Use Elasticseach 2.x, Logstash 2.x and latest Kibana version.

README.md

@@ -2,9 +2,9 @@
 
 [![Join the chat at https://gitter.im/deviantony/fig-elk](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/deviantony/fig-elk?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
 
-Run the ELK (Elasticseach, Logstash, Kibana) stack with Docker and Docker-compose.
+Run the latest version of the ELK (Elasticseach, Logstash, Kibana) stack with Docker and Docker-compose.
 
-It will give you the ability to quickly test your logstash filters and check how the data can be processed in Kibana.
+It will give you the ability to analyze any data set by using the searching/aggregation capabilities of Elasticseach and the visualization power of Kibana.
 
 Based on the official images:
 
@@ -20,9 +20,13 @@ Based on the official images:
 2. Install [Docker-compose](http://docs.docker.com/compose/install/).
 3. Clone this repository
 
+## Configuration
+
+In order for Logstash to work, you'll need to replace the *MY_IP_ADDRESS* keywork with the IP address of your network interface in the logstash.conf configuration file.
+
 ## SELinux
 
-On distributions which have SELinux enabled out-of-the-box you will need to either re-context the files or set SELinux into Permissive mode in order for fig-elk to start properly.
+On distributions which have SELinux enabled out-of-the-box you will need to either re-context the files or set SELinux into Permissive mode in order for docker-elk to start properly.
 For example on Redhat and CentOS, the following will apply the proper context:
 
 ````bash
@@ -52,10 +56,19 @@ $ nc localhost 5000 < /path/to/logfile.log
 
 And then access Kibana UI by hitting [http://localhost:5601](http://localhost:5601) with a web browser.
 
+*Note*: The default index will be the Marvel index, in order to use the Logstash index you'll need to create it first. Go to Kibana settings to create your index.
+After that, you'll be able to switch to the newly created logstash index in the Discover view.
+
+You can also access:
+* Marvel: [http://localhost:5601/app/marvel](http://localhost:5601/app/marvel)
+* Sense: [http://localhost:5601/app/sense](http://localhost:5601/app/sense)
+
+*Note*: In order to use Sense, you'll need to query the IP address associated to your *network device* instead of localhost.
+
 By default, the stack exposes the following ports:
 * 5000: Logstash TCP input.
-* 9200: Elasticsearch HTTP (with Marvel plugin accessible via [http://localhost:9200/_plugin/marvel](http://localhost:9200/_plugin/marvel))
-* 5601: Kibana 4 web interface
+* 9200: Elasticsearch HTTP
+* 5601: Kibana
 
 *WARNING*: If you're using *boot2docker*, you must access it via the *boot2docker* IP address instead of *localhost*.
 
@@ -128,12 +141,23 @@ Then, you'll need to map your configuration file inside the container in the `do
 ```yml
 elasticsearch:
   build: elasticsearch/
+  command: elasticsearch -Des.network.host=0.0.0.0
   ports:
     - "9200:9200"
   volumes:
     - ./elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
 ```
 
+You can also specify the options you want to override directly in the command field:
+
+```yml
+elasticsearch:
+  build: elasticsearch/
+  command: elasticsearch -Des.network.host=0.0.0.0 -Des.cluster.name: my-cluster
+  ports:
+    - "9200:9200"
+```
+
 # Storage
 
 ## How can I store Elasticsearch data?

docker-compose.yml

@@ -1,5 +1,6 @@
 elasticsearch:
   build: elasticsearch/
+  command: elasticsearch -Des.network.host=0.0.0.0
   ports:
     - "9200:9200"
 logstash:

elasticsearch/Dockerfile

@@ -1,3 +1,4 @@
 FROM elasticsearch:latest
 
-RUN plugin -i elasticsearch/marvel/latest
+RUN plugin install license
+RUN plugin install marvel-agent

kibana/Dockerfile

@@ -5,4 +5,7 @@ RUN apt-get update && apt-get install -y netcat
 COPY entrypoint.sh /tmp/entrypoint.sh
 RUN chmod +x /tmp/entrypoint.sh
 
+RUN kibana plugin --install elasticsearch/marvel/latest
+RUN kibana plugin --install elastic/sense
+
 CMD ["/tmp/entrypoint.sh"]

logstash/config/logstash.conf

@@ -7,5 +7,7 @@ input {
 ## Add your filters here
 
 output {
-	elasticsearch { }
+	elasticsearch {
+		hosts => "MY_IP_ADDRESS:9200"
+	}
 }