Docker安装ELK环境
ELK实际上就是ElasticSearch,Logstash,Kibana的缩写,是日志收集分析的一种解决方案。
- Elasticsearch一个开源的搜索引擎框架(支持群集架构方式)
- Logstash集成各种收集日志插件,还是一个比较优秀的正则切割日志工具
- Kibana一个免费的web应用,支持在web端查看ES的搜索结果
elk是目前比较新也发展比较快的一套数据分析套件,其中Elasticsearch是用来作为存储和查询引擎的,kibana则是位于其之上的一个UI(更偏向于聚合汇总分析),而logstash则是属于ETL工具(数据的提取转换插入)。
在具体的使用过程中,目前觉得logstash算是比较鸡肋的,因为适用的场景有限,而且要扩展必须自己实现。个人建议,如果对es比较熟悉的,完全可以不需要用这个。自己用es加个river插件,那个效果也不错。
ELK简单架构
日志收集系统架构整体架构
简单来讲他具体的工作流程就是Logstash agent监控并过滤日志,将过滤后的日志内容发给redis(这里的redis只处理队列不做存储),Logstash index将日志收集在一起交给全文搜索服务ElasticSearch,可以用ElasticSearch进行自定义搜索,通过Kibana来结合 自定义搜索进行页面展示
此外 logstash 的收集方式分为 standalone 和 centralized。
standalone 是所有功能都在一个服务器上面,自发自收,centralized 就是集中收集,一台服务器接收所有shipper(个人理解就是logstash agent)的日志。
其实 logstash本身不分 什么 shipper 和 collector ,只不过就是配置文件不同而已,我们这次按照集中的方式来测试
这里的Logstash分为index和agent两种角色,也可以说是收集方式分为standalone和centralized两种。standalone是所有功能都在一个服务器上面,自发自收,centralized就是集中收集,一台服务器接收所有shipper(个人理解就是logstash agent)的日志。(其实logstash本身不分什么shipper和collector ,只不过就是配置文件不同而已)。Logstash的agent和indexer分开部署,多台agent负责监控、过滤日志,index负责收集日志并将日志交给ElasticSearch做搜索,通过Kibana来结合自定义搜索进行页面展示。Redis实际上是起到了缓冲消峰的作用,否则并发访问量大的时候ES会被拖垮的
192.168.0.1 logstash index,ElasticSearch,kibana,JDK
192.168.0.2 logstash agent,JDK
192.168.0.3 redis
因为上一篇文章已经写过Docker如何安装ES环境了,这里我们直接继承上一次安装好的Docker镜像,所以重点只介绍Logstash和Kibana的安装,本文只是简单的单机ELK环境,后续会逐步完善ELK+Redis的环境,甚至会把ELK单独拆开三个Docker镜像使用
安装Logstash(本文使用的是logstash的1.5.4版本)
<code class="hljs ruby has-numbering" style="display: block; padding: 0px; color: inherit; box-sizing: border-box; font-family: 'Source Code Pro', monospace;font-size:undefined; white-space: pre; border-radius: 0px; word-wrap: normal; background: transparent;"><span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;"># 下载Logstash</span>
<span class="hljs-variable" style="color: rgb(102, 0, 102); box-sizing: border-box;">$ </span>curl -<span class="hljs-constant" style="box-sizing: border-box;">O</span> <span class="hljs-symbol" style="color: rgb(0, 102, 102); box-sizing: border-box;">https:</span>/<span class="hljs-regexp" style="color: rgb(0, 136, 0); box-sizing: border-box;">/download.elastic.co/logstash</span><span class="hljs-regexp" style="color: rgb(0, 136, 0); box-sizing: border-box;">/logstash/logstash</span>-<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">1.5</span>.<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">4</span>.tar.gz
<span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;"># 解压ES压缩包</span>
<span class="hljs-variable" style="color: rgb(102, 0, 102); box-sizing: border-box;">$ </span>tar -zxvf logstash-<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">1.5</span>.<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">4</span>.tar.gz
<span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;"># 在{LOGSTASH_HOME}下新建一个conf目录,在里面新建一个配置文件logstash.conf </span>
<span class="hljs-variable" style="color: rgb(102, 0, 102); box-sizing: border-box;">$ </span>cd logstash-<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">1.5</span>.<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">4</span>
<span class="hljs-variable" style="color: rgb(102, 0, 102); box-sizing: border-box;">$ </span>mkdir conf
<span class="hljs-variable" style="color: rgb(102, 0, 102); box-sizing: border-box;">$ </span>cd conf
