Develop Reference

Not receiving any data in Kibana from Elasticsearch/Logstash. ELK Stack made in docker-compose

I'm trying to build my first ELK Stack in Docker for a school project.
The goal is to have an ElasticSearch container along with it's volume.
A LogStash container linked to ElasticSearch along with it's volume aswell.
A Filebeat container to send data to LogStash
And finaly a Kibana Container to visualise the logs.
The problem I'm having is that even though all seems to be configured and working, Kibana isn't receiving anything from ElasticSearch. When I try to add a new index pattern I'm faced with this message : "No data streams, indices, or index aliases match your index pattern."
And not a thing is visible in Index Management.
Here's the docker-compose.yml:
version: '3.6'
services:
Elasticsearch:
image: elasticsearch:8.5.3
container_name: elasticsearch
restart: always
volumes:
- elastic_data:/usr/share/elasticsearch/data/
environment:
ES_JAVA_OPTS: "-Xmx750m -Xms750m"
discovery.type: single-node
xpack.security.enabled: false
ports:
- '9200:9200'
- '9300:9300'
networks:
- elk
Logstash:
image: logstash:8.5.3
container_name: logstash
restart: always
volumes:
- ./logstash/logstash.conf:/etc/logstash/conf.d/logstash.conf:ro
command: logstash -f /etc/logstash/conf.d/logstash.conf
depends_on:
- Elasticsearch
ports:
- '9600:9600'
environment:
LS_JAVA_OPTS: "-Xmx750m -Xms750m"
networks:
- elk
Kibana:
image: kibana:8.5.3
container_name: kibana
restart: always
ports:
- '5601:5601'
environment:
- ELASTICSEARCH_URL=http://elasticsearch:9200
depends_on:
- Elasticsearch
networks:
- elk
Filebeat:
container_name: filebeat
image: "docker.elastic.co/beats/filebeat:8.5.3"
restart: always
user: root
volumes:
- ./filebeat/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro
- /var/lib/docker:/var/lib/docker:ro
- /var/run/docker.sock:/var/run/docker.sock
networks:
- elk
volumes:
elastic_data:
networks:
elk:
driver: bridge
logstash/logstash.conf:
input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => "elasticsearch"
codec => "json"
index => "logstash-%{indexDay}"
}
stdout { codec => rubydebug }
}
And finally the filebeat/filebeat.yml:
filebeat.inputs:
- type: log
enabled: true
paths:
- '/var/lib/docker/containers/*/*.log'
processors:
- add_docker_metadata:
host: "unix:///var/run/docker.sock"
output.logstash:
hosts: ["logstash:5044"]
Any idea what I'm doing wrong?

Promtail - service discovery based on label with docker-compose and label in Grafana log explorer

I am playing with Grafana and Promtail. I have the following setup:
version: "3.3"
networks:
loki:
services:
loki:
image: grafana/loki:k88-c660a7e
ports:
- "3100:3100"
command: -config.file=/etc/loki/local-config.yaml
networks:
- loki
promtail:
image: grafana/promtail:k88-c660a7e
volumes:
- /var/lib/docker/containers:/var/lib/docker/containers
- /var/run/docker.sock:/var/run/docker.sock
- ./promtail-config.yaml:/etc/promtail/promtail-config.yaml
command: -config.file=/etc/promtail/promtail-config.yaml
networks:
- loki
grafana:
image: grafana/grafana:latest
ports:
- "3000:3000"
volumes:
- ./grafana-config.yaml:/etc/grafana/provisioning/datasources/default.yaml
networks:
- loki
mycontainer: # Prints debug output to stdout
build: .
labels:
- "mylabel=true"
networks:
- loki
What I want to achieve:
Have Promtail ignore all other containers except ones that have the mylabel=true
Have Grafana display a label with the container name as label in the log explorer
My current promtail-config.yaml scrape-configs:
scrape_configs:
- job_name: containers
docker_sd_configs:
- host: unix:///var/run/docker.sock
relabel_configs: # For some reason this drops all logs
- source_labels: [__meta_docker_container_label_mylabel]
regex: "true"
action: keep
static_configs:
- targets:
- localhost
labels:
job: containerlogs
__path__: /var/lib/docker/containers/*/*-json.log
pipeline_stages:
- docker:
How do I change it to achieve that?
EDIT: This is probably going to come up - support for docker_sd_configs option is not officially released yet, but I have confirmed with a contributor to the project that it is available and in fact running in their cloud.

