├── LICENSE ├── README.md ├── dashboards └── metricbeat-dboard.json ├── docker-compose.yml ├── logstash-init.log ├── swarm-stack.yml └── visualizations └── metricbeat-visual.json /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2016 Guillaume Simonneau 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # What is the Elastic Stack? 2 | By combining the massively popular Elasticsearch, Logstash, and Kibana, Elastic has created an end-to-end stack that delivers actionable insights in real time from almost any type of structured and unstructured data source. Built and supported by the engineers behind each of these open source products, the Elastic Stack makes searching and analyzing data easier than ever before. 3 | 4 | * [![](https://images.microbadger.com/badges/image/khezen/kibana.svg)](https://hub.docker.com/r/khezen/kibana/) [khezen/kibana](https://github.com/Khezen/docker-kibana) 5 | * [![](https://images.microbadger.com/badges/image/khezen/elasticsearch.svg)](https://hub.docker.com/r/khezen/elasticsearch/) [khezen/elasticsearch](https://github.com/Khezen/docker-elasticsearch) 6 | * [![](https://images.microbadger.com/badges/image/khezen/logstash.svg)](https://hub.docker.com/r/khezen/logstash/) [khezen/logstash](https://github.com/Khezen/docker-logstash) 7 | * [Beats](https://www.elastic.co/guide/en/beats/libbeat/current/installing-beats.html) 8 | * [metricbeat](https://www.elastic.co/guide/en/beats/metricbeat/current/index.html) 9 | * [filebeat](https://www.elastic.co/guide/en/beats/filebeat/current/index.html) 10 | * [packetbeat](https://www.elastic.co/guide/en/beats/packetbeat/current/index.html) 11 | * [![](https://images.microbadger.com/badges/image/khezen/elastalert.svg) khezen/elastalert](https://hub.docker.com/r/khezen/elastalert/) 12 | 13 | 14 | # Setup 15 | 16 | ## Install Docker 17 | 18 | 1. [Docker engine](https://docs.docker.com/engine/installation/) 19 | 2. [Docker compose](https://docs.docker.com/compose/install/) 20 | 3. Clone this repository: `git clone https://github.com/khezen/docker-elk` 21 | 22 | ## [File Descriptors and MMap](https://www.elastic.co/guide/en/elasticsearch/guide/current/_file_descriptors_and_mmap.html) (Linux Only) 23 | 24 | run the following command on your host: 25 | ``` 26 | sysctl -w vm.max_map_count=262144 27 | ``` 28 | You can set it permanently by modifying `vm.max_map_count` setting in your `/etc/sysctl.conf`. 29 | 30 | # Usage 31 | 32 | Start the Elastic Stack using *docker-compose*: 33 | 34 | ```bash 35 | $ docker-compose up 36 | ``` 37 | 38 | You can also choose to run it in background: 39 | 40 | ```bash 41 | $ docker-compose up -d 42 | ``` 43 | 44 | Now that the stack is running, you'll want to inject logs in it. The shipped logstash configuration allows you to send content via tcp or udp: 45 | 46 | ```bash 47 | $ nc localhost 5000 < ./logstash-init.log 48 | ``` 49 | 50 | And then access Kibana by hitting [http://localhost:5601](http://localhost:5601) with a web browser. 51 | 52 | *WARNING*: If you're using [*boot2docker*](http://boot2docker.io/), or [*Docker Toolbox*](https://www.docker.com/products/docker-toolbox) you must access it via the *boot2docker* IP address instead of *localhost*. 53 | 54 | *NOTE*: You need to inject data into logstash before being able to create a logstash index in Kibana. Then all you should have to do is to hit the create button. 55 | 56 | By Default, The Elastic Stack exposes the following ports: 57 | * 5000: Logstash TCP input. 58 | * 9200: Elasticsearch HTTP 59 | * 9300: Elasticsearch TCP transport 60 | * 5601: Kibana 61 | 62 | 63 | # Docker Swarm 64 | 65 | Deploy the Elastic Stack on your cluster using docker swarm: 66 | 67 | 1. Connect to a manager node of the swarm 68 | 2. `git clone https://github.com/khezen/docker-elk` 69 | 3. `cd docker-elk` 70 | 5. `docker stack deploy -c swarm-stack.yml elk` 71 | 72 | The number of replicas for each services can be edited from `swarm-stack.yml`: 73 | ``` 74 | ... 75 | deploy: 76 | mode: replicated 77 | replicas: 2 78 | ... 79 | ``` 80 | 81 | Services are load balanced using **HAProxy**. 82 | 83 | 84 | 85 | # Elasticsearch 86 | 87 | Configuration file is located in `/etc/elasticsearch/elasticsearch.yml`. 88 | 89 | You can find default config [there](https://github.com/Khezen/docker-elasticsearch/blob/master/config/elasticsearch.yml). 90 | 91 | You can find help with elasticsearch configuration [there](https://www.elastic.co/guide/en/elasticsearch/reference/current/settings.html). 