<span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;"># 编辑logstash.conf如下面的配置</span>
<span class="hljs-variable" style="color: rgb(102, 0, 102); box-sizing: border-box;">$ </span>vi logstash.conf
<span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;"># 启动logstash</span>
<span class="hljs-variable" style="color: rgb(102, 0, 102); box-sizing: border-box;">$ </span>cd {<span class="hljs-constant" style="box-sizing: border-box;">LOGSTASH_HOME</span>}/bin/
<span class="hljs-variable" style="color: rgb(102, 0, 102); box-sizing: border-box;">$ </span>./logstash -f ../conf/logstash.conf</code><ul class="pre-numbering" style="box-sizing: border-box; position: absolute; width: 50px; top: 0px; left: 0px; margin: 0px; padding: 6px 0px 40px; border-right-width: 1px; border-right-style: solid; border-right-color: rgb(221, 221, 221); list-style: none; text-align: right; background-color: rgb(238, 238, 238);"><li style="box-sizing: border-box; padding: 0px 5px;">1</li><li style="box-sizing: border-box; padding: 0px 5px;">2</li><li style="box-sizing: border-box; padding: 0px 5px;">3</li><li style="box-sizing: border-box; padding: 0px 5px;">4</li><li style="box-sizing: border-box; padding: 0px 5px;">5</li><li style="box-sizing: border-box; padding: 0px 5px;">6</li><li style="box-sizing: border-box; padding: 0px 5px;">7</li><li style="box-sizing: border-box; padding: 0px 5px;">8</li><li style="box-sizing: border-box; padding: 0px 5px;">9</li><li style="box-sizing: border-box; padding: 0px 5px;">10</li><li style="box-sizing: border-box; padding: 0px 5px;">11</li><li style="box-sizing: border-box; padding: 0px 5px;">12</li><li style="box-sizing: border-box; padding: 0px 5px;">13</li><li style="box-sizing: border-box; padding: 0px 5px;">14</li><li style="box-sizing: border-box; padding: 0px 5px;">15</li><li style="box-sizing: border-box; padding: 0px 5px;">16</li><li style="box-sizing: border-box; padding: 0px 5px;">17</li></ul><ul class="pre-numbering" style="box-sizing: border-box; position: absolute; width: 50px; top: 0px; left: 0px; margin: 0px; padding: 6px 0px 40px; border-right-width: 1px; border-right-style: solid; border-right-color: rgb(221, 221, 221); list-style: none; text-align: right; background-color: rgb(238, 238, 238);"><li style="box-sizing: border-box; padding: 0px 5px;">1</li><li style="box-sizing: border-box; padding: 0px 5px;">2</li><li style="box-sizing: border-box; padding: 0px 5px;">3</li><li style="box-sizing: border-box; padding: 0px 5px;">4</li><li style="box-sizing: border-box; padding: 0px 5px;">5</li><li style="box-sizing: border-box; padding: 0px 5px;">6</li><li style="box-sizing: border-box; padding: 0px 5px;">7</li><li style="box-sizing: border-box; padding: 0px 5px;">8</li><li style="box-sizing: border-box; padding: 0px 5px;">9</li><li style="box-sizing: border-box; padding: 0px 5px;">10</li><li style="box-sizing: border-box; padding: 0px 5px;">11</li><li style="box-sizing: border-box; padding: 0px 5px;">12</li><li style="box-sizing: border-box; padding: 0px 5px;">13</li><li style="box-sizing: border-box; padding: 0px 5px;">14</li><li style="box-sizing: border-box; padding: 0px 5px;">15</li><li style="box-sizing: border-box; padding: 0px 5px;">16</li><li style="box-sizing: border-box; padding: 0px 5px;">17</li></ul>
注意
因为Java的默认heap size,回收机制等原因,logstash从1.4.0开始不再使用jar运行方式.
