安装elk
和之前相同,可查看之前文章安装elk
如果需要在之前的版本(运行了一段时间)添加用户名和密码。会报错
kibana FATAL [circuit_breaking_exception] [parent] Data too large
解决方法是:把挂载的es的数据删除
需要修改的配置文件
elasticsearch/Dockerfile
ARG ELK_VERSION
# https://github.com/elastic/elasticsearch-docker
FROM docker.elastic.co/elasticsearch/elasticsearch:7.5.1
# Add your elasticsearch plugins setup here
# Example: RUN elasticsearch-plugin install analysis-icu
elasticsearch/config/elasticsearch.yml
---
## Default Elasticsearch configuration from Elasticsearch base image.
## https://github.com/elastic/elasticsearch/blob/master/distribution/docker/src/docker/config/elasticsearch.yml
#
cluster.name: "docker-cluster"
network.host: 0.0.0.0
## Use single node discovery in order to disable production mode and avoid bootstrap checks
## see https://www.elastic.co/guide/en/elasticsearch/reference/current/bootstrap-checks.html
#
#path.data: /data/elasticsearch/data/
#path.logs: /data/elasticsearch/log/
#path.plugins: /data/elasticsearch/plugin/
discovery.type: single-node
http.port: 9200
## X-Pack settings
## see https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-xpack.html
#
action.auto_create_index: .security,.monitoring*,.watches,.triggered_watches,.watcher-history*,*
#xpack.license.self_generated.type: trial
#xpack.security.enabled: true
#xpack.monitoring.collection.enabled: true
xpack.security.enabled: true
xpack.ml.enabled: true
xpack.license.self_generated.type: trial
主要添加后面几行
xpack.security.enabled: true
xpack.ml.enabled: true
xpack.license.self_generated.type: trial
kibana/Dockerfile
ARG ELK_VERSION
# https://github.com/elastic/kibana-docker
FROM docker.elastic.co/kibana/kibana:7.5.1
# Add your kibana plugins setup here
# Example: RUN kibana-plugin install <name|url>
kibana/config/kibana.yml
---
## Default Kibana configuration from Kibana base image.
## https://github.com/elastic/kibana/blob/master/src/dev/build/tasks/os_packages/docker_generator/templates/kibana_yml.template.js
#
server.name: kibana
server.host: "0"
#elasticsearch.url: http://elasticsearch:9200
elasticsearch.hosts: [ "http://elasticsearch:9200" ]
#xpack.monitoring.ui.container.elasticsearch.enabled: true
xpack.security.enabled: true
## X-Pack security credentials
#
elasticsearch.username: elastic
elasticsearch.password: elastic
logstash/Dockerfile
ARG ELK_VERSION
# https://github.com/elastic/logstash-docker
FROM docker.elastic.co/logstash/logstash:7.5.1
# Add your logstash plugins setup here
# Example: RUN logstash-plugin install logstash-filter-json
logstash/pipeline/logstash.conf
output {
if "xx"==[source]{
elasticsearch {
hosts => "elasticsearch:9200"
user => "elastic"
password => "elastic"
index => "xx-%{+YYYY.MM.dd}"
}
}
}
总结:
关键就是把elasticsearch、kibana、logstash版本设置相同。elasticsearch开启xpack,kibana和logstash设置用户名和密码