Humio is distributed as a Docker image. This means that you can start an instance without a complicated installation procedure.
Looking for how to get logs from Docker into Humio? Try the Docker logging integration instead.
Create an empty file on the host machine to store the Humio configuration.
You can use this file to pass on JVM arguments to the Humio Java process.
Enter the following settings into the configuration file:
Create an empty directory on the host machine to store data for Humio:
Pull the latest Humio image:
docker pull humio/humio
Run the Humio Docker image as a container:
docker run -v $HOST_DATA_DIR:/data -v $PATH_TO_READONLY_FILES:/etc/humio:ro --net=host --name=humio --ulimit="nofile=8192:8192" --env-file=$PATH_TO_CONFIG_FILE humio/humio
$HOST_DATA_DIR with the path to the humio-data directory you created
on the host machine, and
$PATH_TO_CONFIG_FILE with the path of the
configuration file you created. The directory
$PATH_TO_READONLY_FILES provides a place to put files that are needed at runtime by humio such as certificates for SAML authentication.
Humio is now running. Navigate to
http://localhost:8080 to view the Humio web interface.
In the above example, we started the Humio container with full access to the
network of the host machine (
--net=host). In a production environment, you
should restrict this access by using a firewall, or adjusting the Docker network
configuration. Another possibility is to forward explicit ports.
That is possible like this:
-p 8080:8080. But then you need to forward all
the ports you configure Humio to use. By default Humio is only using port 8080.
On a Mac there can be issues with using the host network (
that case use
-p 8080:8080 to forward port 8080 on the host network to the Docker container.
Another concern is to allow enough memory to the virtual machine running Docker on Mac. Open the Docker app and go to preferences and specify 4GB.
Updating Humio is described in the upgrade section
The Docker container can be started as a service using Docker’s restart policies.
An example is adding
--detach --restart=always to the above docker run:
docker run ... --detach --restart=always
If you’re running the humio containers with a host with SElinux in
enforcing mode - the container has to be started
--privileged flag set.