92 | 93 | You can edit `docker-compose.yml` to set [khezen/elasticsearch](https://github.com/Khezen/docker-elasticsearch) environment variables yourself. 94 | ``` 95 | elasticsearch: 96 | image: khezen/elasticsearch 97 | environment: 98 | HEAP_SIZE: 1g 99 | ELASTIC_PWD: changeme 100 | KIBANA_PWD: changeme 101 | LOGSTASH_PWD: changeme 102 | BEATS_PWD: changeme 103 | ELASTALERT_PWD: changeme 104 | volumes: 105 | - /data/elasticsearch:/usr/share/elasticsearch/data 106 | - /etc/elasticsearch:/usr/share/elasticsearch/config 107 | ports: 108 | - "9200:9200" 109 | - "9300:9300" 110 | networks: 111 | - elk 112 | restart: unless-stopped 113 | ``` 114 | 115 | # Kibana 116 | 117 | * [Discover](https://www.elastic.co/guide/en/kibana/current/discover.html) - explore your data, 118 | 119 | * [Visualize](https://www.elastic.co/guide/en/kibana/current/visualize.html) - create visualizations of your data, 120 | * You can find exported visualizations under `./visualizations` folder, 121 | * To import them in Kibana, go to `Managment->Saved Objects` panel, 122 | 123 | * [Dashboard](https://www.elastic.co/guide/en/kibana/current/dashboard.html) - displays a collection of saved visualizations, 124 | * You can find exported dashboards under `./dashboards` folder, 125 | * To import them in Kibana, go to `Managment->Saved Objects` panel, 126 | 127 | * [Timelion](https://www.elastic.co/guide/en/kibana/current/timelion.html) - combine totally independent data sources within a single visualization. 128 | 129 | Configuration file is located in `/etc/kibana/kibana.yml`. 130 | 131 | You can find default config [there](https://github.com/Khezen/docker-kibana/blob/master/config/default.yml). 132 | 133 | You can find help with kibana configuration [there](https://www.elastic.co/guide/en/kibana/current/settings.html). 134 | 135 | You can edit `docker-compose.yml` to set [khezen/kibana](https://github.com/Khezen/docker-kibana) environment variables yourself. 136 | ``` 137 | kibana: 138 | links: 139 | - elasticsearch 140 | image: khezen/kibana 141 | environment: 142 | KIBANA_PWD: changeme 143 | ELASTICSEARCH_HOST: elasticsearch 144 | ELASTICSEARCH_PORT: 9200 145 | volumes: 146 | - /etc/kibana:/etc/kibana 147 | - /etc/elasticsearch/searchguard/ssl:/etc/searchguard/ssl 148 | ports: 149 | - "5601:5601" 150 | networks: 151 | - elk 152 | restart: unless-stopped 153 | ``` 154 | 155 | # logstash 156 | 157 | Configuration file is located in `/etc/logstash/logstash.conf`. 158 | 159 | You can find default config [there](https://github.com/Khezen/docker-logstash/blob/master/config/logstash.conf). 160 | 161 | *NOTE*: It is possible to use [environment variables in logstash.conf](https://www.elastic.co/guide/en/logstash/current/environment-variables.html). 162 | 163 | You can find help with logstash configuration [there](https://www.elastic.co/guide/en/logstash/current/configuration.html). 164 | 165 | You can edit `docker-compose.yml` to set [khezen/logstash](https://github.com/Khezen/docker-logstash) environment variables yourself. 166 | ``` 167 | logstash: 168 | links: 169 | - elasticsearch 170 | image: khezen/logstash 171 | environment: 172 | HEAP_SIZE: 1g 173 | LOGSTASH_PWD: changeme 174 | ELASTICSEARCH_HOST: elasticsearch 175 | ELASTICSEARCH_PORT: 9200 176 | volumes: 177 | - /etc/logstash:/etc/logstash/conf.d 178 | - /etc/elasticsearch/searchguard/ssl:/etc/elasticsearch/searchguard/ssl 179 | ports: 180 | - "5000:5000" 181 | - "5001:5001" 182 | networks: 183 | - elk 184 | restart: unless-stopped 185 | ``` 186 | 187 | # Beats 188 | 189 | The [Beats](https://www.elastic.co/guide/en/beats/libbeat/current/beats-reference.html) are open source data shippers that you install as agents on your servers to send different types of operational data to Elasticsearch 190 | 191 | 192 | ## any beat 193 | 194 | You need to provide elasticsearch `host:port` and credentials for `beats` user in the configuration file: 195 | ``` 196 | output.elasticsearch: 197 | hosts: [":"] 198 | index: "packetbeat" 199 | user: beats 200 | password: 201 | 202 | ``` 203 | 204 | ## metricbeat 205 | 206 | You can find help with metricbeat installation [here](https://www.elastic.co/guide/en/beats/metricbeat/5.0/metricbeat-installation.html). 207 | 208 | Configuration file is located in `/etc/metricbeat/metricbeat.yml`. 209 | 210 | You can find help with metricbeat configuration [here](https://www.elastic.co/guide/en/beats/metricbeat/5.0/metricbeat-configuration.html). 