Upload of the whole project

extensions/filebeat/config/filebeat.yml

+## Filebeat configuration
+## https://github.com/elastic/beats/blob/main/deploy/docker/filebeat.docker.yml
+#
+
+name: filebeat
+
+filebeat.config:
+  modules:
+    path: ${path.config}/modules.d/*.yml
+    reload.enabled: false
+
+filebeat.autodiscover:
+  providers:
+    # The Docker autodiscover provider automatically retrieves logs from Docker
+    # containers as they start and stop.
+    - type: docker
+      hints.enabled: true
+
+processors:
+  - add_cloud_metadata: ~
+
+monitoring:
+  enabled: true
+  elasticsearch:
+    username: beats_system
+    password: ${BEATS_SYSTEM_PASSWORD}
+
+output.elasticsearch:
+  hosts: [ http://elasticsearch:9200 ]
+  username: filebeat_internal
+  password: ${FILEBEAT_INTERNAL_PASSWORD}
+
+## HTTP endpoint for health checking
+## https://www.elastic.co/guide/en/beats/filebeat/current/http-endpoint.html
+#
+
+http:
+  enabled: true
+  host: 0.0.0.0

extensions/filebeat/filebeat-compose.yml

+version: '3.7'
+
+services:
+  filebeat:
+    build:
+      context: extensions/filebeat/
+      args:
+        ELASTIC_VERSION: ${ELASTIC_VERSION}
+    # Run as 'root' instead of 'filebeat' (uid 1000) to allow reading
+    # 'docker.sock' and the host's filesystem.
+    user: root
+    command:
+      # Log to stderr.
+      - -e
+      # Disable config file permissions checks. Allows mounting
+      # 'config/filebeat.yml' even if it's not owned by root.
+      # see: https://www.elastic.co/guide/en/beats/libbeat/current/config-file-permissions.html
+      - --strict.perms=false
+    volumes:
+      - ./extensions/filebeat/config/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro,Z
+      - type: bind
+        source: /var/lib/docker/containers
+        target: /var/lib/docker/containers
+        read_only: true
+      - type: bind
+        source: /var/run/docker.sock
+        target: /var/run/docker.sock
+        read_only: true
+    environment:
+      FILEBEAT_INTERNAL_PASSWORD: ${FILEBEAT_INTERNAL_PASSWORD:-}
+      BEATS_SYSTEM_PASSWORD: ${BEATS_SYSTEM_PASSWORD:-}
+    networks:
+      - elk
+    depends_on:
+      - es

extensions/fleet/Dockerfile

+ARG ELASTIC_VERSION
+
+FROM docker.elastic.co/beats/elastic-agent:${ELASTIC_VERSION}
+
+# Ensure the 'state' directory exists and is owned by the 'elastic-agent' user,
+# otherwise mounting a named volume in that location creates a directory owned
+# by root:root which the 'elastic-agent' user isn't allowed to write to.
+RUN mkdir state

