I’ve been experimenting lately with the Elastic Stack, Elasticsearch, Logstash, and Kibana, from Elastic, for a few weeks now. I ran into a problem with Kibana running away and becoming unresponsive, so I decided to give it a try running the three in Docker containers.
If you’re following the official documentation, getting Elasticsearch up and running properly is pretty straight forward, but not so much with Logstash and Kibana (they seem straight forward, but there’s a little bit missing from the docs).
There is another little gotcha to watch out for. If you want the Docker containers to run in the background, which undoubtedly you do want, then you need to add the -d (-d = detach) switch to the command:
sudo docker run -d docker.elastic.co/kibana/kibana:6.6.1
If you’ve tried to follow the docs, and aren’t very familiar with Docker, you might have run into an issue where once everything is up and running, if you open a browser and go to http://<your_elastic_host>:5601 to access Kibana, you’re confronted with an error to the effect of “The page is not reachable”
If you list the running docker containers, you should see output similar to the following:
[mdrisser@elastic-stack] - [tmp] % sudo docker container ps CONTAINER ID IMAGE ... PORTS NAMES 3443dbbde578 docker.elastic.co/kibana/kibana:6.6.1 ... 5601/tcp eager_mahavira a026957b1a3c docker.elastic.co/logstash/logstash:6.6.1 ... 5044/tcp, 9600/tcp pensive_archimedes 82c4d955b0e2 docker.elastic.co/elasticsearch/elasticsearch:6.6.1 ... 0.0.0.0:9200->9200/tcp, 0.0.0.0:9300->9300/tcp gifted_beaver
Pay special attention to the last line, the one for Elasticsearch. Notice what’s different?
The command, given in the official docs is:
docker run -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" docker.elastic.co/elasticsearch/elasticsearch:6.6.
The -p 9200:9200 and -p 9300:9300 assign the Elasticsearch Docker container ports 9200 and 9300 to the physical ports 9200 and 9300 respectively. You can see it in the sudo docker container ps output above. Notice that it’s missing from the Kibana container?
To fix this, issue the following commands (replace <container_id> with the actual container ID):
% sudo docker container stop <container_id>
% sudo docker run -d -p 5601:5601 docker.elastic.co/kibana/kibana:6.6.1
Now the output for the Kibana line in sudo docker container ps should contain 0.0.0.0:5601->5601/tcp and you should be able to get to Kibana in the browser now.
Note: You should do the same for logstash so that it is available to ship logs to.
I hope this helps.