211 | 212 | start with `sudo /etc/init.d/metricbeat start` 213 | 214 | ## filebeat 215 | 216 | You can find help with filebeat installation [here](https://www.elastic.co/guide/en/beats/filebeat/5.0/filebeat-installation.html). 217 | 218 | Configuration file is located in `/etc/filebeat/filebeat.yml`. 219 | 220 | You can find help with filebeat configuration [here](https://www.elastic.co/guide/en/beats/filebeat/5.0/filebeat-configuration.html). 221 | 222 | start with `sudo /etc/init.d/filebeat start` 223 | 224 | ## packetbeat 225 | 226 | You can find help with packetbeat installation [here](https://www.elastic.co/guide/en/beats/packetbeat/5.0/packetbeat-installation.html). 227 | 228 | Configuration file is located in `/etc/packetbeat/packetbeat.yml`. 229 | 230 | You can find help with packetbeat configuration [here](https://www.elastic.co/guide/en/beats/packetbeat/5.0/filebeat-configuration.html). 231 | 232 | start with `sudo /etc/init.d/packetbeat start` 233 | 234 | # Elastalert 235 | 236 | ### What is Elastalert? 237 | [ElastAlert](https://github.com/Yelp/elastalert) is a simple framework for alerting on anomalies, spikes, or other patterns of interest from data in Elasticsearch. 238 | It is a nice replacement of the [Watcher](https://www.elastic.co/guide/en/x-pack/current/xpack-alerting.html#xpack-alerting) module if your are not willing to pay the x-pack subscription and still needs some alerting features. 239 | 240 | ## Configuration 241 | Configuration file is located in `/etc/elastalert/elastalert.yml`. 242 | 243 | You can find help with elastalert configuration [here](https://elastalert.readthedocs.io/en/latest/index.html). 244 | 245 | You can share rules from host to the container by adding them to `/usr/share/elastalert/rules` 246 | 247 | 248 | # User Feedback 249 | ## Issues 250 | If you have any problems with or questions about this project, please ask for help through a [GitHub issue](https://github.com/Khezen/docker-elk/issues). 251 | -------------------------------------------------------------------------------- /dashboards/metricbeat-dboard.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "_id": "Monitor-CPU", 4 | "_type": "dashboard", 5 | "_source": { 6 | "title": "CPU", 7 | "hits": 0, 8 | "description": "", 9 | "panelsJSON": "[\n {\n \"col\": 1,\n \"id\": \"CPU-Breakdown\",\n \"panelIndex\": 1,\n \"row\": 1,\n \"size_x\": 10,\n \"size_y\": 4,\n \"type\": \"visualization\"\n },\n {\n \"id\": \"Cores-Breakdown\",\n \"type\": \"visualization\",\n \"panelIndex\": 2,\n \"size_x\": 2,\n \"size_y\": 4,\n \"col\": 11,\n \"row\": 1\n }\n]", 10 | "optionsJSON": "{\n \"darkTheme\": false\n}", 11 | "uiStateJSON": "{\n \"P-2\": {\n \"vis\": {\n \"legendOpen\": false\n }\n }\n}", 12 | "version": 1, 13 | "timeRestore": false, 14 | "kibanaSavedObjectMeta": { 15 | "searchSourceJSON": "{\n \"filter\": [\n {\n \"query\": {\n \"query_string\": {\n \"analyze_wildcard\": true,\n \"query\": \"*\"\n }\n }\n }\n ]\n}" 16 | } 17 | } 18 | }, 19 | { 20 | "_id": "Monitor-Disk", 21 | "_type": "dashboard", 22 | "_source": { 23 | "title": "Disk I/O", 24 | "hits": 0, 25 | "description": "", 26 | "panelsJSON": "[\n {\n \"col\": 1,\n \"id\": \"Disk-bytes-read-slash-write\",\n \"panelIndex\": 1,\n \"row\": 1,\n \"size_x\": 4,\n \"size_y\": 3,\n \"type\": \"visualization\"\n },\n {\n \"col\": 5,\n \"id\": \"Disk-I-slash-O-Count\",\n \"panelIndex\": 5,\n \"row\": 1,\n \"size_x\": 4,\n \"size_y\": 3,\n \"type\": \"visualization\"\n },\n {\n \"id\": \"Disk-I-slash-O-Time\",\n \"type\": \"visualization\",\n \"panelIndex\": 6,\n \"size_x\": 4,\n \"size_y\": 3,\n \"col\": 9,\n \"row\": 1\n },\n {\n \"col\": 1,\n \"id\": \"Disk-Space\",\n \"panelIndex\": 4,\n \"row\": 4,\n \"size_x\": 12,\n \"size_y\": 5,\n \"type\": \"visualization\"\n }\n]", 27 | "optionsJSON": "{\n \"darkTheme\": false\n}", 28 | "uiStateJSON": "{\n \"P-4\": {\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n }\n}", 29 | "version": 1, 30 | "timeRestore": false, 31 | "kibanaSavedObjectMeta": { 32 | "searchSourceJSON": "{\n \"filter\": [\n {\n \"query\": {\n \"query_string\": {\n \"analyze_wildcard\": true,\n \"query\": \"*\"\n }\n }\n }\n ]\n}" 33 | } 34 | } 35 | }, 36 | { 37 | "_id": "Monitor-Disk-Usage", 38 | "_type": "dashboard", 39 | "_source": { 40 | "title": "Disk Space", 41 | "hits": 0, 42 | "description": "", 43 | "panelsJSON": "[\n {\n \"col\": 1,\n \"id\": \"Disk-Space\",\n \"panelIndex\": 4,\n \"row\": 4,\n \"size_x\": 12,\n \"size_y\": 5,\n \"type\": \"visualization\"\n }\n]", 44 | "optionsJSON": "{\n \"darkTheme\": false\n}", 45 | "uiStateJSON": "{\n \"P-4\": {\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n }\n}", 46 | "version": 1, 47 | "timeRestore": false, 48 | "kibanaSavedObjectMeta": { 49 | "searchSourceJSON": "{\n \"filter\": [\n {\n \"query\": {\n \"query_string\": {\n \"analyze_wildcard\": true,\n \"query\": \"*\"\n }\n }\n }\n ]\n}" 50 | } 51 | } 52 | }, 53 | { 54 | "_id": "Monitor-Network", 55 | "_type": "dashboard", 56 | "_source": { 57 | "title": "Network", 58 | "hits": 0, 59 | "description": "", 60 | "panelsJSON": "[\n {\n \"id\": \"Network-byte-up-slash-down\",\n \"type\": \"visualization\",\n \"panelIndex\": 1,\n \"size_x\": 3,\n \"size_y\": 3,\n \"col\": 1,\n \"row\": 1\n },\n {\n \"id\": \"Network-packet-up-slash-down\",\n \"type\": \"visualization\",\n \"panelIndex\": 4,\n \"size_x\": 3,\n \"size_y\": 3,\n \"col\": 4,\n \"row\": 1\n },\n {\n \"id\": \"Network-error-packet-up-slash-down\",\n \"type\": \"visualization\",\n \"panelIndex\": 3,\n \"size_x\": 3,\n \"size_y\": 3,\n \"col\": 7,\n \"row\": 1\n },\n {\n \"id\": \"Network-dropped-packet-up-slash-down\",\n \"type\": \"visualization\",\n \"panelIndex\": 2,\n \"size_x\": 3,\n \"size_y\": 3,\n \"col\": 10,\n \"row\": 1\n }\n]", 61 | "optionsJSON": "{\n \"darkTheme\": false\n}", 62 | "uiStateJSON": "{\n \"P-3\": {\n \"vis\": {\n \"legendOpen\": false\n }\n },\n \"P-2\": {\n \"vis\": {\n \"legendOpen\": false\n }\n },\n \"P-4\": {\n \"vis\": {\n \"legendOpen\": false\n }\n },\n \"P-1\": {\n \"vis\": {\n \"legendOpen\": false\n }\n }\n}", 63 | "version": 1, 64 | "timeRestore": false, 65 | "kibanaSavedObjectMeta": { 66 | "searchSourceJSON": "{\n \"filter\": [\n {\n \"query\": {\n \"query_string\": {\n \"query\": \"*\",\n \"analyze_wildcard\": true\n }\n }\n }\n ]\n}" 67 | } 68 | } 69 | }, 70 | { 71 | "_id": "Hardware-Overview", 72 | "_type": "dashboard", 73 | "_source": { 74 | "title": "Overview", 75 | "hits": 0, 76 | "description": "", 77 | "panelsJSON": "[\n {\n \"id\": \"Cores-Breakdown\",\n \"type\": \"visualization\",\n \"panelIndex\": 5,\n \"size_x\": 2,\n \"size_y\": 3,\n \"col\": 1,\n \"row\": 1\n },\n {\n \"col\": 3,\n \"id\": \"CPU-Breakdown\",\n \"panelIndex\": 1,\n \"row\": 1,\n \"size_x\": 5,\n \"size_y\": 3,\n \"type\": \"visualization\"\n },\n {\n \"col\": 8,\n \"id\": \"Memory-usage\",\n \"panelIndex\": 3,\n \"row\": 1,\n \"size_x\": 5,\n \"size_y\": 3,\n \"type\": \"visualization\"\n }\n]", 78 | "optionsJSON": "{\n \"darkTheme\": false\n}", 79 | "uiStateJSON": "{\n \"P-1\": {\n \"vis\": {\n \"legendOpen\": false\n }\n },\n \"P-2\": {\n \"vis\": {\n \"legendOpen\": false\n }\n },\n \"P-3\": {\n \"vis\": {\n \"legendOpen\": false\n }\n },\n \"P-5\": {\n \"vis\": {\n \"legendOpen\": false\n }\n }\n}", 80 | "version": 1, 81 | "timeRestore": false, 82 | "kibanaSavedObjectMeta": { 83 | "searchSourceJSON": "{\n \"filter\": [\n {\n \"query\": {\n \"query_string\": {\n \"analyze_wildcard\": true,\n \"query\": \"*\"\n }\n }\n }\n ]\n}" 84 | } 85 | } 86 | }, 87 | { 88 | "_id": "Monitor-Memmory", 89 | "_type": "dashboard", 90 | "_source": { 91 | "title": "Memory", 92 | "hits": 0, 93 | "description": "", 94 | "panelsJSON": "[\n {\n \"id\": \"Memory-usage\",\n \"type\": \"visualization\",\n \"panelIndex\": 1,\n \"size_x\": 8,\n \"size_y\": 3,\n \"col\": 1,\n \"row\": 1\n },\n {\n \"id\": \"Swap-usage\",\n \"type\": \"visualization\",\n \"panelIndex\": 2,\n \"size_x\": 4,\n \"size_y\": 3,\n \"col\": 9,\n \"row\": 1\n }\n]", 95 | "optionsJSON": "{\n \"darkTheme\": false\n}", 96 | "uiStateJSON": "{\n \"P-2\": {\n \"vis\": {\n \"legendOpen\": false\n }\n },\n \"P-1\": {\n \"vis\": {\n \"legendOpen\": false\n }\n }\n}", 97 | "version": 1, 98 | "timeRestore": false, 99 | "kibanaSavedObjectMeta": { 100 | "searchSourceJSON": "{\n \"filter\": [\n {\n \"query\": {\n \"query_string\": {\n \"query\": \"*\",\n \"analyze_wildcard\": true\n }\n }\n }\n ]\n}" 101 | } 102 | } 103 | } 104 | ] -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '2' 2 | services: 3 | elasticsearch: 4 | image: khezen/elasticsearch:5 5 | environment: 6 | HOSTS: '[127.0.0.1]' 7 | HEAP_SIZE: 1g 8 | ELASTIC_PWD: changeme 9 | KIBANA_PWD: changeme 10 | LOGSTASH_PWD: changeme 11 | BEATS_PWD: changeme 12 | CA_PWD: changeme 13 | KS_PWD: changeme 14 | TS_PWD: changeme 15 | volumes: 16 | - /etc/elasticsearch:/usr/share/elasticsearch/config 17 | - /data/elasticsearch:/usr/share/elasticsearch/data 18 | ports: 19 | - "9200:9200" 20 | - "9300:9300" 