docker安装
安装命令:
yum install -y docker
启动docker:
service docker start
开机自动启动:
systemctl enable docker
docker创建一个虚拟桥接网络,方便logstash和kibana链接es:
docker network create -d bridge es-net
创建配置文件
es:
mkdir -p /home/elk/elasticsearch/config
mkdir -p /home/elk/elasticsearch/plugins
mkdir -p /home/elk/elasticsearch/data
echo "http.host: 0.0.0.0" >> /home/elk/elasticsearch/config/elasticsearch.yml
kibana:
mkdir -p /home/elk/kibana
echo "server.host: 0.0.0.0" >>/home/elk/kibana/kibana/yml
echo "elasticsearch.hosts: http://elasticsearch:9200" >>/mydata/kibana/kibana/yml
logstash:
mkdir -p /mydata/logstash/conf/conf.d
在/mydata/logstash/conf下新建 logstash.yml
path.config: /usr/share/logstash/conf.d/*.conf
path.logs: /var/log/logstash
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.hosts: ["http://elasticsearch:9200"]
在/mydata/logstash/conf/conf.d下新建beats.conf
input {
# 配置采集方式为读取文件
file {
#标签 索引名称
type => "operation"
#采集日志位置 实际项目中配置的日志输出位置,模糊匹配
path => "/var/log/operation*.log"
#开始收集点
start_position => "beginning"
#扫描间隔时间,默认是1s,建议5s
stat_interval => "5"
}
}
output {
# es地址
elasticsearch {
hosts => ["elasticsearch:9200"]
#索引名称,和你上面配置的type一致
index => "operation"
}
}
docker启动命令:
es:
docker run --name elasticsearch --privileged=true --net=es-net --restart=always -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" -e ES_JAVA_OPTS="-Xms1024m -Xmx1024m" -v /mydata/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml -v /mydata/elasticsearch/data:/usr/share/elasticsearch/data -v /mydata/elasticsearch/plugins:/usr/share/elasticsearch/plugins -d elasticsearch:7.12.1
logstash:
docker run -di --restart=always --net=es-net --privileged=true --log-driver json-file --log-opt max-size=100m --log-opt max-file=2 -p 5044:5044 --name logstash -v /mydata/logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml -v /mydata/logstash/config/conf.d/:/usr/share/logstash/conf.d/ -v /mydata:/mydata -v /var/log:/var/log logstash:7.12.1
kibana:
docker run --name kibana --net=es-net --restart=always --privileged=true -v /home/elk/kibana/kibana.yml:/usr/share/kibana/config/kibana.yml -p 5601:5601 -d kibana:7.12.1
完成以上命令即可通过ip:9200查看你的es部署情况,也可以浏览器访问ip:5601访问kibana.