拉取logstash镜像
docker pull docker.elastic.co/logstash/logstash:5.5.1
拉取elasticsearch镜像
docker pull docker.elastic.co/elasticsearch/elasticsearch:5.5.1
拉取kibana镜像
docker pull docker.elastic.co/kibana/kibana:5.5.1
启动ES
docker run -p 9200:9200 -e "http.host=0.0.0.0" -e "transport.host=127.0.0.1" --name es -d docker.elastic.co/elasticsearch/elasticsearch:5.5.1
启动Kibana容器
docker run -p 5601:5601 -e "ELASTICSEARCH_URL=http://ip:9200" --name kibana -d docker.elastic.co/kibana/kibana:5.5.1
编写配置文件
创建 logstash/logstash.yml
http.host: "0.0.0.0"
path.config: /usr/share/logstash/pipeline
xpack.monitoring.elasticsearch.url: http://ip:9200
xpack.monitoring.elasticsearch.username: elastic
xpack.monitoring.elasticsearch.password: changeme
创建logstash/conf.d/logstash.conf
input {
file {
path => "/tmp/access_log"
start_position => "beginning"
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
user => "elastic"
password => "changeme"
}
}
运行
docker run -v D:/docker/config/logstash:/usr/share/logstash/pipeline/:ro -v /tmp:/tmp:ro -v D:/docker/config/logstash/logstash.yml:/usr/share/logstash/config/logstash.yml:ro --name my-logstash --network host -d docker.elastic.co/logstash/logstash:5.5.1