21 | networks: 22 | - elk 23 | restart: unless-stopped 24 | 25 | kibana: 26 | links: 27 | - elasticsearch 28 | image: khezen/kibana:5 29 | environment: 30 | KIBANA_PWD: changeme 31 | ELASTICSEARCH_HOST: elasticsearch 32 | ELASTICSEARCH_PORT: 9200 33 | volumes: 34 | - /etc/kibana:/etc/kibana 35 | - /etc/elasticsearch/searchguard/ssl:/etc/elasticsearch/searchguard/ssl 36 | ports: 37 | - "5601:5601" 38 | networks: 39 | - elk 40 | restart: unless-stopped 41 | 42 | logstash: 43 | links: 44 | - elasticsearch 45 | image: khezen/logstash:5 46 | environment: 47 | HEAP_SIZE: 1g 48 | LOGSTASH_PWD: changeme 49 | ELASTICSEARCH_HOST: elasticsearch 50 | ELASTICSEARCH_PORT: 9200 51 | TS_PWD: changeme 52 | volumes: 53 | - /etc/logstash:/etc/logstash/conf.d 54 | - /etc/elasticsearch/searchguard/ssl:/etc/elasticsearch/searchguard/ssl 55 | ports: 56 | - "5000:5000" 57 | - "5001:5001/udp" 58 | networks: 59 | - elk 60 | restart: unless-stopped 61 | 62 | elastalert: 63 | links: 64 | - elasticsearch 65 | image: khezen/elastalert 66 | environment: 67 | ELASTALERT_USER: elastalert 68 | ELASTALERT_PWD: changeme 69 | ELASTICSEARCH_HOST: elasticsearch 70 | ELASTICSEARCH_PORT: 9200 71 | volumes: 72 | - /etc/elastalert:/etc/elastalert 73 | - /usr/share/elastalert/rules:/usr/share/elastalert/rules 74 | networks: 75 | - elk 76 | restart: unless-stopped 77 | 78 | networks: 79 | elk: 80 | driver: bridge 81 | -------------------------------------------------------------------------------- /logstash-init.log: -------------------------------------------------------------------------------- 1 | { 2 | message => "init" 3 | } -------------------------------------------------------------------------------- /swarm-stack.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | 5 | elasticsearch: 6 | image: khezen/elasticsearch:5 7 | deploy: 8 | mode: replicated 9 | replicas: 3 10 | update_config: 11 | parallelism: 1 12 | delay: 10s 13 | restart_policy: 14 | condition: on-failure 15 | environment: 16 | HEAP_SIZE: 1g 17 | HOSTS: '["elasticsearch"]' 18 | MINIMUM_MASTER_NODES: 2 19 | ELASTIC_PWD: changeme 20 | KIBANA_PWD: changeme 21 | LOGSTASH_PWD: changeme 22 | BEATS_PWD: changeme 23 | CA_PWD: changeme 24 | KS_PWD: changeme 25 | TS_PWD: changeme 26 | SERVICE_PORTS: 9200, 9300 27 | TCP_PORTS: 9200, 9300 28 | volumes: 29 | - /etc/elasticsearch:/usr/share/elasticsearch/config 30 | - /data/elasticsearch:/usr/share/elasticsearch/data 31 | hostname: elasticsearch 32 | networks: 33 | - elk 34 | 35 | kibana: 36 | image: khezen/kibana:5 37 | deploy: 38 | mode: replicated 39 | replicas: 2 40 | update_config: 41 | parallelism: 1 42 | delay: 10s 43 | restart_policy: 44 | condition: on-failure 45 | environment: 46 | KIBANA_PWD: changeme 47 | ELASTICSEARCH_HOST: elasticsearch 48 | ELASTICSEARCH_PORT: 9200 49 | SERVICE_PORTS: 5601 50 | TCP_PORTS: 5601 51 | volumes: 52 | - /etc/kibana:/etc/kibana 53 | - /etc/elasticsearch/searchguard/ssl:/etc/elasticsearch/searchguard/ssl 54 | hostname: kibana 55 | networks: 56 | - elk 57 | 58 | logstash: 59 | image: khezen/logstash:5 60 | deploy: 61 | mode: replicated 62 | replicas: 2 63 | update_config: 64 | parallelism: 1 65 | delay: 10s 66 | restart_policy: 67 | condition: on-failure 68 | environment: 69 | HEAP_SIZE: 1g 70 | LOGSTASH_PWD: changeme 71 | ELASTICSEARCH_HOST: elasticsearch 72 | ELASTICSEARCH_PORT: 9200 73 | TS_PWD: changeme 74 | SERVICE_PORTS: 5000 75 | TCP_PORTS: 5000 76 | volumes: 77 | - /etc/logstash:/etc/logstash/conf.d 78 | - /etc/elasticsearch/searchguard/ssl:/etc/elasticsearch/searchguard/ssl 79 | hostname: logstash 80 | networks: 81 | - elk 82 | 83 | elastalert: 84 | image: khezen/elastalert:support_es5 85 | deploy: 86 | mode: replicated 87 | replicas: 1 88 | update_config: 89 | parallelism: 1 90 | delay: 10s 91 | restart_policy: 92 | condition: on-failure 93 | environment: 94 | ELASTALERT_USER: elastalert 95 | ELASTALERT_PWD: changeme 96 | ELASTICSEARCH_HOST: elasticsearch 97 | ELASTICSEARCH_PORT: 9200 98 | volumes: 99 | - /etc/elastalert:/etc/elastalert 100 | - /usr/share/elastalert/rules:/usr/share/elastalert/rules 101 | networks: 102 | - elk 103 | 104 | load_balancer: 105 | image: dockercloud/haproxy:1.6.2 106 | depends_on: 107 | - kibana 108 | - elasticsearch 109 | - logstash 110 | deploy: 111 | mode: global 112 | restart_policy: 113 | condition: any 114 | placement: 115 | constraints: 116 | - node.role == manager 117 | environment: 118 | STATS_PORT: 9000 119 | STATS_AUTH: stats:changeme 120 | volumes: 121 | - /var/run/docker.sock:/var/run/docker.sock 122 | networks: 123 | - elk 124 | ports: 125 | - "8081:9000" 126 | - "5601:5601" 127 | - "9200:9200" 128 | - "9300:9300" 129 | - "5000:5000" 130 | 131 | networks: 132 | elk: 133 | driver: overlay 134 | -------------------------------------------------------------------------------- /visualizations/metricbeat-visual.