1.安装elk
docker pull sebp/elk
1.2:启动镜像:
docker run -d -e ES_JAVA_OPTS="-Xms1024m -Xmx1024m" -p 5601:5601 -p 5044:5044 -p 9200:9200 -p 9300:9300 -it --restart=always --name elk c21727ae794b
错误
max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
编辑/etc/sysctl.conf,在里面加入:vm.max_map_count=262144
修改elasticsearch
docker exec -it elk bash
#编辑es,vim /etc/elasticsearch/elasticsearch.yml,在结尾追加
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
#退出容器
exit
重启再进入
docker restart elk
docker exec -it elk bash
#进入安装目录,为内置账号生成密码(自建)
/opt/elasticsearch/bin/elasticsearch-setup-passwords interactive
#进入安装目录,为内置账号生成密码(自动)
/opt/elasticsearch/bin/elasticsearch-setup-passwords auto
修改kibana
#停掉kibana,修改kibana的配置文件vim /opt/kibana/confif/kibana.yml,在结尾追加以下内容
i18n.locale: "zh-CN"
kibana.index: ".kibana"
elasticsearch.username: "elastic"
elasticsearch.password: "之前配置的密码"
修改logstash
修改02-beats-input.conf
docker exec -it elk /bin/bash
vim /etc/logstash/conf.d/02-beats-input.conf
input {
tcp {
port => 5044
codec => json_lines
}
}
output{
elasticsearch {
hosts => ["localhost:9200"]
index => "ruizhi-log-%{+YYYY.MM.dd}"
user => "elastic"
password => "之前配置的密码"
}
}
修改 30-output.conf
vim 30-output.conf
output {
elasticsearch {
hosts => ["localhost:9200"]
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
user => "elastic"
password => "之前配置密码"
}
}
修改 logstash.yml
vim /opt/logstash/config/logstash.yml
#追加
xpack.monitoring.elasticsearch.username: logstash_system
xpack.monitoring.elasticsearch.password: 之前配置密码
重新elk
docker restart elk
至此完成配置,生产环境最好内网部署