Humio is distributed as a Docker image. This means that you can start an instance without a complicated installation procedure.
Looking for how to get logs from Docker into Humio? Try the Docker logging integration instead.
Create an empty file on the host machine to store the Humio configuration.
You can use this file to pass on JVM arguments to the Humio Java process.
Docker only loads the environment file when the container is initially created.
As such, if you make changes to the settings in your environment file, simply
stopping and starting the container will not work. You need to
docker rm the
docker run it again to pick up changes.
Enter the following settings into the configuration file:
Create empty directories on the host machine to store data for Humio:
mkdir -p mounts/data mounts/kafka-data
Separate mount points help isolate Kafka from the other services. Kafka is notorious for consuming large amounts of disk space, so it’s important to protect the other services from running out of disk by using a separate volume in production deployments. Make sure all volumes are being appropriately monitored as well. If your installation does run out of disk space and gets into a bad state, you can find recovery instructions here.
Pull the latest Humio image:
docker pull humio/humio
Run the Humio Docker image as a container:
docker run -v $HOST_DATA_DIR:/data -v $HOST_KAFKA_DATA_DIR:/data/kafka-data -v $PATH_TO_READONLY_FILES:/etc/humio:ro --net=host --name=humio --ulimit="nofile=8192:8192" --env-file=$PATH_TO_CONFIG_FILE humio/humio
$HOST_DATA_DIR with the path to the mounts/data directory you created
on the host machine,
$HOST_KAFKA_DATA_DIR with the path to the mounts/kafka-data
$PATH_TO_CONFIG_FILE with the path of the configuration file you
created. The directory
$PATH_TO_READONLY_FILES provides a place to put files that
are needed at runtime by humio such as certificates for SAML authentication.
Humio is now running. Navigate to
http://localhost:8080 to view the Humio web interface.
In the above example, we started the Humio container with full access to the
network of the host machine (
--net=host). In a production environment, you
should restrict this access by using a firewall, or adjusting the Docker network
configuration. Another possibility is to forward explicit ports.
That is possible like this:
-p 8080:8080. But then you need to forward all
the ports you configure Humio to use. By default Humio is only using port 8080.
On a Mac there can be issues with using the host network (
that case use
-p 8080:8080 to forward port 8080 on the host network to the Docker container.
Another concern is to allow enough memory to the virtual machine running Docker on Mac. Open the Docker app and go to preferences and specify 4GB.
Updating Humio is described in the upgrade section
The Docker container can be started as a service using Docker’s restart policies.
An example is adding
--detach --restart=always to the above docker run:
docker run ... --detach --restart=always
If you’re running the humio containers with a host with SElinux in
enforcing mode - the container has to be started
--privileged flag set.