extensions/fleet/README.md

+# Fleet Server
+
+> [!WARNING]
+> This extension currently exists for preview purposes and should be considered **EXPERIMENTAL**. Expect regular changes
+> to the default Fleet settings, both in the Elastic Agent and Kibana.
+>
+> See [Known Issues](#known-issues) for a list of issues that need to be addressed before this extension can be
+> considered functional.
+
+Fleet provides central management capabilities for [Elastic Agents][fleet-doc] via an API and web UI served by Kibana,
+with Elasticsearch acting as the communication layer.
+Fleet Server is the central component which allows connecting Elastic Agents to the Fleet.
+
+## Requirements
+
+The Fleet Server exposes the TCP port `8220` for Agent to Server communications.
+
+## Usage
+
+To include Fleet Server in the stack, run Docker Compose from the root of the repository with an additional command line
+argument referencing the `fleet-compose.yml` file:
+
+```console
+$ docker-compose -f docker-compose.yml -f extensions/fleet/fleet-compose.yml up
+```
+
+## Configuring Fleet Server
+
+Fleet Server — like any Elastic Agent — is configured via [Agent Policies][fleet-pol] which can be either managed
+through the Fleet management UI in Kibana, or statically pre-configured inside the Kibana configuration file.
+
+To ease the enrollment of Fleet Server in this extension, docker-elk comes with a pre-configured Agent Policy for Fleet
+Server defined inside [`kibana/config/kibana.yml`][config-kbn].
+
+Please refer to the following documentation page for more details about configuring Fleet Server through the Fleet
+management UI: [Fleet UI Settings][fleet-cfg].
+
+## Known Issues
+
+- Logs and metrics are only collected within the Fleet Server's container. Ultimately, we want to emulate the behaviour
+  of the existing Metricsbeat and Filebeat extensions, and collect logs and metrics from all ELK containers
+  out-of-the-box. Unfortunately, this kind of use-case isn't (yet) well supported by Fleet, and most advanced
+  configurations currently require running Elastic Agents in [standalone mode][fleet-standalone].
+  (Relevant resource: [Migrate from Beats to Elastic Agent][fleet-beats])
+- The Elastic Agent auto-enrolls using the `elastic` super-user. With this approach, you do not need to generate a
+  service token — either using the Fleet management UI or [CLI utility][es-svc-token] — prior to starting this
+  extension. However convenient that is, this approach _does not follow security best practices_, and we recommend
+  generating a service token for Fleet Server instead.
+
+## See also
+
+[Fleet and Elastic Agent Guide][fleet-doc]
+
+## Screenshots
+
+![fleet-agents](https://user-images.githubusercontent.com/3299086/202701399-27518fe4-17b7-49d1-aefb-868dffeaa68a.png
+"Fleet Agents")
+![elastic-agent-dashboard](https://user-images.githubusercontent.com/3299086/202701404-958f8d80-a7a0-4044-bbf9-bf73f3bdd17a.png
+"Elastic Agent Dashboard")
+
+[fleet-doc]: https://www.elastic.co/guide/en/fleet/current/fleet-overview.html
+[fleet-pol]: https://www.elastic.co/guide/en/fleet/current/agent-policy.html
+[fleet-cfg]: https://www.elastic.co/guide/en/fleet/current/fleet-settings.html
+
+[config-kbn]: ../../kibana/config/kibana.yml
+
+[fleet-standalone]: https://www.elastic.co/guide/en/fleet/current/elastic-agent-configuration.html
+[fleet-beats]: https://www.elastic.co/guide/en/fleet/current/migrate-beats-to-agent.html
+[es-svc-token]: https://www.elastic.co/guide/en/elasticsearch/reference/current/service-tokens-command.html

extensions/fleet/agent-apmserver-compose.yml

+version: '3.7'
+
+# Example of Fleet-enrolled Elastic Agent pre-configured with an agent policy
+# for running the APM Server integration (see kibana.yml).
+#
+# Run with
+#   docker-compose \
+#     -f docker-compose.yml \
+#     -f extensions/fleet/fleet-compose.yml \
+#     -f extensions/fleet/agent-apmserver-compose.yml \
+#     up
+
+services:
+  apm-server:
+    build:
+      context: extensions/fleet/
+      args:
+        ELASTIC_VERSION: ${ELASTIC_VERSION}
+    volumes:
+      - apm-server:/usr/share/elastic-agent/state:Z
+    environment:
+      FLEET_ENROLL: '1'
+      FLEET_TOKEN_POLICY_NAME: Agent Policy APM Server
+      FLEET_INSECURE: '1'
+      FLEET_URL: http://fleet-server:8220
+      # Enrollment.
+      # (a) Auto-enroll using basic authentication
+      ELASTICSEARCH_USERNAME: elastic
+      ELASTICSEARCH_PASSWORD: ${ELASTIC_PASSWORD:-}
+      # (b) Enroll using a pre-generated enrollment token
+      #FLEET_ENROLLMENT_TOKEN: <enrollment_token>
+    ports:
+      - 8200:8200
+    hostname: apm-server
+    # Elastic Agent does not retry failed connections to Kibana upon the initial enrollment phase.
+    restart: on-failure
+    networks:
+      - elk
+    depends_on:
+      - es
+      - kibana
+      - fleet-server
+
+volumes:
+  apm-server:

