From 43d574a164332e6f23ea17dfc3534b98d87b9511 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Petazzoni?= <jerome.petazzoni@gmail.com>
Date: Tue, 9 Feb 2016 22:09:48 +0000
Subject: [PATCH] Add Compose file for ELK stack

---
 elk/docker-compose.yml | 56 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 elk/docker-compose.yml

diff --git a/elk/docker-compose.yml b/elk/docker-compose.yml
new file mode 100644
index 00000000..b8a069d1
--- /dev/null
+++ b/elk/docker-compose.yml
@@ -0,0 +1,56 @@
+version: "2"
+
+services:
+
+  elasticsearch:
+    image: elasticsearch
+    # If you need to acces ES directly, just uncomment those lines.
+    #ports:
+    #  - "9200:9200"
+    #  - "9300:9300"
+
+  logstash:
+    image: logstash
+    command: |
+      -e '
+      input { 
+        # Default port is 12201/udp
+        gelf { }
+        # This generates one test event per minute.
+        # It is great for debugging, but you might
+        # want to remove it in production.
+        heartbeat { }
+      }
+      # The following filter is a hack!
+      # The "de_dot" filter would be better, but it
+      # is not pre-installed with logstash by default.
+      filter {
+        ruby {
+          code => "
+            event.to_hash.keys.each { |k| event[ k.gsub('"'.'"','"'_'"') ] = event.remove(k) if k.include?'"'.'"' }
+          "
+        }
+      }
+      output {
+        elasticsearch {
+          hosts => ["elasticsearch:9200"]
+        }
+        # This will output every message on stdout.
+        # It is great when testing your setup, but in
+        # production, it will probably cause problems;
+        # either by filling up your disks, or worse,
+        # by creating logging loops! BEWARE!
+        stdout {
+          codec => rubydebug
+        }
+      }'
+    ports:
+      - 12201/udp
+
+  kibana: 
+    image: kibana
+    ports:
+      - 5601
+    environment:
+      ELASTICSEARCH_URL: http://elasticsearch:9200
+