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "_id": "CPU-Breakdown", 4 | "_type": "visualization", 5 | "_source": { 6 | "title": "CPU Breakdown", 7 | "visState": "{\"title\":\"CPU Breakdown\",\"type\":\"area\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"smoothLines\":false,\"scale\":\"linear\",\"interpolate\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"5\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.cpu.nice.pct\",\"customLabel\":\"nice\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.cpu.softirq.pct\",\"customLabel\":\"softirq\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.cpu.steal.pct\",\"customLabel\":\"steal\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.cpu.irq.pct\",\"customLabel\":\"irq\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.cpu.iowait.pct\",\"customLabel\":\"iowait\"}},{\"id\":\"8\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.cpu.system.pct\",\"customLabel\":\"kernel\"}},{\"id\":\"9\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.cpu.user.pct\",\"customLabel\":\"user\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.cpu.idle.pct\",\"customLabel\":\"idle\"}},{\"id\":\"10\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"beat.hostname\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"5\",\"customLabel\":\"host\",\"row\":true}}],\"listeners\":{}}", 8 | "uiStateJSON": "{}", 9 | "description": "", 10 | "version": 1, 11 | "kibanaSavedObjectMeta": { 12 | "searchSourceJSON": "{\"index\":\"metricbeat-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" 13 | } 14 | } 15 | }, 16 | { 17 | "_id": "Disk-Space", 18 | "_type": "visualization", 19 | "_source": { 20 | "title": "Disk Space", 21 | "visState": "{\"title\":\"Disk Space\",\"type\":\"table\",\"params\":{\"perPage\":5,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.filesystem.used.pct\",\"customLabel\":\"used ratio\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.filesystem.used.bytes\",\"customLabel\":\"used(byte)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.filesystem.available\",\"customLabel\":\"available(byte)\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.filesystem.total\",\"customLabel\":\"total(byte)\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"system.filesystem.mount_point\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"3\",\"customLabel\":\"mount point\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"beat.hostname\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"host\",\"row\":true}}],\"listeners\":{}}", 22 | "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", 23 | "description": "", 24 | "version": 1, 25 | "kibanaSavedObjectMeta": { 26 | "searchSourceJSON": "{\"index\":\"metricbeat-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" 27 | } 28 | } 29 | }, 30 | { 31 | "_id": "Network-dropped-packet-up-slash-down", 32 | "_type": "visualization", 33 | "_source": { 34 | "title": "Network Up/Down Dropped Packets", 35 | "visState": "{\"title\":\"Network Up/Down Dropped Packets\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":false,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.network.in.dropped\",\"customLabel\":\"down(packet)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.network.out.dropped\",\"customLabel\":\"up(packet)\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"beat.hostname\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"4\",\"customLabel\":\"host\",\"row\":true}}],\"listeners\":{}}", 36 | "uiStateJSON": "{}", 37 | "description": "", 38 | "version": 1, 39 | "kibanaSavedObjectMeta": { 40 | "searchSourceJSON": "{\"index\":\"metricbeat-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" 41 | } 42 | } 43 | }, 44 | { 45 | "_id": "Disk-bytes-read-slash-write", 46 | "_type": "visualization", 47 | "_source": { 48 | "title": "Disk I/O Volume", 49 | "visState": "{\"title\":\"Disk I/O