UNLIMITED
Build a search and analytic engine
The main subject of this tutorial is Elasticsearch, which is a distributed search and analytics engine. However, it can’t work on its own and requires other software for collecting, analysing and visualising data. Elasticsearch works very well with Logstash and Kibana – both will be used in this tutorial. Additionally, you will see Filebeat in action.
Nowadays, almost all software can run as a container using a Docker image, and Elasticsearch is no exception. For reasons of simplicity, we are going to use a docker-compose.yml file for executing the Elasticsearch Docker image along with Kibana. The contents of docker-compose.yml will be the following:
Store docker-compose.yml in its own directory for reasons of simplicity and efficiency – give a descriptive name to the relevant directory. After that you can start the Docker image by running docker-compose up and stop it with docker-compose down from inside that directory. Note that if you have issues with a docker-compose.yml YAML file, it helps to look at the generated output for hints about the problems. Keep in mind that Docker in general and docker-compose.yml files specifically make experimenting with complex software a better experience, so use them when possible.
