      match => [ "message", "%{IPORHOST:clientip} \((%{IP:XF} *)+\) %{USER:ident} %{USER:auth} \[%{HTTPDATE:timestamp}\] \"(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})\" %{NUMBER:response} (?:%{NUMBER:bytes}|-) %{QS:referrer} %{QS:agent}" ]
    }
  }

  if [program] == "tomcat-access" {
    grok {
      match => [ "message", "%{COMMONAPACHELOG}" ]
    }
  }

}

output {
  elasticsearch_http {
    host => "ES_HOST"
    port => "ES_PORT"
  }
}

For use with https://registry.hub.docker.com/u/dockerfile/elasticsearch/

docker run -d -e LOGSTASH_CONFIG_URL=https://gist.githubusercontent.com/yonatang/72a309d87c64aa4ef162/raw/logstash.conf
--link es:es
-p 9292:9292
-p 4560:4560 -p 5514:5514 -p 28777:28777 pblittle/docker-logstash

Docker file is for kibana 4 dashboard set up. For use in an ec2 instance only.
Might want to link the elasicsearch container instead of EC2 ip discovery mechanism.

docker build -t kibana .
docker run -d -p 80:5601 kibana

To set up elasicsearch, use
docker docker run -d -p 9200:9200 -p 9300:9300 --name es dockerfile/elasticsearch