- 以前方式:
java -jar logstash-1.3.3-flatjar.jar agent -f logstash.conf - 现在方式:
bin/logstash -f logstash.conf
logstash.conf配置文件
<code class="hljs php has-numbering" style="display: block; padding: 0px; color: inherit; box-sizing: border-box; font-family: 'Source Code Pro', monospace;font-size:undefined; white-space: pre; border-radius: 0px; word-wrap: normal; background: transparent;">input {
<span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;"># 来自控制台</span>
stdin {
type => <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"web"</span> <span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;"># ES索引的type</span>
codec => <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"json"</span> <span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;"># 输入格式是json</span>
}
<span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;"># 来自文件</span>
file {
<span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;"># 文件所在的绝对路径</span>
path => <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"/software/logstash-1.5.4/test.log"</span>
<span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;"># ES索引的type</span>
type => <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"system"</span>
<span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;"># 文件格式是json</span>
codec => <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"json"</span>
<span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;"># 从文件的什么位置开始采集</span>
start_position => <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"beginning"</span>
}
}
output {
<span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;"># 输出到控制台</span>
stdout {
codec => rubydebug
}
<span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;"># 输出到ES</span>
elasticsearch {
<span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;"># 不使用logstash内嵌的ES</span>
embedded => <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">false</span>
codec => <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"json"</span>
protocol => <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"http"</span>
host => <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"10.211.55.4"</span>
port => <span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">9200</span>
<span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;"># 指定创建的索引名称</span>
index => <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"birdlogstash"</span>
}
}</code><ul class="pre-numbering" style="box-sizing: border-box; position: absolute; width: 50px; top: 0px; left: 0px; margin: 0px; padding: 6px 0px 40px; border-right-width: 1px; border-right-style: solid; border-right-color: rgb(221, 221, 221); list-style: none; text-align: right; background-color: rgb(238, 238, 238);"><li style="box-sizing: border-box; padding: 0px 5px;">1</li><li style="box-sizing: border-box; padding: 0px 5px;">2</li><li style="box-sizing: border-box; padding: 0px 5px;">3</li><li style="box-sizing: border-box; padding: 0px 5px;">4</li><li style="box-sizing: border-box; padding: 0px 5px;">5</li><li style="box-sizing: border-box; padding: 0px 5px;">6</li><li style="box-sizing: border-box; padding: 0px 5px;">7</li><li style="box-sizing: border-box; padding: 0px 5px;">8</li><li style="box-sizing: border-box; padding: 0px 5px;">9</li><li style="box-sizing: border-box; padding: 0px 5px;">10</li><li style="box-sizing: border-box; padding: 0px 5px;">11</li><li style="box-sizing: border-box; padding: 0px 5px;">12</li><li style="box-sizing: border-box; padding: 0px 5px;">13</li><li style="box-sizing: border-box; padding: 0px 5px;">14</li><li style="box-sizing: border-box; padding: 0px 5px;">15</li><li style="box-sizing: border-box; padding: 0px 5px;">16</li><li style="box-sizing: border-box; padding: 0px 5px;">17</li><li style="box-sizing: border-box; padding: 0px 5px;">18</li><li style="box-sizing: border-box; padding: 0px 5px;">19</li><li style="box-sizing: border-box; padding: 0px 5px;">20</li><li style="box-sizing: border-box; padding: 0px 5px;">21</li><li style="box-sizing: border-box; padding: 0px 5px;">22</li><li style="box-sizing: border-box; padding: 0px 5px;">23</li><li style="box-sizing: border-box; padding: 0px 5px;">24</li><li