Install Docker Agent

George Alpizar
George Alpizar
  • Updated

Overview

You can use this document to learn how to install the Edge Delta agent for your Docker-based software platform.

Note

Before you deploy the agent, Edge Delta recommends that you review the Review Agent Requirements document. 


Step 1: Create a Configuration and Download the Agent

  1. In the Edge Delta App, on the left-side navigation, click Data Pipeline, and then click Agent Settings.
  2. Click Create Configuration.
  3. Select Docker.
  4. Click Save.
  5. In the table, locate the newly created configuration, and then click the corresponding green rocket to deploy additional instructions.
  6. Click Docker.
  7. In the window that appears, copy the command.
    • This window also displays your API key. Copy this key for a later step.
  8. Paste and then run the command on the host where you want to deploy Edge Delta. The installation process will begin.

Step 2: Run the Container

When you run the Edge Delta container, you can either have the Edge Delta container fetch its configuration from the Edge Delta Central Configuration Backend (recommended) or use a local configuration file.


Option 1: Run with an API Key Utilizing Agent Management Configuration

Note

To learn more about agent configuration management, see Learn About Agent Management Configuration.

Note

The container must have internet access to fetch the configuration.

Run the following command. Replace <YOUR_API_KEY> with the key you copied earlier.

docker run -it \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-e "ED_API_KEY=<YOUR_API_KEY>" \
docker.io/edgedelta/edgedelta/agent:latest

Option 2: Run with a Local Configuration File

Run the following command. Replace $PWD/config.yml with the absolute path of the local configuration file on host.

 docker run -it \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-v $PWD/config.yml:/edgedelta/config.yml \
docker.io/edgedelta/edgedelta/agent:latest

Limit Resource Consumption

You can limit the CPU or memory resources that the Edge Delta container consumes.

The following example limits the Edge Delta container to 25% CPU and 256 MB of memory.

docker run -it --cpus=".25" --memory="256m" \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-v $PWD/config_docker.yml:/edgedelta/config.yml \
docker.io/edgedelta/edgedelta/agent:latest

Review Example Configuration

The following example configuration displays a default configuration that can be deployed. 

You can comment (or uncomment) parameters as need, as well as populate appropriate values to create your desired configuration.

#Configuration File Version (currently v1 and v2 supported)
version: v2

#Global settings to apply to the agent
agent_settings:
  tag: docker_onboarding
  log:
    level: info
  anomaly_capture_size: 1000
  anomaly_confidence_period: 30m

#Inputs define which datasets to monitor (files, containers, syslog ports, windows events, etc.)
inputs:
  container_stats:
    labels: "container_stats"
  containers:
    - labels: "docker_logs,all_containers"
      include:
        - "image=.*"
#  files:
#    - labels: "system_logs, auth"
#      path: "/var/log/auth.log"
#  ports:
#    - labels: "syslog_ports"
#      protocol: tcp
#      port: 1514

#Outputs define destinations to send both streaming data, and trigger data (alerts/automation/ticketing)
outputs:
  #Streams define destinations to send "streaming data" such as statistics, anomaly captures, etc. (Splunk, Sumo Logic, New Relic, Datadog, InfluxDB, etc.)
  streams:
    ##Sumo Logic Example
    #- name: sumo-logic-integration
    #  type: sumologic
    #  endpoint: "<ADD SUMO LOGIC HTTPS ENDPOINT>"

    #Splunk Example
    #- name: splunk-integration
    #  type: splunk
    #  endpoint: "<ADD SPLUNK HEC ENDPOINT>"
    #  token: "<ADD SPLUNK TOKEN>"

    ##Datadog Example
    #- name: datadog-integration
    #  type: datadog
    #  api_key: "<ADD DATADOG API KEY>"

    ##New Relic Example
    #- name: new-relic-integration
    #   type: newrelic
    #   endpoint: "<ADD NEW RELIC API KEY>"

    ##Influxdb Example
    #- name: influxdb-integration
    #  type: influxdb
    #  endpoint: "<ADD INFLUXDB ENDPOINT>"
    #  port: <ADD PORT>
    #  features: all
    #  tls:
    #    disable_verify: true
    #  token: "<ADD JWT TOKEN>"
    #  db: "<ADD INFLUX DATABASE>"

  ##Triggers define destinations for alerts/automation (Slack, PagerDuty, ServiceNow, etc)
  triggers:
    ##Slack Example
    #- name: slack-integration
    #  type: slack
    #  endpoint: "<ADD SLACK WEBHOOK/APP ENDPOINT>"


#Processors define analytics and statistics to apply to specific datasets
processors:
  cluster:
    name: clustering
    num_of_clusters: 50          # keep track of only top 50 and bottom 50 clusters
    samples_per_cluster: 2       # keep last 2 messages of each cluster
    reporting_frequency: 30s     # report cluster samples every 30 seconds

#Regexes define specific keywords and patterns for matching, aggregation, statistics, etc.
  regexes:
    - name: "error_level"
      pattern: "ERROR|error|Error|Err|ERR"
      trigger_thresholds:
        anomaly_probability_percentage: 95

    - name: "exception_check"
      pattern: "Exception|exception|EXCEPTION"
      trigger_thresholds:
        anomaly_probability_percentage: 95

    - name: "fail_level"
      pattern: "FAIL|Fail|fail"
      trigger_thresholds:
        anomaly_probability_percentage: 95

    - name: "info_level"
      pattern: "INFO|info|Info"

    - name: "warn_level"
      pattern: "WARN|warn|Warn"

    - name: "debug_level"
      pattern: "DEBUG|debug|Debug"

    - name: "success_check"
      pattern: "Success|SUCCESS|success|Succeeded|succeeded|SUCCEEDED"

#Workflows define the mapping between input sources, which processors to apply, and which destinations to send the streams/triggers to
workflows:
  stats_workflow:
    input_labels:
      - container_stats

  example_workflow:
    input_labels:
      - docker_logs
    processors:
      - clustering
      - error_level
      - info_level
      - warn_level
      - debug_level
      - fail_level
      - exception_check
      - success_check
    destinations:
      #- streaming_destination_a    #Replace with configured streaming destination
      #- streaming_destination_b    #Replace with configured streaming destination
      #- trigger_destination_a      #Replace with configured trigger destination
      #- trigger_destination_b      #Replace with configured trigger destination

 

 


Troubleshoot the Agent

To verify that the agent's container is running, run the following Docker command. If the container is running, then a container containing edgedelta in the IMAGE name should display.

docker ps

To check the agent's log file for any errors that may indicate an issue with the agent, configuration, or deployment settings, run the following command to view all containers (whether running or not). This command will display the CONTAINER ID of the Edge Delta Agent.

docker ps -a

Copy the CONTAINER ID of the agent, which should be listed at the top of the list of containers, and then run the following command with the agent's CONTAINER ID:

docker logs CONTAINERID

Share this document