extensions/fleet/fleet-compose.yml

+version: '3.7'
+
+services:
+  fleet-server:
+    build:
+      context: extensions/fleet/
+      args:
+        ELASTIC_VERSION: ${ELASTIC_VERSION}
+    volumes:
+      - fleet-server:/usr/share/elastic-agent/state:Z
+    environment:
+      FLEET_SERVER_ENABLE: '1'
+      FLEET_SERVER_INSECURE_HTTP: '1'
+      FLEET_SERVER_HOST: 0.0.0.0
+      FLEET_SERVER_POLICY_ID: fleet-server-policy
+      # Fleet plugin in Kibana
+      KIBANA_FLEET_SETUP: '1'
+      # Enrollment.
+      # (a) Auto-enroll using basic authentication
+      ELASTICSEARCH_USERNAME: elastic
+      ELASTICSEARCH_PASSWORD: ${ELASTIC_PASSWORD:-}
+      # (b) Enroll using a pre-generated service token
+      #FLEET_SERVER_SERVICE_TOKEN: <service_token>
+    ports:
+      - 8220:8220
+    hostname: fleet-server
+    # Elastic Agent does not retry failed connections to Kibana upon the initial enrollment phase.
+    restart: on-failure
+    networks:
+      - elk
+    depends_on:
+      - es
+      - kibana
+
+volumes:
+  fleet-server:

extensions/heartbeat/Dockerfile

+ARG ELASTIC_VERSION
+
+FROM docker.elastic.co/beats/heartbeat:${ELASTIC_VERSION}

extensions/heartbeat/README.md

+# Heartbeat
+
+Heartbeat is a lightweight daemon that periodically checks the status of your services and determines whether they are
+available.
+
+## Usage
+
+**This extension requires the `heartbeat_internal` and `beats_system` users to be created and initialized with a
+password.** In case you haven't done that during the initial startup of the stack, please refer to [How to re-execute
+the setup][setup] to run the setup container again and initialize these users.
+
+To include Heartbeat in the stack, run Docker Compose from the root of the repository with an additional command line
+argument referencing the `heartbeat-compose.yml` file:
+
+```console
+$ docker-compose -f docker-compose.yml -f extensions/heartbeat/heartbeat-compose.yml up
+```
+
+## Configuring Heartbeat
+
+The Heartbeat configuration is stored in [`config/heartbeat.yml`](./config/heartbeat.yml). You can modify this file
+with the help of the [Configuration reference][heartbeat-config].
+
+Any change to the Heartbeat configuration requires a restart of the Heartbeat container:
+
+```console
+$ docker-compose -f docker-compose.yml -f extensions/heartbeat/heartbeat-compose.yml restart heartbeat
+```
+
+Please refer to the following documentation page for more details about how to configure Heartbeat inside a
+Docker container: [Run Heartbeat on Docker][heartbeat-docker].
+
+## See also
+
+[Heartbeat documentation][heartbeat-doc]
+
+[heartbeat-config]: https://www.elastic.co/guide/en/beats/heartbeat/current/heartbeat-reference-yml.html
+[heartbeat-docker]: https://www.elastic.co/guide/en/beats/heartbeat/current/running-on-docker.html
+[heartbeat-doc]: https://www.elastic.co/guide/en/beats/heartbeat/current/index.html
+
+[setup]: ../../README.md#how-to-re-execute-the-setup

