拉取镜像:
docker pull logstash:7.0.0
运行容器:
docker run --name logstash -d -p 5044:5044 -p 9600:9600 logstash:7.0.0
创建配置文件目录,设置权限:
mkidr -p /home/elk/logstash/config && \
chown -R 1000 /home/elk/logstash
拷贝配置文件:
docker cp logstash:/usr/share/logstash/config /home/elk/logstash/config
删除容器:
docker rm -f logstash
修改配置文件,使用了9011-9014端口:
input {
tcp {
type => "gateway"
host => "0.0.0.0"
port => 9011
mode => "server"
codec => json_lines
}
tcp {
type => "core"
host => "0.0.0.0"
port => 9012
mode => "server"
codec => json_lines
}
tcp {
type => "router"
host => "0.0.0.0"
port => 9013
mode => "server"
codec => json_lines
}
tcp {
type => "task"
host => "0.0.0.0"
port => 9014
mode => "server"
codec => json_lines
}
}
output {
if [type] == "gateway" {
elasticsearch {
hosts => ["http://192.168.100.206:9200"]
index => "logs-cps-trans-gateway-%{+YYYY.MM.dd}"
}
stdout{}
} else if [type] == "core" {
elasticsearch {
hosts => ["http://192.168.100.206:9200"]
index => "logs-cps-trans-core-%{+YYYY.MM.dd}"
}
stdout{}
} else if [type] == "router" {
elasticsearch {
hosts => ["http://192.168.100.206:9200"]
index => "logs-cps-trans-router-%{+YYYY.MM.dd}"
}
stdout{}
} else if [type] == "task" {
elasticsearch {
hosts => ["http://192.168.100.206:9200"]
index => "logs-cps-trans-task-%{+YYYY.MM.dd}"
}
}
}
重新运行容器:
docker run --name logstash -d \
-p 5044:5044 \
-p 9600:9600 \
-p 9011-9014:9011-9014 \
-v /home/elk/logstash/config:/usr/share/logstash/config \
-e xpack.monitoring.elasticsearch.hosts=http://192.168.100.206:9200 \
logstash:7.0.0 \
-f /usr/share/logstash/config/logstash.conf
宿主机开放9011-9014端口:
firewall-cmd --permanent --add-port=9011-9014/tcp && \
firewall-cmd --reload