Skip to main content

Installer

What you’ll learn#

  • This installer prepare Elasticsearch and Kibana for Canarytrace use
  • What is the configuration options?

What is Canarytrace Installer?#


Canarytrace is known as plug'n'play stack and it's means, that first run is very quickly and doesn't require lengthy set up. Set up Elasticsearch and Kibana it's also fast, thanks to prepared Canarytrace Installer.

What does installation contain?#

  • Install index patterns
    • Index patterns tell Kibana which Elasticsearch indices you want to explore. An index pattern can match the name of a single index, or include a wildcard (*) to match multiple indices.
  • Install templates
    • An index template is a way to tell Elasticsearch how to configure an index when it is created.
  • Install visualizations
    • Visualize enables you to create visualizations of the data from your Elasticsearch indices, which you can then add to dashboards for analysis.
  • Install dashboards
    • A dashboard is a collection of visualizations, searches, and maps, typically in real-time. Dashboards provide at-a-glance insights into your data and enable you to drill down into details.
  • Install search
    • Saved search / view in Kibana.

Docker image#

Canarytrace Installer is available in our docker registry https://quay.io/repository/canarytrace/installer

Set up Elasticsearch and Kibana on localhost#

Prerequisites

Run Canarytrace Installer

docker run --name installer --net canarytrace --rm quay.io/canarytrace/installer:1.0

Command Line#

This setting allows you to change the default setting. For example, Elasticsearch runs somewhere in the cloud.

  • ELASTIC_ENDPOINT=http://localhost for local installation of Elasticsearch or elasticsearch if you use --net canary bridge or https://1234.eu-central-1.aws.cloud.es.io if you use elastic.co
  • ELASTIC_PORTT=9200 this is a default REST-API port of Elasticsearch
  • ELASTIC_INDEX_PREFIX=c default is c, e.g. index c.report-*
  • ELASTIC_USER=elastic
  • ELASTIC_PASS=12345
  • KIBANA_ENDPOINT=http://localhost for local installation of Elasticsearch or kibana if you use --net canary bridge or `https://1234.eu-central-1.aws.
  • KIBANA_PORT=5601
  • KIBANA_USER=elastic
  • KIBANA_PASS=@josePh8

Example with docker-compose and elastic.co#

docker-compose contains configuration for prepare Elasticsearch and Kibana on elastic.

docker-compose.yaml
version: "3.8"
services:
installer:
image: quay.io/canarytrace/installer:1.0
environment:
ELASTIC_ENDPOINT: 'https://XXX.eu-central-1.aws.cloud.es.io'
ELASTIC_PORT: 9243
ELASTIC_INDEX_PREFIX: 'c.'
ELASTIC_USER: 'elastic'
ELASTIC_PASS: 'XXX'
KIBANA_ENDPOINT: 'https://XXX.eu-central-1.aws.cloud.es.io'
KIBANA_PORT: 9243
KIBANA_USER: 'elastic'
KIBANA_PASS: 'XXX'

save the code to a file docker-compose.yaml and run docker-compose up