Docker版EKL安裝記錄文件
- 拉取已下三個映象
docker.io/logstash 7.5.2 b6518c95ed2f 6 months ago 805 MB
docker.io/kibana 7.5.2 a6e894c36481 6 months ago 950 MB
docker.io/elasticsearch 7.5.2 929d271f1798 6 months ago 779 MB
部署ES
- 修改系統配置檔案
注意一
⚠️準備 config,data,logs三個資料夾,資料夾裡需要有配置的就config資料夾。
注意二
⚠️ config 是elasticsearch容器預設的配置檔案,我們需要修改elasticsearch.yml檔案,不然還是啟動不了,配置如下:
#cluster.name: "docker-cluster"
#network.host: 0.0.0.0
cluster.name: "docker-cluster"
node.name: node-1
network.host: 0.0.0.0
bootstrap.system_call_filter: false
cluster.initial_master_nodes: ["node-1"]
xpack.license.self_generated.type: basic
注意三
⚠️ data,logs資料夾可手動建立,需要給他們root賬號的讀寫執行許可權,我這給的是775 許可權足夠了,許可權可參考如下:
[root@localhost elasticsearch]# ls -al
總用量 0
drwxr-xr-x 6 root root 89 7月 21 16:45 .
drwxr-xr-x 5 root root 73 7月 21 16:25 ..
drwxr-xr-x 2 root root 178 7月 21 16:44 config
drwxrwxr-x 3 root root 27 7月 21 16:53 data
drwxrwxr-x 10 root root 283 7月 21 16:40 elasticsearch.bak
drwxrwxr-x 2 root root 133 7月 21 16:55 logs
- 最後docker run
docker run --name elasticsearch -p 9200:9200 -v /data/EKL/elasticsearch/config:/usr/share/elasticsearch/config -v /data/EKL/elasticsearch/data:/usr/share/elasticsearch/data -v /data/EKL/elasticsearch/logs:/usr/share/elasticsearch/logs -v /etc/localtime:/etc/localtime:ro -itd elasticsearch:7.5.2
注意四
⚠️埠可以自己改,我這就預設了
確認一下是否起來了
[root@localhost elasticsearch]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1b0763e52708 elasticsearch:7.5.2 "/usr/local/bin/do..." 14 minutes ago Up 9 minutes 0.0.0.0:9200->9200/tcp, 9300/tcp elasticsearch
起來了後用瀏覽器訪問一下 127.0.0.1:9200 (127.0.0.1是你自己宿主機的IP地址)
部署kibana
- 準備 kibana的 config 資料夾,配置內容如下
#
## ** THIS IS AN AUTO-GENERATED FILE **
##
#
## Default Kibana configuration for docker target
server.name: kibana
server.host: "0"
elasticsearch.hosts: [ "http://127.0.0.1:9200" ] # 127.0.0.1:9200改為你自己的elasticsearch地址
xpack.monitoring.ui.container.elasticsearch.enabled: true # 解釋連結https://blog.csdn.net/u011311291/article/details/100041912
i18n.locale: zh-CN #漢化
kibana.index: ".kibana" #配置本地索引
- docker run 啟動
docker run -itd --name kibana -p 5601:5601 -v /data/EKL/kibana/config:/usr/share/kibana/config -v /etc/localtime:/etc/localtime:ro kibana:7.5.2
注意五
⚠️開放所用到的埠,我這裡是9200,5601,瀏覽器訪問127.0.0.1:5601 (127.0.0.1是你自己宿主機的IP)
部署logstash
- 準備好logstash的 config跟pipeline檔案
注意六
⚠️修改config下的 logstash.yml ; logstash-sample.conf 兩個配置檔案中的 elasticsearch 地址配置地址如下
[root@test config]# cat logstash.yml
http.host: "0.0.0.0"
xpack.monitoring.elasticsearch.hosts: [ "http://127.0.0.1:9200" ]
[root@test config]# cat pipelines.yml
# This file is where you define your pipelines. You can define multiple.
# For more information on multiple pipelines, see the documentation:
# https://www.elastic.co/guide/en/logstash/current/multiple-pipelines.html
- pipeline.id: main
path.config: "/usr/share/logstash/pipeline" #這是服務配置路徑,可改。我這暫且不改。
[root@test config]# cat logstash-sample.conf
# Sample Logstash configuration for creating a simple
# Beats -> Logstash -> Elasticsearch pipeline.
input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => ["http://127.0.0.1:9200"]
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
#user => "elastic"
#password => "changeme"
}
}
注意七
⚠️:以上 127.0.0.1:9200 需改為自己宿主機的地址
其實到這一步就差不多了,接下來就是對監控的logs做相關的配置了,我是對java的logs做個監控,需在 pipeline 下建立一個 java.conf (命名可改隨你喜歡),配置如下
logstash日誌配置
[root@test pipeline]# vim java.conf
input {
file{
path => "/DATA/logs/chenfan-base.log" #log路徑
type => "base" # 打個標籤
start_position => "beginning"
}
}
output {
if [type] == "base" { # 條件
elasticsearch {
hosts => ["127.0.0.1:9200"] #elasticsearch 服務地址
index => "base-%{+YYYY.MM.dd}" # 索引名字命名
codec => "json" #需將java日誌裝成json格式
}
}
}
docker run -itd --name logstash -p 5044:5044 -p 9600:9600 -v /DATA/logstash/docker/logstash/config:/usr/share/logstash/config -v /DATA/logstash/docker/logstash/pipeline:/usr/share/logstash/pipeline -v /DATA/logstash/log:/DATA/logs -v /etc/localtime:/etc/localtime:ro logstash:7.5.2
