ELK:elasticsearch, logstash,kibana
1. docker 安装 elasticsearch 和 elasticsearch-head 插件
在固定的目录下操作
/home/xxxName/TestDir
参考:https://www.cnblogs.com/xiao987334176/p/13565468.html
1.1.1 安装
$ docker pull elasticsearch:7.5.1
$ docker pull mobz/elasticsearch-head:5-alpine
1.1.2 配置
$ cd /home/xxxName/TestDir
$ mkdir -p elasticsearch/{data,logs,config}
$ vi elasticsearch/config/elasticsearch.yml
`
cluster.name: "docker-cluster"
network.host: 0.0.0.0
http.cors.enabled: true
http.cors.allow-origin: "*"
`
$ chmod -R 777 elasticsearch/
1.1.3 运行
# -v: 挂载,前面是本机绝对路径,后面是容器里的绝对路径
$ docker run -d --name=elasticsearch \
--restart=always \
-p 9200:9200 -p 9300:9300 \
-e "discovery.type=single-node" \
-v /home/xxxName/TestDir/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml \
-v /home/xxxName/TestDir/elasticsearch/data:/usr/share/elasticsearch/data \
-v /home/xxxName/TestDir/elasticsearch/logs:/usr/share/elasticsearch/logs \
elasticsearch:7.5.1
$ docker run -d \
--name=elasticsearch-head \
--restart=always \
-p 9100:9100 \
docker.io/mobz/elasticsearch-head:5-alpine
1.1.4 访问
本机:
http://localhost:9200/
http://localhost:9100/
其它:localhost 换成运行 elasticsearch 的IP
2 docker安装logstash
2.1 安装
docker pull logstash:7.5.1
2.2 配置
把配置文件挂载进去就OK了的
- 需要启动一次
docker run -d --name=logstash logstash:7.5.1
- 查看日志
docker logs -f logstash直到成功启动Successfully started Logstash API endpoint {:port=>9600} - 拷贝容器里的内容到本机
$ cd /home/xxxName/TestDir
$ mkdir -p logstash/conf.d
$ vi logstash/logstash.yml
`
http.host: "0.0.0.0"
xpack.monitoring.elasticsearch.hosts: [ "http://本机IP:9200" ]
path.config: /usr/share/logstash/config/conf.d/*.conf
path.logs: /usr/share/logstash/logs
`
$ vi logstash/config/conf.d/syslog.conf
`
input {
file {
#标签
type => "systemlog-localhost"
#采集点
path => "/var/log/messages"
#开始收集点
start_position => "beginning"
#扫描间隔时间,默认是1s,建议5s
stat_interval => "5"
}
}
output {
elasticsearch {
hosts => ["本机IP:9200"]
index => "logstash-system-localhost-%{+YYYY.MM.dd}"
}
}
`
$ touch messages
$ chmod 777 -R logstash messages
2.3 启动
$ docker run -d \
--name=logstash \
--restart=always \
-p 5044:5044 \
-v /home/xxxName/TestDir/logstash/conf.d:/usr/share/logstash/config/conf.d \
-v /home/xxxName/TestDir/logstash/logstash.yml:/usr/share/logstash/config/logstash.yml \
-v /home/xxxName/TestDir/messages:/var/log/messages \
logstash:7.14.1
2.4 浏览
本机:查看 index
http://localhost:9100/
其它:localhost 换成运行 elasticsearch 的IP
2.5 写入日志
$ cd /home/xxxName/TestDir
$ echo test_log_message > messages
3 kibana
参考: https://www.elastic.co/guide/en/kibana/current/docker.html
3.1 安装
docker pull kibana:7.5.1
3.2 启动
docker run -d --name kib01-test -p 5601:5601 -e "ELASTICSEARCH_HOSTS=http://localhost:9200" kibana:7.5.1
3.3 浏览
本机:查看 index
http://localhost:9100/
其它:localhost 换成运行 elasticsearch 的IP
3.4 配置 kibana 进行浏览日志
参考 https://blog.favorstack.io/elastic-stack/get-started-elastic-stack.html
- 首先查看 static 页面是否能够正常访问
http://ip:5601/app/home#/
image.png