Volume\",\"type\":\"area\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"smoothLines\":false,\"scale\":\"linear\",\"interpolate\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.diskio.write.bytes\",\"customLabel\":\"write(byte)\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.diskio.read.bytes\",\"customLabel\":\"read(byte)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"beat.hostname\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"host\",\"row\":true}}],\"listeners\":{}}", 50 | "uiStateJSON": "{}", 51 | "description": "", 52 | "version": 1, 53 | "kibanaSavedObjectMeta": { 54 | "searchSourceJSON": "{\"index\":\"metricbeat-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" 55 | } 56 | } 57 | }, 58 | { 59 | "_id": "Network-packet-up-slash-down", 60 | "_type": "visualization", 61 | "_source": { 62 | "title": "Network Up/Down Packets", 63 | "visState": "{\"title\":\"Network Up/Down Packets\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":false,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.network.in.packets\",\"customLabel\":\"down(packet)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.network.out.packets\",\"customLabel\":\"up(packet)\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"beat.hostname\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"4\",\"customLabel\":\"host\",\"row\":true}}],\"listeners\":{}}", 64 | "uiStateJSON": "{}", 65 | "description": "", 66 | "version": 1, 67 | "kibanaSavedObjectMeta": { 68 | "searchSourceJSON": "{\"index\":\"metricbeat-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" 69 | } 70 | } 71 | }, 72 | { 73 | "_id": "Network-byte-up-slash-down", 74 | "_type": "visualization", 75 | "_source": { 76 | "title": "Network Up/Down Volume", 77 | "visState": "{\"title\":\"Network Up/Down Volume\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":false,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.network.in.bytes\",\"customLabel\":\"down(byte)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.network.out.bytes\",\"customLabel\":\"up(byte)\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"beat.hostname\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"4\",\"customLabel\":\"host\",\"row\":true}}],\"listeners\":{}}", 78 | "uiStateJSON": "{}", 79 | "description": "", 80 | "version": 1, 81 | "kibanaSavedObjectMeta": { 82 | "searchSourceJSON": "{\"index\":\"metricbeat-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" 83 | } 84 | } 85 | }, 86 | { 87 | "_id": "Swap-usage", 88 | "_type": "visualization", 89 | "_source": { 90 | "title": "Swap Usage", 91 | "visState": "{\"title\":\"Swap Usage\",\"type\":\"area\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"smoothLines\":false,\"scale\":\"linear\",\"interpolate\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.memory.swap.used.bytes\",\"customLabel\":\"swap used(byte)\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.memory.swap.free\",\"customLabel\":\"swap free(byte)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"beat.hostname\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"host\",\"row\":true}}],\"listeners\":{}}", 92 | "uiStateJSON": "{}", 93 | "description": "", 94 | "version": 1, 95 | "kibanaSavedObjectMeta": { 96 | "searchSourceJSON": "{\"index\":\"metricbeat-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" 97 | } 98 | } 99 | }, 100 | { 101 | "_id": "Network-error-packet-up-slash-down", 102 | "_type": "visualization", 103 | "_source": { 104 | "title": "Network Up/Down Error Packets", 105 | "visState": "{\"title\":\"Network Up/Down Error Packets\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":false,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.network.in.errors\",\"customLabel\":\"down(packet)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.network.out.errors\",\"customLabel\":\"up(packet)\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"beat.hostname\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"4\",\"customLabel\":\"host\",\"row\":true}}],\"listeners\":{}}", 106 | "uiStateJSON": "{}", 107 | "description": "", 108 | "version": 1, 109 | "kibanaSavedObjectMeta": { 110 | "searchSourceJSON": "{\"index\":\"metricbeat-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" 111 | } 112 | } 113 | }, 114 | { 115 | "_id": "Disk-I-slash-O-Count", 116 | "_type": "visualization", 117 | "_source": { 118 | "title": "Disk I/O Count", 119 | "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"write count\",\"field\":\"system.diskio.write.count\"},\"schema\":\"metric\",\"type\":\"avg\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customInterval\":\"2h\",\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"read