extensions/heartbeat/config/heartbeat.yml

+## Heartbeat configuration
+## https://github.com/elastic/beats/blob/main/deploy/docker/heartbeat.docker.yml
+#
+
+name: heartbeat
+
+heartbeat.monitors:
+- type: http
+  schedule: '@every 5s'
+  urls:
+    - http://elasticsearch:9200
+  username: heartbeat_internal
+  password: ${HEARTBEAT_INTERNAL_PASSWORD}
+
+- type: icmp
+  schedule: '@every 5s'
+  hosts:
+    - es
+
+processors:
+- add_cloud_metadata: ~
+
+monitoring:
+  enabled: true
+  elasticsearch:
+    username: beats_system
+    password: ${BEATS_SYSTEM_PASSWORD}
+
+output.elasticsearch:
+  hosts: [ http://elasticsearch:9200 ]
+  username: heartbeat_internal
+  password: ${HEARTBEAT_INTERNAL_PASSWORD}
+
+## HTTP endpoint for health checking
+## https://www.elastic.co/guide/en/beats/heartbeat/current/http-endpoint.html
+#
+
+http:
+  enabled: true
+  host: 0.0.0.0

extensions/heartbeat/heartbeat-compose.yml

+version: '3.7'
+
+services:
+  heartbeat:
+    build:
+      context: extensions/heartbeat/
+      args:
+        ELASTIC_VERSION: ${ELASTIC_VERSION}
+    command:
+      # Log to stderr.
+      - -e
+      # Disable config file permissions checks. Allows mounting
+      # 'config/heartbeat.yml' even if it's not owned by root.
+      # see: https://www.elastic.co/guide/en/beats/libbeat/current/config-file-permissions.html
+      - --strict.perms=false
+    volumes:
+      - ./extensions/heartbeat/config/heartbeat.yml:/usr/share/heartbeat/heartbeat.yml:ro,Z
+    environment:
+      HEARTBEAT_INTERNAL_PASSWORD: ${HEARTBEAT_INTERNAL_PASSWORD:-}
+      BEATS_SYSTEM_PASSWORD: ${BEATS_SYSTEM_PASSWORD:-}
+    networks:
+      - elk
+    depends_on:
+      - es

extensions/logspout/Dockerfile

+# uses ONBUILD instructions described here:
+# https://github.com/gliderlabs/logspout/tree/master/custom
+
+FROM gliderlabs/logspout:master
+ENV SYSLOG_FORMAT rfc3164

extensions/logspout/README.md

+# Logspout extension
+
+Logspout collects all Docker logs using the Docker logs API, and forwards them to Logstash without any additional
+configuration.
+
+## Usage
+
+If you want to include the Logspout extension, run Docker Compose from the root of the repository with an additional
+command line argument referencing the `logspout-compose.yml` file:
+
+```bash
+$ docker-compose -f docker-compose.yml -f extensions/logspout/logspout-compose.yml up
+```
+
+In your Logstash pipeline configuration, enable the `udp` input and set the input codec to `json`:
+
+```logstash
+input {
+  udp {
+    port  => 50000
+    codec => json
+  }
+}
+```
+
+## Documentation
+
+<https://github.com/looplab/logspout-logstash>

extensions/logspout/build.sh

+#!/bin/sh
+
+# source: https://github.com/gliderlabs/logspout/blob/621524e/custom/build.sh
+
+set -e
+apk add --update go build-base git mercurial ca-certificates
+cd /src
+go build -ldflags "-X main.Version=$1" -o /bin/logspout
+apk del go git mercurial build-base
+rm -rf /root/go /var/cache/apk/*
+
+# backwards compatibility
+ln -fs /tmp/docker.sock /var/run/docker.sock