Use filters for docker labels selection. Use relabel_configs for setting additional labels based on meta values
server:
http_listen_address: 0.0.0.0
http_listen_port: 9080
positions:
filename: /var/run/promtail/positions.yaml
clients:
- url: https://[YOUR_LOKI_SERVER_NAME]/loki/api/v1/push
tenant_id: [YOUR_TENANT_ID]
scrape_configs:
- job_name: containers
docker_sd_configs:
- host: unix:///var/run/docker.sock
refresh_interval: 15s
filters:
- name: label
values: ["mylabel=true"]
pipeline_stages:
- docker: {}
- static_labels:
job: "promtail"
relabel_configs:
- source_labels: ['__meta_docker_container_name']
regex: '/(.*)'
target_label: 'container'

multiple docker compose files with traefik (v2.1) and database networks

I would like to build a docker landscape. I use a container with a traefik (v2. 1) image and a mysql container for multiple databases.
traefik/docker-compose.yml
version: "3.3"
services:
traefik:
image: "traefik:v2.1"
container_name: "traefik"
restart: always
command:
- "--log.level=DEBUG"
- "--api=true"
- "--api.dashboard=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=proxy"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.traefik-dashboard.address=:8080"
- "--certificatesresolvers.devnik-resolver.acme.httpchallenge=true"
- "--certificatesresolvers.devnik-resolver.acme.httpchallenge.entrypoint=web"
#- "--certificatesresolvers.devnik-resolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.devnik-resolver.acme.email=####"
- "--certificatesresolvers.devnik-resolver.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "./letsencrypt:/letsencrypt"
- "./data:/etc/traefik"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
networks:
- "proxy"
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.rule=Host(`devnik.dev`)"
- "traefik.http.routers.traefik.entrypoints=traefik-dashboard"
- "traefik.http.routers.traefik.tls.certresolver=devnik-resolver"
#basic auth
- "traefik.http.routers.traefik.service=api#internal"
- "traefik.http.routers.traefik.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.usersfile=/etc/traefik/.htpasswd"
#Docker Networks
networks:
proxy:
database/docker-compose.yml
version: "3.3"
services:
#MySQL Service
mysql:
image: mysql:5.7
container_name: mysql
restart: always
ports:
- "3306:3306"
volumes:
#persist data
- ./mysqldata/:/var/lib/mysql/
- ./init:/docker-entrypoint-initdb.d
networks:
- "mysql"
environment:
MYSQL_ROOT_PASSWORD: ####
TZ: Europe/Berlin
#Docker Networks
networks:
mysql:
driver: bridge
For the structure I want to control all projects via multiple docker-compose files. These containers should run on the same network as the traefik container and some with the mysql container.
This also works for the following case (but only sometimes)
dev-releases/docker-compose.yml
version: "3.3"
services:
backend:
image: "registry.gitlab.com/devnik/dev-releases-backend/master:latest"
container_name: "dev-releases-backend"
restart: always
volumes:
#laravel logs
- "./logs/backend:/app/storage/logs"
#cron logs
- "./logs/backend/cron.log:/var/log/cron.log"
labels:
- "traefik.enable=true"
- "traefik.http.routers.dev-releases-backend.rule=Host(`dev-releases.backend.devnik.dev`)"
- "traefik.http.routers.dev-releases-backend.entrypoints=websecure"
- "traefik.http.routers.dev-releases-backend.tls.certresolver=devnik-resolver"
networks:
- proxy
- mysql
environment:
TZ: Europe/Berlin
#Docker Networks
networks:
proxy:
external:
name: "traefik_proxy"
mysql:
external:
name: "database_mysql"
As soon as I restart the containers in dev-releases/ via docker-compose up -d I get the typical error "Gateway timeout" when calling them in the browser.
As soon as I comment the network networks: #- mysql and restart the docker-compose in dev-releases/ it works again.
My guess is that I have not configured the external networks correctly. Is it not possible to use 2 external networks?
I'd like some container have access to the 'mysql' network but it should not be accessible for the whole traefik network.
Let me know if you need more information
EDIT (26.03.2020)
I make it running.
I put all my containers into one network "proxy". It seems mysql also have to be in the proxy network.
So I add following to database/docker-compose.yml
networks:
proxy:
external:
name: "traefik_proxy"
And removed the database_mysql network out of dev-releases/docker-compose.yml

based on the names of the files, your mysql network should be mysql_mysql.
you can verify this by executing
$> docker network ls
You are also missing a couple of labels for your services such as
traefik command line
- '--providers.docker.watch=true'
- '--providers.docker.swarmMode=true'
labels
- traefik.docker.network=proxy
- traefik.http.services.dev-releases-backend.loadbalancer.server.port=yourport
- traefik.http.routers.dev-releases-backend.service=mailcatcher
You can check this for more info

