Sample ELK setup that includes Filebeat for Windows. This project sets up an ELK stack running in traditional Linux containers. This also adds Filebeat to the stack, hosted specifically in Windows containers.
The Windows Filebeat container reads the logs on the host through a bind mount of the containers directory (by default, c:\programdata\docker\containers
).
To use this solution, clone or fork this repository. The Docker Compose file is intended to be a starting point. The Compose file uses the node.labels.elkhost == true
placement constraint to determine what node to deploy the ELK components to. Either make sure to label one of your nodes to satisfy this constraint or adjust the constraint as necessary.
This stack can only be deployed from a Windows command prompt or Powershell. Due to a bug, the stack cannot be deployed through a Mac or Linux (moby/moby#34810). To deploy:
docker stack deploy -c docker-compose.yml elk