style="box-sizing: border-box; padding: 0px 5px;">25</li><li style="box-sizing: border-box; padding: 0px 5px;">26</li><li style="box-sizing: border-box; padding: 0px 5px;">27</li><li style="box-sizing: border-box; padding: 0px 5px;">28</li><li style="box-sizing: border-box; padding: 0px 5px;">29</li><li style="box-sizing: border-box; padding: 0px 5px;">30</li><li style="box-sizing: border-box; padding: 0px 5px;">31</li><li style="box-sizing: border-box; padding: 0px 5px;">32</li><li style="box-sizing: border-box; padding: 0px 5px;">33</li><li style="box-sizing: border-box; padding: 0px 5px;">34</li><li style="box-sizing: border-box; padding: 0px 5px;">35</li><li style="box-sizing: border-box; padding: 0px 5px;">36</li></ul><ul class="pre-numbering" style="box-sizing: border-box; position: absolute; width: 50px; top: 0px; left: 0px; margin: 0px; padding: 6px 0px 40px; border-right-width: 1px; border-right-style: solid; border-right-color: rgb(221, 221, 221); list-style: none; text-align: right; background-color: rgb(238, 238, 238);"><li style="box-sizing: border-box; padding: 0px 5px;">1</li><li style="box-sizing: border-box; padding: 0px 5px;">2</li><li style="box-sizing: border-box; padding: 0px 5px;">3</li><li style="box-sizing: border-box; padding: 0px 5px;">4</li><li style="box-sizing: border-box; padding: 0px 5px;">5</li><li style="box-sizing: border-box; padding: 0px 5px;">6</li><li style="box-sizing: border-box; padding: 0px 5px;">7</li><li style="box-sizing: border-box; padding: 0px 5px;">8</li><li style="box-sizing: border-box; padding: 0px 5px;">9</li><li style="box-sizing: border-box; padding: 0px 5px;">10</li><li style="box-sizing: border-box; padding: 0px 5px;">11</li><li style="box-sizing: border-box; padding: 0px 5px;">12</li><li style="box-sizing: border-box; padding: 0px 5px;">13</li><li style="box-sizing: border-box; padding: 0px 5px;">14</li><li style="box-sizing: border-box; padding: 0px 5px;">15</li><li style="box-sizing: border-box; padding: 0px 5px;">16</li><li style="box-sizing: border-box; padding: 0px 5px;">17</li><li style="box-sizing: border-box; padding: 0px 5px;">18</li><li style="box-sizing: border-box; padding: 0px 5px;">19</li><li style="box-sizing: border-box; padding: 0px 5px;">20</li><li style="box-sizing: border-box; padding: 0px 5px;">21</li><li style="box-sizing: border-box; padding: 0px 5px;">22</li><li style="box-sizing: border-box; padding: 0px 5px;">23</li><li style="box-sizing: border-box; padding: 0px 5px;">24</li><li style="box-sizing: border-box; padding: 0px 5px;">25</li><li style="box-sizing: border-box; padding: 0px 5px;">26</li><li style="box-sizing: border-box; padding: 0px 5px;">27</li><li style="box-sizing: border-box; padding: 0px 5px;">28</li><li style="box-sizing: border-box; padding: 0px 5px;">29</li><li style="box-sizing: border-box; padding: 0px 5px;">30</li><li style="box-sizing: border-box; padding: 0px 5px;">31</li><li style="box-sizing: border-box; padding: 0px 5px;">32</li><li style="box-sizing: border-box; padding: 0px 5px;">33</li><li style="box-sizing: border-box; padding: 0px 5px;">34</li><li style="box-sizing: border-box; padding: 0px 5px;">35</li><li style="box-sizing: border-box; padding: 0px 5px;">36</li></ul>
test.log文件内容,放在{LOGSTASH_HOME}目录下
<code class="hljs has-numbering" style="display: block; padding: 0px; color: inherit; box-sizing: border-box; font-family: 'Source Code Pro', monospace;font-size:undefined; white-space: pre; border-radius: 0px; word-wrap: normal; background: transparent;">bird hello bird test bird bye</code><ul class="pre-numbering" style="box-sizing: border-box; position: absolute; width: 50px; top: 0px; left: 0px; margin: 0px; padding: 6px 0px 40px; border-right-width: 1px; border-right-style: solid; border-right-color: rgb(221, 221, 221); list-style: none; text-align: right; background-color: rgb(238, 238, 238);"><li style="box-sizing: border-box; padding: 0px 5px;">1</li><li style="box-sizing: border-box; padding: 0px 5px;">2</li><li style="box-sizing: border-box; padding: 0px 5px;">3</li></ul><ul class="pre-numbering" style="box-sizing: border-box; position: absolute; width: 50px; top: 0px; left: 0px; margin: 0px; padding: 6px 0px 40px; border-right-width: 1px; border-right-style: solid; border-right-color: rgb(221, 221, 221); list-style: none; text-align: right; background-color: rgb(238, 238, 238);"><li style="box-sizing: border-box; padding: 0px 5px;">1</li><li style="box-sizing: border-box; padding: 0px 5px;">2</li><li style="box-sizing: border-box; padding: 0px 5px;">3</li></ul>