Monitoring Elassandra with Prometheus using Docker

I'm trying to run jmx-exporter container with special configuration following this instruction.
I did all the instructions step-by-step. Here is my docker-compose file and conf/config.yml.
docker-compose:
version: '2'
services:
prometheus:
image: prom/prometheus
container_name: prometheus
volumes:
- /prometheus:/prometheus
- ./conf/prome.yml:/etc/prometheus/prometheus.yml
command:
- --config.file=/etc/prometheus/prometheus.yml
ports:
- '6009:9090'
jmx-exporter:
image: sscaling/jmx-prometheus-exporter
container_name: jmx-exporter
ports:
- 6011:5556
depends_on:
- elassandra
elassandra:
image: strapdata/elassandra
container_name: elassandra
volumes:
- /var/lib/cassandra:/var/lib/cassandra
environment:
- CASSANDRA_LISTEN_ADDRESS=localhost
- CASSANDRA_RPC_ADDRESS=localhost
- CASSANDRA_START_RPC=false
- CASSANDRA_CLUSTER_NAME='DockerTest Cluster'
- CASSANDRA_NUM_TOKENS=8
- CASSANDRA#
- LOCAL_JMX="no"
- Dcassandra.jmx.remote.port="7199"
- Dcom.sun.management.jmxremote.port="7199"
- Dcom.sun.management.jmxremote.rmi.port="7199"
- Dcom.sun.management.jmxremote.authenticate=false
- JVM_OPTS="$JVM_OPTS -Djava.rmi.server.hostname=127.0.0.1"
- JMX_PORT="7199"
- JVM_OPTS="$JVM_OPTS -Dcassandra.jmx.remote.port=5556"
- JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.rmi.port=5556"
- JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.authenticate=false"
volumes:
prometheus_data: {}
elassandra_data: {}
conf/config.yml
startDelaySeconds: 0
hostPort: elassandra:7199
#username:
#password:
#jmxUrl: service:jmx:rmi:///jndi/rmi://127.0.0.1:60/jmxrmi
ssl: false
lowercaseOutputName: false
lowercaseOutputLabelNames: false
whitelistObjectNames: ["org.apache.cassandra.metrics:*"]
blacklistObjectNames: ["org.apache.cassandra.metrics:type=ColumnFamily,*"]
rules:
- pattern: 'org.apache.cassandra.metrics<type=(\w+), name=(\w+)><>Value: (\d+)'
name: cassandra_$1_$2
value: $3
valueFactor: 0.001
labels: {}
help: "Cassandra metric $1 $2"
type: GAUGE
attrNameSnakeCase: false
whenever I run docker-compose -f docker-compose.yml up, I face with the following page on localhost:6011:
The problem is that I don't know how to monitor elassandra and its metrics using jmx-exporter, I mainly get the java metrics!

In your config.yml you're using hostPort: localhost:5556 but you should try to connect to the host elassandra (the name of your docker container in your docker-compose.yml file).
Make sure Elassandra is configured properly to allow remote JMX connections. See How to enable remote JMX connections in Elassandra? for details how to set that up.

One host for multiple containers and switch container based on the path

I use traefik with a docker backend. Here is how I starter traefik:
$ cat docker-compose.yml
version: '2'
networks:
default:
external:
name: proxy
services:
traefik:
image: traefik
command: --web --docker --docker.domain=docker --logLevel=WARNING
container_name: traefik
ports:
- "80:80"
- "8080:8080"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /dev/null:/traefik.toml
labels:
- "traefik.frontend.rule=Host:dashboard.docker"
- "traefik.port=8080"
I want 2 containers, one that is the docker registry, and a second one is a UI for the registry. I would like that all HTTP request like registry.docker/v2/* go through the registry container, but any other requests (registry.docker/, registry.docker/repositories/20, ...) go through the UI container.
Here it's what I tried:
$ cat docker-compose.yml
version: '2'
networks:
default:
external:
name: proxy
services:
registry:
image: registry:2
container_name: registry
environment:
- REGISTRY_STORAGE_DELETE_ENABLED=true
labels:
- traefik.frontend.rule=Host:registry.docker, PathPrefix:/v2
- traefik.frontend.port=5000
registry-ui:
image: konradkleine/docker-registry-frontend:v2
container_name: registry-ui
environment:
- ENV_DOCKER_REGISTRY_HOST=registry.docker
- ENV_DOCKER_REGISTRY_PORT=80
- ENV_DOCKER_REGISTRY_USE_SSL=false
labels:
- traefik.frontend.rule=Host:registry.docker
But all requests go through the registry container. What should I change ?

I think you have a typo here, based on files I have, here is a possible solution
Try this :
version: '2'
networks:
default:
external:
name: proxy
services:
registry:
image: registry:2
container_name: registry
environment:
- REGISTRY_STORAGE_DELETE_ENABLED=true
labels:
- traefik.frontend.rule: Host:registry.docker;PathPrefix:/v2
- traefik.frontend.port: 5000
registry-ui:
image: konradkleine/docker-registry-frontend:v2
container_name: registry-ui
environment:
- ENV_DOCKER_REGISTRY_HOST=registry.docker
- ENV_DOCKER_REGISTRY_PORT=80
- ENV_DOCKER_REGISTRY_USE_SSL=false
labels:
- traefik.frontend.rule: Host:registry.docker