extensions/logspout/logspout-compose.yml

+version: '3.7'
+
+services:
+  logspout:
+    build:
+      context: extensions/logspout
+    volumes:
+      - type: bind
+        source: /var/run/docker.sock
+        target: /var/run/docker.sock
+        read_only: true
+    environment:
+      ROUTE_URIS: logstash://logstash:50000
+      LOGSTASH_TAGS: docker-elk
+    networks:
+      - elk
+    depends_on:
+      - logstash
+    restart: on-failure

extensions/logspout/modules.go

+package main
+
+// installs the Logstash adapter for Logspout, and required dependencies
+// https://github.com/looplab/logspout-logstash
+import (
+	_ "github.com/gliderlabs/logspout/healthcheck"
+	_ "github.com/gliderlabs/logspout/transports/tcp"
+	_ "github.com/gliderlabs/logspout/transports/udp"
+	_ "github.com/looplab/logspout-logstash"
+)

extensions/metricbeat/Dockerfile

+ARG ELASTIC_VERSION
+
+FROM docker.elastic.co/beats/metricbeat:${ELASTIC_VERSION}

extensions/metricbeat/README.md

+# Metricbeat
+
+Metricbeat is a lightweight shipper that you can install on your servers to periodically collect metrics from the
+operating system and from services running on the server. Metricbeat takes the metrics and statistics that it collects
+and ships them to the output that you specify, such as Elasticsearch or Logstash.
+
+## Usage
+
+**This extension requires the `metricbeat_internal`, `monitoring_internal` and `beats_system` users to be created and
+initialized with a password.** In case you haven't done that during the initial startup of the stack, please refer to
+[How to re-execute the setup][setup] to run the setup container again and initialize these users.
+
+To include Metricbeat in the stack, run Docker Compose from the root of the repository with an additional command line
+argument referencing the `metricbeat-compose.yml` file:
+
+```console
+$ docker-compose -f docker-compose.yml -f extensions/metricbeat/metricbeat-compose.yml up
+```
+
+## Configuring Metricbeat
+
+The Metricbeat configuration is stored in [`config/metricbeat.yml`](./config/metricbeat.yml). You can modify this file
+with the help of the [Configuration reference][metricbeat-config].
+
+Any change to the Metricbeat configuration requires a restart of the Metricbeat container:
+
+```console
+$ docker-compose -f docker-compose.yml -f extensions/metricbeat/metricbeat-compose.yml restart metricbeat
+```
+
+Please refer to the following documentation page for more details about how to configure Metricbeat inside a
+Docker container: [Run Metricbeat on Docker][metricbeat-docker].
+
+## See also
+
+[Metricbeat documentation][metricbeat-doc]
+
+## Screenshots
+
+![stack-monitoring](https://user-images.githubusercontent.com/3299086/202710574-32a3d419-86ea-4334-b6f7-62d7826df18d.png
+"Stack Monitoring")
+![host-dashboard](https://user-images.githubusercontent.com/3299086/202710594-0deccf40-3a9a-4e63-8411-2e0d9cc6ad3a.png
+"Host Overview Dashboard")
+
+[metricbeat-config]: https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-reference-yml.html
+[metricbeat-docker]: https://www.elastic.co/guide/en/beats/metricbeat/current/running-on-docker.html
+[metricbeat-doc]: https://www.elastic.co/guide/en/beats/metricbeat/current/index.html
+
+[setup]: ../../README.md#how-to-re-execute-the-setup

