部署elasticsearch
docker search elasticsearch
#拉取es镜像
docker pull elasticsearch:7.12.1
#先启动容器(目的:复制配置文件)
docker run -d --name es -P -e "discovery.type=single-node" elasticsearch:7.12.1
#复制配置文件
docker cp es:/usr/share/elasticsearch/config/elasticsearch.yml D://software/docker/elk/elasticsearch/
编辑elasticsearch.yml
cluster.name: "docker-cluster"
network.host: 0.0.0.0
http.cors.enabled: true
http.cors.allow-origin: "*"
xpack.security.enabled: false
xpack.security.http.ssl.enabled: false
xpack.security.transport.ssl.enabled: false
启动elasticsearch
docker run -d --name es -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" --privileged=true -v D://software/docker/elk/elasticsearch/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml -v D://software/docker/elk/elasticsearch/data/:/usr/share/elasticsearch/data elasticsearch:7.12.1
部署kibana
#拉取镜像
docker pull kibana:7.12.1
#运行容器
docker run -d --name kibana -P -e "ELASTICSEARCH_HOSTS=http://127.0.0.1:9200" -e "I18N_LOCALE=zh-CN" kibana:7.12.1
#复制配置文件
docker cp kibana:/usr/share/kibana/config/kibana.yml D://software/docker/elk/kibana/
如果复制文件提示文件目录不存在,可能是版本问题,旧版本的配置文件是
docker cp kibana:/etc/kibana/kibana.yml D://software/docker/elk/kibana/
编辑配置文件kibana.yml
server.name: kibana
server.host: "0"
elasticsearch.hosts: [ "http://172.17.0.2:9200" ]
monitoring.ui.container.elasticsearch.enabled: true
i18n.locale: zh-CN
xpack.security.enabled: false
启动kibana
docker run -d --name kibana -p 5601:5601 -v D://software/docker/elk/kibana/kibana.yml:/usr/share/kibana/config/kibana.yml kibana:7.12.1
访问127.0.0.1:5601测试是否成功
避坑:
elasticsearch.hosts的配置如果是本机直接配置127.0.0.1:9200会提示
Kibana server is not ready yet
这时要修改配置
#执行查看ES内网IP地址
docker inspect elasticsearch | grep IPAddress
把IPAddress的地址配置到elasticsearch.hosts
如果是windows 没有grep命令,直接执行 docker inspect elasticsearch复制IPAddress
部署logstash
docker pull logstash:7.12.1
docker run -d -P --name logstash logstash:7.12.1
docker cp logstash:/usr/share/logstash/config D://software/docker/elk/logstash/
docker cp logstash:/usr/share/logstash/data D://software/docker/elk/logstash/
docker cp logstash:/usr/share/logstash/pipeline D://software/docker/elk/logstash/
编辑logstash.yml文件
http.host: "0.0.0.0"
xpack.monitoring.elasticsearch.hosts: [ "http://172.17.0.2:9200" ]
编辑logstash.conf
input {
tcp {
mode => "server"
host => "0.0.0.0"
port => 5044
codec => json_lines
}
}output {
elasticsearch {
hosts => ["http://172.17.0.2:9200"]
index => "elk"
codec => "json"
}
stdout {
codec => rubydebug
}
}
删除基础容器
# 删除之前的基础容器
docker rm -f logstash
# 创建新容器
docker run -d --name logstash --privileged=true -p 5044:5044 -p 9600:9600 -v D://software/docker/elk/logstash/data/:/usr/share/logstash/data -v D://software/docker/elk/logstash/config/:/usr/share/logstash/config -v D://software/docker/elk/logstash/pipeline/:/usr/share/logstash/pipeline logstash:7.12.1
配置logback-spring.xml
<appender name="LOGSTASH" class="net.logstash.logback.appender.LogstashTcpSocketAppender"> <destination>127.0.0.1:5044</destination> <encoder charset="UTF-8" class="net.logstash.logback.encoder.LogstashEncoder"/> </appender>
在root标签下都加上
<appender-ref ref="LOGSTASH" />
效果
启动项目发送请求