Skip to content

khezen/docker-elastalert

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
src
src
 
 
test
test
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Supported tags and respective Dockerfile links

What is Elastalert?

ElastAlert is a simple framework for alerting on anomalies, spikes, or other patterns of interest from data in Elasticsearch.

How To Use

docker engine

docker run -d khezen/elastalert:latest

docker-compose

File Descriptors and MMap

run the following command on your host to make elasticsearch run properly:

sysctl -w vm.max_map_count=262144

You can set it permanently by modifying vm.max_map_count setting in your /etc/sysctl.conf.

docker-compose.yml

version: '2' services: elastalert: image: khezen/elastalert environment: ELASTIC_PWD: changeme ELASTICSEARCH_HOST: localhost ELASTICSEARCH_PORT: 9200 volumes: - /etc/elastalert:/etc/elastalert - /usr/share/elastalert/rules:/usr/share/elastalert/rules network_mode: bridge restart: unless-stopped

or

version: '2' services: elasticsearch: image: khezen/elasticsearch:2 environment: ELASTIC_PWD: changeme KIBANA_PWD: brucewayne BEATS_PWD: jdilla volumes: - /data/elasticsearch:/usr/share/elasticsearch/data - /etc/elasticsearch:/usr/share/elasticsearch/config ports: - "9200:9200" - "9300:9300" network_mode: bridge restart: unless-stopped kibana: links: - elasticsearch:elasticsearch-0 image: khezen/kibana:4 environment: KIBANA_PWD: brucewayne ELASTICSEARCH_HOST: elasticsearch-0 ELASTICSEARCH_PORT: 9200 volumes: - /etc/kibana:/etc/kibana ports: - "5601:5601" network_mode: bridge restart: unless-stopped elastalert: links: - elasticsearch:elasticsearch-0 image: khezen/elastalert environment: ELASTIC_PWD: changeme ELASTICSEARCH_HOST: elasticsearch-0 ELASTICSEARCH_PORT: 9200 volumes: - /etc/elastalert:/etc/elastalert - /usr/share/elastalert/rules:/usr/share/elastalert/rules network_mode: bridge restart: unless-stopped

Environment Variables

ELASTIC_PWD | changeme

password for elasticsearch built-in user elastic.

ELASTICSEARCH_HOST | elasticsearch

Elasticsearch hostname.

ELASTICSEARCH_PORT | 9200

Elasticsearch port.

Configure Elastalert

Configuration file is located in /etc/elastalert/elastalert.yml if you follow the same volume mapping as in docker-compose examples above.

You can find help with elastalert configuration here.

Share alert rules from host

You can share rules from host to the container by adding them to /usr/share/elastalert/rules if you follow the same volume mapping as in docker-compose examples above.

User Feedback

Issues

If you have any problems with or questions about this image, please ask for help through a GitHub issue.

Credit

Yelp/ElastAlert

About

Yelp/elastalert docker image

Topics

docker elasticsearch search-guard elastalert docker-elastalert

Resources

Readme

License

MIT license
Activity

Stars

7 stars

Watchers

1 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages