EFK搭建手册
es-7.8.0
docker pull elasticsearch:7.8.0
docker run -d -p 9200:9200 -p 9300:9300 -e ES_JAVA_OPTS="-Xms256m -Xmx256m" -e "discovery.type=single-node" --name es docker.io/elasticsearch:7.8.0
docker cp es:/usr/share/elasticsearch .
mv elasticsearch es
docker stop es && docker rm es
docker run -d -p 9200:9200 -p 9300:9300 --name es -e ES_JAVA_OPTS="-Xms1024m -Xmx1024m" -e "discovery.type=single-node" -v /data/efk/elasticsearch:/usr/share/elasticsearch --privileged=true docker.io/elasticsearch:7.8.0
参考链接:https://cloud.tencent.com/developer/article/1537440
kibana-7.8.0
sudo docker pull kibana:7.8.0
docker run -d -p 5601:5601 -e ELASTICSEARCH_URL=http://127.0.0.1:9200 --name kibana docker.io/kibana:7.8.0
docker cp kibana:/usr/share/kibana .
docker stop kibana && docker rm kibana
docker run -d -p 5601:5601 -e ELASTICSEARCH_URL=http://172.17.0.2:9200 -v /data/kibana:/usr/share/kibana --name kibana --privileged=true docker.io/kibana:7.8.0
elasticsearch.hosts: [ "http://172.39.0.8:9200" ]
monitoring.ui.container.elasticsearch.enabled: true
elasticsearch.username: "用户名"
elasticsearch.password: "密码"
filebeat-7.8.0
sudo docker pull elastic/filebeat:7.8.0
sudo docker run -d --name filebeat --user=root elastic/filebeat:7.8.0
sudo docker cp filebeat:/usr/share/filebeat/filebeat.yml /data/efk/filebeat/
docker stop filebeat && docker rm filebeat
sudo docker run -d --user=root --name filebeat -v /data/efk/filebeat/filebeat.yml:/usr/share/filebeat/filebeat.yml -v /data/efk/filebeat/logs:/usr/share/filebeat/logs -v /data/tomcat_tkzf/logs:/data/tomcat_tkzf/logs elastic/filebeat:7.8.0
filebeat.config:
modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
filebeat.inputs:
- type: log
paths:
- /data/tomcat_tkzf/logs/winnjybpay.log
setup.ilm.enabled: false
setup.template.name: "tkzf"
setup.template.pattern: "tkzf-*"
output.elasticsearch:
hosts: ["*******:19200"]
index: "tkzf-%{+yyyy.MM.dd}"
indices:
- index: "tkzf-%{+yyyy.MM.dd}"
when.equals:
fields.type: "tkzf"
protocol: "http"
username: 'elastic'
password: 'hEyZOQAUtu0lEMBjW5zT'