extensions/metricbeat/config/metricbeat.yml

+## Metricbeat configuration
+## https://github.com/elastic/beats/blob/main/deploy/docker/metricbeat.docker.yml
+#
+
+name: metricbeat
+
+metricbeat.config:
+  modules:
+    path: ${path.config}/modules.d/*.yml
+    # Reload module configs as they change:
+    reload.enabled: false
+
+metricbeat.autodiscover:
+  providers:
+    - type: docker
+      hints.enabled: true
+
+metricbeat.modules:
+- module: elasticsearch
+  hosts: [ http://elasticsearch:9200 ]
+  username: monitoring_internal
+  password: ${MONITORING_INTERNAL_PASSWORD}
+  xpack.enabled: true
+  period: 10s
+  enabled: true
+- module: logstash
+  hosts: [ http://stash:9600 ]
+  xpack.enabled: true
+  period: 10s
+  enabled: true
+- module: kibana
+  hosts: [ http://kibana:5601 ]
+  username: monitoring_internal
+  password: ${MONITORING_INTERNAL_PASSWORD}
+  xpack.enabled: true
+  period: 10s
+  enabled: true
+- module: docker
+  metricsets:
+    - container
+    - cpu
+    - diskio
+    - healthcheck
+    - info
+    #- image
+    - memory
+    - network
+  hosts: [ unix:///var/run/docker.sock ]
+  period: 10s
+  enabled: true
+
+processors:
+  - add_cloud_metadata: ~
+
+monitoring:
+  enabled: true
+  elasticsearch:
+    username: beats_system
+    password: ${BEATS_SYSTEM_PASSWORD}
+
+output.elasticsearch:
+  hosts: [ http://elasticsearch:9200 ]
+  username: metricbeat_internal
+  password: ${METRICBEAT_INTERNAL_PASSWORD}
+
+## HTTP endpoint for health checking
+## https://www.elastic.co/guide/en/beats/metricbeat/current/http-endpoint.html
+#
+
+http:
+  enabled: true
+  host: 0.0.0.0

extensions/metricbeat/metricbeat-compose.yml

+version: '3.7'
+
+services:
+  metricbeat:
+    build:
+      context: extensions/metricbeat/
+      args:
+        ELASTIC_VERSION: ${ELASTIC_VERSION}
+    # Run as 'root' instead of 'metricbeat' (uid 1000) to allow reading
+    # 'docker.sock' and the host's filesystem.
+    user: root
+    command:
+      # Log to stderr.
+      - -e
+      # Disable config file permissions checks. Allows mounting
+      # 'config/metricbeat.yml' even if it's not owned by root.
+      # see: https://www.elastic.co/guide/en/beats/libbeat/current/config-file-permissions.html
+      - --strict.perms=false
+      # Mount point of the host’s filesystem. Required to monitor the host
+      # from within a container.
+      - --system.hostfs=/hostfs
+    volumes:
+      - ./extensions/metricbeat/config/metricbeat.yml:/usr/share/metricbeat/metricbeat.yml:ro,Z
+      - type: bind
+        source: /
+        target: /hostfs
+        read_only: true
+      - type: bind
+        source: /sys/fs/cgroup
+        target: /hostfs/sys/fs/cgroup
+        read_only: true
+      - type: bind
+        source: /proc
+        target: /hostfs/proc
+        read_only: true
+      - type: bind
+        source: /var/run/docker.sock
+        target: /var/run/docker.sock
+        read_only: true
+    environment:
+      METRICBEAT_INTERNAL_PASSWORD: ${METRICBEAT_INTERNAL_PASSWORD:-}
+      MONITORING_INTERNAL_PASSWORD: ${MONITORING_INTERNAL_PASSWORD:-}
+      BEATS_SYSTEM_PASSWORD: ${BEATS_SYSTEM_PASSWORD:-}
+    networks:
+      - elk
+    depends_on:
+      - es

logstash/Dockerfile

+ARG ELASTIC_VERSION
+
+# https://www.docker.elastic.co/
+FROM docker.elastic.co/logstash/logstash:${ELASTIC_VERSION}
+
+# Add your logstash plugins setup here
+# Example: RUN logstash-plugin install logstash-filter-json
+
+# USER root
+# RUN apt-get update && apt-get install -y ruby
+# RUN apt-get install -y build-essential libmysqlclient-dev ruby-dev
+# RUN gem install mysql2
+# RUN gem install nlp-pure
+# USER logstash
+# RUN logstash-plugin install nlp-pure