Elasticsearch
:用于存储收集到的日志信息;Logstash
:用于监控,过滤,收集日志,SpringBoot
应用整合了Logstash
以后会把日志发送给Logstash
,Logstash
再把日志转发给Elasticsearch
;Kibana
:通过Web端的可视化界面来查看日志。
拉取
docker pull elasticsearch:7.9.0
docker pull kibana:7.9.0
docker pull logstash:7.9.0
搭建
mkdir -p /Users/fanshaorong/elk/elasticsearch/data
mkdir -p /Users/fanshaorong/elk/elasticsearch/plugins
mkdir -p /Users/fanshaorong/elk/logstash
mkdir -p /Users/fanshaorong/elk/docker
docker-compose.yml
version: '3'
services:
elasticsearch:
image: elasticsearch:7.9.0
container_name: elasticsearch
environment:
- "cluster.name=elasticsearch" #设置集群名称为elasticsearch
- "discovery.type=single-node" #以单一节点模式启动
- "ES_JAVA_OPTS=-Xms512m -Xmx512m" #设置使用jvm内存大小
volumes:
- /Users/fanshaorong/elk/elasticsearch/data:/usr/share/elasticsearch/data #数据文件挂载
- /Users/fanshaorong/elk/elasticsearch/plugins:/usr/share/elasticsearch/plugins #插件文件挂载
ports:
- 9200:9200
- 9300:9300
kibana:
image: kibana:7.9.0
container_name: kibana
links:
- elasticsearch:es #可以用es这个域名访问elasticsearch服务
depends_on:
- elasticsearch #kibana在elasticsearch启动之后再启动
environment:
- "elasticsearch.hosts=http://es:9200" #设置访问elasticsearch的地址
ports:
- 5601:5601
logstash:
image: logstash:7.9.0
container_name: logstash
volumes:
- /Users/fanshaorong/elk/logstash/logstash.conf:/usr/share/logstash/pipeline/logstash.conf #挂载logstash的配置文件
depends_on:
- elasticsearch #kibana在elasticsearch启动之后再启动
links:
- elasticsearch:es #可以用es这个域名访问elasticsearch服务
ports:
- 4560:4560
logstash.conf
input {
tcp {
mode => "server"
host => "0.0.0.0"
port => 4560
codec => json_lines
}
}
output {
elasticsearch {
hosts => "es:9200"
index => "springboot-logstash-%{+YYYY.MM.dd}"
}
}
启动
docker-compose up -d
访问
可视化工具elasticsearch head插件监控管理
安装命令:docker pull mobz/elasticsearch-head:5
启动命令:docker run -d -p 9100:9100 --name elasticsearch-head docker.io/mobz/elasticsearch-head:5
跨域拒绝访问解决方案:进入elasticsearch容器内部,修改elasticsearch.yml,增加跨域的配置(需要重启es才能生效)
输入命令:docker ps 获得容器id
进入容器:docker exec -it (容器id) bash
修改配置:vi config/elasticsearch.yml
添加内容:
http.cors.enabled: true
http.cors.allow-origin: "*"
重启es,head插件正常生效。
docker exec -it 5cc5e257cca6 bash
apt-get update
apt-get install vim
vi ./_site/vendor.js
重启elasticsearch-head
可视化工具cerebro
docker run -p 9000:9000 --name cerebro lmenezes/cerebro:0.9.2
必须使用ip连接
ifconfig | grep "inet"
索引文档
PUT /{index}/{type}/{id}
curl -X PUT "localhost:9200/website/blog/123?pretty" -H 'Content-Type: application/json' -d'
{
"title": "My first blog entry",
"text": "Just trying this out...",
"date": "2014/01/01"
}
'
查看索引
http://localhost:5601/app/management/data/index_management/indices
或者
取回一个文档
GET /website/blog/123?pretty
curl -X GET "localhost:9200/website/blog/123?pretty&pretty"
完整docker-compose.yml
version: '3'
services:
elasticsearch:
image: elasticsearch:7.9.0
container_name: elasticsearch
environment:
- "cluster.name=elasticsearch" #设置集群名称为elasticsearch
- "discovery.type=single-node" #以单一节点模式启动
- "ES_JAVA_OPTS=-Xms512m -Xmx512m" #设置使用jvm内存大小
volumes:
- /Users/fanshaorong/Desktop/docker/elk/elasticsearch/data:/usr/share/elasticsearch/data #数据文件挂载
- /Users/fanshaorong/Desktop/docker/elk/elasticsearch/plugins:/usr/share/elasticsearch/plugins #插件文件挂载
ports:
- 9200:9200
- 9300:9300
kibana:
image: kibana:7.9.0
container_name: kibana
links:
- elasticsearch:es #可以用es这个域名访问elasticsearch服务
depends_on:
- elasticsearch #kibana在elasticsearch启动之后再启动
environment:
- "elasticsearch.hosts=http://es:9200" #设置访问elasticsearch的地址
ports:
- 5601:5601
logstash:
image: logstash:7.9.0
container_name: logstash
volumes:
- /Users/fanshaorong/Desktop/docker/elk/logstash/logstash.conf:/usr/share/logstash/pipeline/logstash.conf #挂载logstash的配置文件
depends_on:
- elasticsearch #kibana在elasticsearch启动之后再启动
links:
- elasticsearch:es #可以用es这个域名访问elasticsearch服务
ports:
- 4560:4560
elasticsearch-head:
image: mobz/elasticsearch-head:5
container_name: elasticsearch-head
ports:
- 9100:9100
cerebro:
image: lmenezes/cerebro:0.9.2
container_name: cerebro
ports:
- 9000:9000