docker+ ELK环境搭建

docker+ ELK环境搭建

1.安装docker

yum -y install docker

查看docker版本

docker version

启动docker

service docker start 或 systemctl start docker.service

docker拉去es镜像

搜索es

docker search elasticsearch:[tag]
docker pull elasticsearch:[tag]

查看镜像

docker images

docker拉去kibana镜像

docker search kibana [tag]
docker pull kibana [tag]

注意：es版本要和kibana版本一致，服务器内存要大于1G

启动ES+Kibana

docker run -e ES_JAVA_OPTS="-Xms256m -Xmx256m" -d -p 9200:9200 -p 9300:9300 -v /root/es/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml --name es -p 5601:5601  镜像id

docker run  -d -e ELASTICSEARCH_URL=http://127.0.0.1:9200 --name kibana --network=container:es kibana

宿主机文件挂载到容器文件中，注意：赋予宿主机文件777

chmod 777  xxx.yml

elasticsearch.yml配置文件

cluster.name: "docker-cluster"
network.host: 0.0.0.0
transport.host: 0.0.0.0
# minimum_master_nodes need to be explicitly set when bound on a public IP
# set to 1 to allow single node clusters
# Details: https://github.com/elastic/elasticsearch/pull/17288

查看是否启动成功

docker ps

访问ip 127.0.0.1:9200
127.0.0.1:5601

logstach

下载logstach地址：[https://www.elastic.co/cn/downloads/logstash] 版本和es一致
上传到linux中
编写 log.conf

input {
    # 从文件读取日志信息 输送到控制台
    file {
        path => "/root/logs/elasticsearch.log"
        codec => "json" ## 以JSON格式读取日志
        type => "elasticsearch"
        start_position => "beginning"
    }
}

# filter {
#
# }
output {
    # 标准输出 
    # stdout {}
    # 输出进行格式化，采用Ruby库来解析日志   
     stdout { codec => rubydebug }
	 elasticsearch {
        hosts => ["127.0.0.1:9200"]
        index => "es-%{+YYYY.MM.dd}"
    }	 
}

启动logstach

./bin/logstash log.conf 

有问题请加QQ群：94868472