Docker Deployment

LogScale provides two diferent containe images for running LogScale:

humio-core
Contains only LogScale and is designed for production in combination with a separate Kafka deployment.
humio
Contains LogScale and Kafka and is designed only testing.

Important

The following section describes running LogScale using the humio Docker image, which is suitable for running LogScale locally for development or testing, but is not a recommended or supported model for production deployments.

For production deployments, use the humio-core container in combination with a suitable Kafka deployment. For more information on production deployments using containers, see Installing LogScale on Kubernetes. For more information on the reference architecture for a Kubernetes deployment, see LogScale Kubernetes Reference Architecture.

Install Docker

To deploy LogScale using Docker:

The first step to installing LogScale using Docker is to install Docker on the machine where you want to run Docker with LogScale. You can Download Docker from their site or by using a package installation program like yum or apt-get.
Once you have Docker installed, you'll need to create a LogScale configuration file on the host machine. This should define basic settins such as the hostname and port numbers that LogScale will use. For example, when using the humio container you might use the following configuration file called .env:
ini
```
AUTHENTICATION_METHOD=none

ELASTIC_PORT=9200

PUBLIC_URL=http://localhost:8080

KAFKA_SERVERS=127.0.0.1:9092
HUMIO_PORT=8080

HUMIO_SOCKET_BIND=0.0.0.0
HUMIO_HTTP_BIND=0.0.0.0
```
This sets the public URL to be be on port 8080, use the embedded Kafka service and listen on the default IP address.
For other configuration values, see Basic Configuration and LogScale Configuration Parameters.
Note
Docker only loads the environment file when the container is initially created. If you make changes to the settings in your environment file, restarting the container won't work. You'll need to execute docker rm with the container name, and then execute docker run for the changes to take effect.
Now, make two directories on the host machine: one to store data for LogScale in general and one for Kafka data. And then pull the latest LogScale image by executing the following at the command-line:
shell
```
$ docker pull humio/humio
```
Separate mount points help isolate Kafka from the other services. Kafka is notorious for consuming large amounts of disk space, so it's important to protect the other services from running out of disk space by using a separate volume in production deployments. Make sure all volumes are being appropriately monitored as well. If your installation does run out of disk space and gets into a bad state, you can find recovery instructions in Switching Kafka.
For information on updating LogScale, see Updating LogScale.

Starting Docker with LogScale

Once Docker and the humio image have been downloaded and the LogScale configuration file set, You are ready to run the LogScale Docker image as a container.

shell

$ docker run -v $HOST_DATA_DIR:/data  \
   -v $PATH_TO_READONLY_FILES:/etc/humio:ro  \
   --net=host \
   --name=humio \
   --ulimit="nofile=8192:8192"  \
   --stop-timeout 300 \
   --env-file=$PATH_TO_CONFIG_FILE humio/humio

To customise the configuration:

Replace $HOST_DATA_DIR with the path to the mounts/data directory for the data on the host machine.
Replace $PATH_TO_CONFIG_FILE with the path of the configuration file you created
The directory $PATH_TO_READONLY_FILES provides a place to put files that LogScale needs at runtime, such as certificates for SAML authentication.

At this point, LogScale should be running. Using a web browser, navigate to http://localhost:8080 to open the LogScale user interface. However, there are a first of the settings above that you might adjust further based on how you're using LogScale with Docker.

Some additional considerations:

If you're running the LogScale containers with a host that's using SElinux in enforcing mode, the container has to be started with the --privileged flag set.
In the example above, the LogScale container was started with full access to the network of the host machine (--net=host). Another possibility is to forward explicit ports: -p 8080:8080. By default LogScale only uses port 8080.
On a macOS machine, there can be problems with using the host network (i.e., --net=host). If that happens, use -p 8080:8080 to forward port 8080 on the host network to the Docker container.
You may also need to allow enough memory for the virtual machine running Docker on Mac. Open the Docker app, go to preferences, and specify 4GB.

Running LogScale as a System Service

The Docker container can be started as a service using the Docker run reference.

To ensure LogScale restarts, add --detach and --restart=always to the above Docker run:

shell

$ docker run ... --detach --restart=always

Falcon LogScale Self-Hosted 1.132.0-1.136.0 (Preview)

Self-Hosted Overview

Installing LogScale

Self-Hosted Admin.

Organization Essentials

Configuring Security

Authentication & Identity Providers

Users & Permissions

Cluster Management

Configuration Settings

Ingesting Data

LogScale Configuration Parameters

LogScale URLs & Endpoints

Limits & Standards

Data Analysis 1.132.0-1.136.0

Data Analysis Overview

LogScale User Interface

Repositories & Views

Parsing Data

Searching Data

Writing Queries

Query Language Syntax

Query Functions

Dashboards & Widgets

Automation

Template Language

Keyboard Shortcuts