count\",\"field\":\"system.diskio.read.count\"},\"schema\":\"metric\",\"type\":\"avg\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"host\",\"field\":\"beat.hostname\",\"order\":\"desc\",\"orderBy\":\"1\",\"row\":true,\"size\":5},\"schema\":\"split\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"defaultYExtents\":false,\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"mode\":\"stacked\",\"scale\":\"linear\",\"setYExtents\":false,\"shareYAxis\":true,\"smoothLines\":false,\"times\":[],\"yAxis\":{}},\"title\":\"Disk I/O Count\",\"type\":\"area\"}", 120 | "uiStateJSON": "{}", 121 | "description": "", 122 | "version": 1, 123 | "kibanaSavedObjectMeta": { 124 | "searchSourceJSON": "{\"index\":\"metricbeat-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}" 125 | } 126 | } 127 | }, 128 | { 129 | "_id": "Disk-I-slash-O-Time", 130 | "_type": "visualization", 131 | "_source": { 132 | "title": "Disk I/O Time", 133 | "visState": "{\"title\":\"Disk I/O Time\",\"type\":\"area\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"smoothLines\":false,\"scale\":\"linear\",\"interpolate\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.diskio.write.time\",\"customLabel\":\"write time(ms)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.diskio.read.time\",\"customLabel\":\"read time(ms)\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"beat.hostname\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"5\",\"customLabel\":\"host\",\"row\":true}},{\"id\":\"5\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"system.diskio.io.time\",\"customLabel\":\"i/o time(ms)\"}}],\"listeners\":{}}", 134 | "uiStateJSON": "{}", 135 | "description": "", 136 | "version": 1, 137 | "kibanaSavedObjectMeta": { 138 | "searchSourceJSON": "{\"index\":\"metricbeat-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" 139 | } 140 | } 141 | }, 142 | { 143 | "_id": "Cores-Breakdown", 144 | "_type": "visualization", 145 | "_source": { 146 | "title": "Cores Breakdown", 147 | "visState": "{\"title\":\"Cores Breakdown\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"system.core.user.pct\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"beat.hostname\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"host\",\"row\":true}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"system.core.id\",\"size\":32,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"core\"}}],\"listeners\":{}}", 148 | "uiStateJSON": "{}", 149 | "description": "", 150 | "version": 1, 151 | "kibanaSavedObjectMeta": { 152 | "searchSourceJSON": "{\"index\":\"metricbeat-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" 153 | } 154 | } 155 | }, 156 | { 157 | "_id": "Memory-usage", 158 | "_type": "visualization", 159 | "_source": { 160 | "title": "Memory Usage", 161 | "visState": "{\n \"title\": \"Memmory Usage\",\n \"type\": \"area\",\n \"params\": {\n \"shareYAxis\": true,\n \"addTooltip\": true,\n \"addLegend\": true,\n \"legendPosition\": \"right\",\n \"smoothLines\": false,\n \"scale\": \"linear\",\n \"interpolate\": \"linear\",\n \"mode\": \"stacked\",\n \"times\": [],\n \"addTimeMarker\": false,\n \"defaultYExtents\": false,\n \"setYExtents\": false,\n \"yAxis\": {}\n },\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"avg\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"system.memory.actual.used.bytes\",\n \"customLabel\": \"mem used(byte)\"\n }\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"date_histogram\",\n \"schema\": \"segment\",\n \"params\": {\n \"field\": \"@timestamp\",\n \"interval\": \"auto\",\n \"customInterval\": \"2h\",\n \"min_doc_count\": 1,\n \"extended_bounds\": {}\n }\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"avg\",\n \"schema\": \"metric\",\n \"params\": {\n \"field\": \"system.memory.actual.free\",\n \"customLabel\": \"mem free(byte)\"\n }\n },\n {\n \"id\": \"4\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"schema\": \"split\",\n \"params\": {\n \"field\": \"beat.hostname\",\n \"size\": 5,\n \"order\": \"desc\",\n \"orderBy\": \"1\",\n \"customLabel\": \"host\",\n \"row\": true\n }\n }\n ],\n \"listeners\": {}\n}", 162 | "uiStateJSON": "{}", 163 | "description": "", 164 | "version": 1, 165 | "kibanaSavedObjectMeta": { 166 | "searchSourceJSON": "{\n \"index\": \"metricbeat-*\",\n \"query\": {\n \"query_string\": {\n \"analyze_wildcard\": true,\n \"query\": \"*\"\n }\n },\n \"filter\": []\n}" 167 | } 168 | } 169 | } 170 | ] --------------------------------------------------------------------------------