From fb216811b0b3a6f757a722293951405cb8c2d680 Mon Sep 17 00:00:00 2001 From: Joao Fernandes Date: Mon, 12 Dec 2016 15:03:51 -0800 Subject: [PATCH] Add ELK stack example to UCP 2.0 --- .../guides/configuration/configure-logs.md | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/datacenter/ucp/2.0/guides/configuration/configure-logs.md b/datacenter/ucp/2.0/guides/configuration/configure-logs.md index 2cea47cfab..ed4cadcb65 100644 --- a/datacenter/ucp/2.0/guides/configuration/configure-logs.md +++ b/datacenter/ucp/2.0/guides/configuration/configure-logs.md @@ -16,6 +16,42 @@ You can configure UCP for sending logs to a remote logging service: ![](../images/settings-log.png) +## Example: Setting up an ELK stack + +One popular logging stack is composed of Elasticsearch, Logstash and +Kibana. The following example demonstrates how to set up an example +deployment which can be used for logging. + +```none +docker volume create --name orca-elasticsearch-data + +docker run -d \ + --name elasticsearch \ + -v orca-elasticsearch-data:/usr/share/elasticsearch/data \ + elasticsearch elasticsearch -Des.network.host=0.0.0.0 + +docker run -d \ + -p 514:514 \ + --name logstash \ + --link elasticsearch:es \ + logstash \ + sh -c "logstash -e 'input { syslog { } } output { stdout { } elasticsearch { hosts => [ \"es\" ] } } filter { json { source => \"message\" } }'" + +docker run -d \ + --name kibana \ + --link elasticsearch:elasticsearch \ + -p 5601:5601 \ + kibana +``` + +Once you have these containers running, configure UCP to send logs to +the IP of the Logstash container. You can then browse to port 5601 on the system +running Kibana and browse log/event entries. You should specify the "time" +field for indexing. + +When deployed in a production environment, you should secure your ELK +stack. UCP does not do this itself, but there are a number of 3rd party +options that can accomplish this (e.g. Shield plug-in for Kibana) ## Where to go next