安装Kibana(本文使用的是kibana的4.1.2版本)
<code class="hljs ruby has-numbering" style="display: block; padding: 0px; color: inherit; box-sizing: border-box; font-family: 'Source Code Pro', monospace;font-size:undefined; white-space: pre; border-radius: 0px; word-wrap: normal; background: transparent;"><span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;"># 下载Kibana</span>
<span class="hljs-variable" style="color: rgb(102, 0, 102); box-sizing: border-box;">$ </span>curl -<span class="hljs-constant" style="box-sizing: border-box;">O</span> <span class="hljs-symbol" style="color: rgb(0, 102, 102); box-sizing: border-box;">https:</span>/<span class="hljs-regexp" style="color: rgb(0, 136, 0); box-sizing: border-box;">/download.elastic.co/kibana</span><span class="hljs-regexp" style="color: rgb(0, 136, 0); box-sizing: border-box;">/kibana/kibana</span>-<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">4.1</span>.<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">2</span>-linux-x64.tar.gz
<span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;"># 解压ES压缩包</span>
<span class="hljs-variable" style="color: rgb(102, 0, 102); box-sizing: border-box;">$ </span>tar -zxvf kibana-<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">4.1</span>.<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">2</span>-linux-x64.tar.gz
<span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;"># 重命名一下</span>
<span class="hljs-variable" style="color: rgb(102, 0, 102); box-sizing: border-box;">$ </span>mv kibana-<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">4.1</span>.<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">2</span>-linux-x64 kibana-<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">4.1</span>.<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">2</span>
<span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;"># 启动Kibana</span>
<span class="hljs-variable" style="color: rgb(102, 0, 102); box-sizing: border-box;">$ </span>cd {<span class="hljs-constant" style="box-sizing: border-box;">KIBANA_HOME</span>}/bin
<span class="hljs-variable" style="color: rgb(102, 0, 102); box-sizing: border-box;">$ </span>./kibana
<span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;"># 访问http://192.168.1.120:5601/ 配置一个ElasticSearch索引 </span>
<span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;"># 在logstach里面添加数据 </span>
</code><ul class="pre-numbering" style="box-sizing: border-box; position: absolute; width: 50px; top: 0px; left: 0px; margin: 0px; padding: 6px 0px 40px; border-right-width: 1px; border-right-style: solid; border-right-color: rgb(221, 221, 221); list-style: none; text-align: right; background-color: rgb(238, 238, 238);"><li style="box-sizing: border-box; padding: 0px 5px;">1</li><li style="box-sizing: border-box; padding: 0px 5px;">2</li><li style="box-sizing: border-box; padding: 0px 5px;">3</li><li style="box-sizing: border-box; padding: 0px 5px;">4</li><li style="box-sizing: border-box; padding: 0px 5px;">5</li><li style="box-sizing: border-box; padding: 0px 5px;">6</li><li style="box-sizing: border-box; padding: 0px 5px;">7</li><li style="box-sizing: border-box; padding: 0px 5px;">8</li><li style="box-sizing: border-box; padding: 0px 5px;">9</li><li style="box-sizing: border-box; padding: 0px 5px;">10</li><li style="box-sizing: border-box; padding: 0px 5px;">11</li><li style="box-sizing: border-box; padding: 0px 5px;">12</li><li style="box-sizing: border-box; padding: 0px 5px;">13</li><li style="box-sizing: border-box; padding: 0px 5px;">14</li><li style="box-sizing: border-box; padding: 0px 5px;">15</li><li style="box-sizing: border-box; padding: 0px 5px;">16</li></ul><ul class="pre-numbering" style="box-sizing: border-box; position: absolute; width: 50px; top: 0px; left: 0px; margin: 0px; padding: 6px 0px 40px; border-right-width: 1px; border-right-style: solid; border-right-color: rgb(221, 221, 221); list-style: none; text-align: right; background-color: rgb(238, 238, 238);"><li style="box-sizing: border-box; padding: 0px 5px;">1</li><li style="box-sizing: border-box; padding: 0px 5px;">2</li><li style="box-sizing: border-box; padding: 0px 5px;">3</li><li style="box-sizing: border-box; padding: 0px 5px;">4</li><li style="box-sizing: border-box; padding: 0px 5px;">5</li><li style="box-sizing: border-box; padding: 0px 5px;">6</li><li style="box-sizing: border-box; padding: 0px 5px;">7</li><li style="box-sizing: border-box; padding: 0px 5px;">8</li><li style="box-sizing: border-box; padding: 0px 5px;">9</li><li style="box-sizing: border-box; padding: 0px 5px;">10</li><li style="box-sizing: border-box; padding: 0px 5px;">11</li><li style="box-sizing: border-box; padding: 0px 5px;">12</li><li style="box-sizing: border-box; padding: 0px 5px;">13</li><li style="box-sizing: border-box; padding: 0px 5px;">14</li><li style="box-sizing: border-box; padding: 0px 5px;">15</li><li style="box-sizing: border-box; padding: 0px 5px;">16</li></ul>
注意
<code class="hljs vhdl has-numbering" style="display: block; padding: 0px; color: inherit; box-sizing: border-box; font-family: 'Source Code Pro', monospace;font-size:undefined; white-space: pre; border-radius: 0px; word-wrap: normal; background: transparent;">如果Kibana和ES不在同一台机器上,需要在kibana.yml文件中指定ES集群的地址 # The Elasticsearch instance <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">to</span> <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">use</span> <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">for</span> <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">all</span> your queries. elasticsearch_url: <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"http://10.211.55.4:9200"</span></code><ul class="pre-numbering" style="box-sizing: border-box; position: absolute; width: 50px; top: 0px; left: 0px; margin: 0px; padding: 6px 0px 40px; border-right-width: 1px; border-right-style: solid; border-right-color: rgb(221, 221, 221); list-style: none; text-align: right; background-color: rgb(238, 238, 238);"><li style="box-sizing: border-box; padding: 0px 5px;">1</li><li style="box-sizing: border-box; padding: 0px 5px;">2</li><li style="box-sizing: border-box; padding: 0px 5px;">3</li></ul><ul class="pre-numbering" style="box-sizing: border-box; position: absolute; width: 50px; top: 0px; left: 0px; margin: 0px; padding: 6px 0px 40px; border-right-width: 1px; border-right-style: solid; border-right-color: rgb(221, 221, 221); list-style: none; text-align: right; background-color: rgb(238, 238, 238);"><li style="box-sizing: border-box; padding: 0px 5px;">1</li><li style="box-sizing: border-box; padding: 0px 5px;">2</li><li style="box-sizing: border-box; padding: 0px 5px;">3</li></ul>
Dockerfile文件
<code class="hljs vala has-numbering" style="display: block; padding: 0px; color: inherit; box-sizing: border-box; font-family: 'Source Code Pro', monospace;font-size:undefined; white-space: pre; border-radius: 0px; word-wrap: normal; background: transparent;"><span class="hljs-preprocessor" style="color: rgb(68, 68, 68); box-sizing: border-box;">############################################</span> <span class="hljs-preprocessor" style="color: rgb(68, 68, 68); box-sizing: border-box;"># version : birdben/elk:v1</span> <span class="hljs-preprocessor" style="color: rgb(68, 68, 68); box-sizing: border-box;"># desc : 当前版本安装的elk</span> <span class="hljs-preprocessor" style="color: rgb(68, 68, 68); box-sizing: border-box;">############################################</span> <span class="hljs-preprocessor" style="color: rgb(68, 68, 68); box-sizing: border-box;"># 设置继承自我们创建的 elasticsearch 镜像</span> FROM birdben/elasticsearch:v1 <span class="hljs-preprocessor" style="color: rgb(68, 68, 68); box-sizing: border-box;"># 下面是一些创建者的基本信息</span> MAINTAINER birdben (<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">191654006</span>@<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">163.</span>com) <span class="hljs-preprocessor" style="color: rgb(68, 68, 68); box-sizing: border-box;"># 设置环境变量,所有操作都是非交互式的</span> ENV<span class="hljs-constant" style="box-sizing: border-box;"> DEBIAN_FRONTEND </span>noninteractive <span class="hljs-preprocessor" style="color: rgb(68, 68, 68); box-sizing: border-box;"># 添加 supervisord 的配置文件,并复制配置文件到对应目录下面。(supervisord.conf文件和Dockerfile文件在同一路径)</span> COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf RUN echo <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"export LC_ALL=C"</span> <span class="hljs-preprocessor" style="color: rgb(68, 68, 68); box-sizing: border-box;"># 设置 ES 的环境变量,若读者有其他的环境变量需要设置,也可以在这里添加。</span> ENV<span class="hljs-constant" style="box-sizing: border-box;"> LOGSTASH_HOME </span>/software/logstash-<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">1.5</span><span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">.4</span> ENV<span class="hljs-constant" style="box-sizing: border-box;"> KIBANA_HOME </span>/software/kibana-<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">4.1</span><span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">.2</span> <span class="hljs-preprocessor" style="color: rgb(68, 68, 68); box-sizing: border-box;"># 复制 logstash-1.5.4, kibana-4.1.2 文件到镜像中(logstash-1.5.4, kibana-4.1.2文件夹要和Dockerfile文件在同一路径)</span> ADD logstash-<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">1.5</span><span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">.4</span> /software/logstash-<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">1.5</span><span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">.4</span> ADD kibana-<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">4.1</span><span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">.2</span> /software/kibana-<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">4.1</span><span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">.2</span> <span class="hljs-preprocessor" style="color: rgb(68, 68, 68); box-sizing: border-box;"># 解决环境问题,否则logstash无法从log文件中采集日志。具体环境: Logstash 1.5, Ubuntu 14.04, Oracle JDK7</span> RUN ln -s /lib/x86_64-linux-gnu/libcrypt.so<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">.1</span> /usr/lib/x86_64-linux-gnu/libcrypt.so <span class="hljs-preprocessor" style="color: rgb(68, 68, 68); box-sizing: border-box;"># 挂载/logstash目录</span> VOLUME [<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"/logstash"</span>] <span class="hljs-preprocessor" style="color: rgb(68, 68, 68); box-sizing: border-box;"># 容器需要开放Kibana的5601端口</span> EXPOSE <span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">5601</span> <span class="hljs-preprocessor" style="color: rgb(68, 68, 68); box-sizing: border-box;"># 执行supervisord来同时执行多个命令,使用 supervisord 的可执行路径启动服务。</span> CMD [<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"/usr/bin/supervisord"</span>]</code><ul class="pre-numbering" style="box-sizing: border-box; position: absolute; width: 50px; top: 0px; left: 0px; margin: 0px; padding: 6px 0px 40px; border-right-width: 1px; border-right-style: solid; border-right-color: rgb(221, 221, 221); list-style: none; text-align: right; background-color: rgb(238, 238, 238);"><li style="box-sizing: border-box; padding: 0px 5px;">1</li><li style="box-sizing: border-box; padding: 0px 5px;">2</li><li style="box-sizing: border-box; padding: 0px 5px;">3</li><li style="box-sizing: border-box; padding: 0px 5px;">4</li><li style="box-sizing: border-box; padding: 0px 5px;">5</li><li style="box-sizing: border-box; padding: 0px 5px;">6</li><li style="box-sizing: border-box; padding: 0px 5px;">7</li><li style="box-sizing: border-box; padding: 0px 5px;">8</li><li style="box-sizing: border-box; padding: 0px 5px;">9</li><li style="box-sizing: border-box; padding: 0px 5px;">10</li><li style="box-sizing: border-box; padding: 0px 5px;">11</li><li style="box-sizing: border-box; padding: 0px 5px;">12</li><li style="box-sizing: border-box; padding: 0px 5px;">13</li><li style="box-sizing: border-box; padding: 0px 5px;">14</li><li style="box-sizing: border-box; padding: 0px 5px;">15</li><li style="box-sizing: border-box; padding: 0px 5px;">16</li><li style="box-sizing: border-box; padding: 0px 5px;">17</li><li style="box-sizing: border-box; padding: 0px 5px;">18</li><li style="box-sizing: border-box; padding: 0px 5px;">19</li><li style="box-sizing: border-box; padding: 0px 5px;">20</li><li style="box-sizing: border-box; padding: 0px 5px;">21</li><li style="box-sizing: border-box; padding: 0px 5px;">22</li><li style="box-sizing: border-box; padding: 0px 5px;">23</li><li style="box-sizing: border-box; padding: 0px 5px;">24</li><li style="box-sizing: border-box; padding: 0px 5px;">25</li><li style="box-sizing: border-box; padding: 0px 5px;">26</li><li style="box-sizing: border-box; padding: 0px 5px;">27</li><li style="box-sizing: border-box; padding: 0px 5px;">28</li><li style="box-sizing: border-box; padding: 0px 5px;">29</li><li style="box-sizing: border-box; padding: 0px 5px;">30</li><li style="box-sizing: border-box; padding: 0px 5px;">31</li><li style="box-sizing: border-box; padding: 0px 5px;">32</li><li style="box-sizing: border-box; padding: 0px 5px;">33</li><li style="box-sizing: border-box; padding: 0px 5px;">34</li><li style="box-sizing: border-box; padding: 0px 5px;">35</li><li style="box-sizing: border-box; padding: 0px 5px;">36</li><li style="box-sizing: border-box; padding: 0px 5px;">37</li></ul><ul class="pre-numbering" style="box-sizing: border-box; position: absolute; width: 50px; top: 0px; left: 0px; margin: 0px; padding: 6px 0px 40px; border-right-width: 1px; border-right-style: solid; border-right-color: rgb(221, 221, 221); list-style: none; text-align: right; background-color: rgb(238, 238, 238);"><li style="box-sizing: border-box; padding: 0px 5px;">1</li><li style="box-sizing: border-box; padding: 0px 5px;">2</li><li style="box-sizing: border-box; padding: 0px 5px;">3</li><li style="box-sizing: border-box; padding: 0px 5px;">4</li><li style="box-sizing: border-box; padding: 0px 5px;">5</li><li style="box-sizing: border-box; padding: 0px 5px;">6</li><li style="box-sizing: border-box; padding: 0px 5px;">7</li><li style="box-sizing: border-box; padding: 0px 5px;">8</li><li style="box-sizing: border-box; padding: 0px 5px;">9</li><li style="box-sizing: border-box; padding: 0px 5px;">10</li><li style="box-sizing: border-box; padding: 0px 5px;">11</li><li style="box-sizing: border-box; padding: 0px 5px;">12</li><li style="box-sizing: border-box; padding: 0px 5px;">13</li><li style="box-sizing: border-box; padding: 0px 5px;">14</li><li style="box-sizing: border-box; padding: 0px 5px;">15</li><li style="box-sizing: border-box; padding: 0px 5px;">16</li><li style="box-sizing: border-box; padding: 0px 5px;">17</li><li style="box-sizing: border-box; padding: 0px 5px;">18</li><li style="box-sizing: border-box; padding: 0px 5px;">19</li><li style="box-sizing: border-box; padding: 0px 5px;">20</li><li style="box-sizing: border-box; padding: 0px 5px;">21</li><li style="box-sizing: border-box; padding: 0px 5px;">22</li><li style="box-sizing: border-box; padding: 0px 5px;">23</li><li style="box-sizing: border-box; padding: 0px 5px;">24</li><li style="box-sizing: border-box; padding: 0px 5px;">25</li><li style="box-sizing: border-box; padding: 0px 5px;">26</li><li style="box-sizing: border-box; padding: 0px 5px;">27</li><li style="box-sizing: border-box; padding: 0px 5px;">28</li><li style="box-sizing: border-box; padding: 0px 5px;">29</li><li style="box-sizing: border-box; padding: 0px 5px;">30</li><li style="box-sizing: border-box; padding: 0px 5px;">31</li><li style="box-sizing: border-box; padding: 0px 5px;">32</li><li style="box-sizing: border-box; padding: 0px 5px;">33</li><li style="box-sizing: border-box; padding: 0px 5px;">34</li><li style="box-sizing: border-box; padding: 0px 5px;">35</li><li style="box-sizing: border-box; padding: 0px 5px;">36</li><li style="box-sizing: border-box; padding: 0px 5px;">37</li></ul>
Dockerfile源文件链接:
https://github.com/birdben/birdDocker/blob/master/elk/Dockerfile
supervisor配置文件内容
<code class="hljs vala has-numbering" style="display: block; padding: 0px; color: inherit; box-sizing: border-box; font-family: 'Source Code Pro', monospace;font-size:undefined; white-space: pre; border-radius: 0px; word-wrap: normal; background: transparent;"><span class="hljs-preprocessor" style="color: rgb(68, 68, 68); box-sizing: border-box;"># 配置文件包含目录和进程</span>
<span class="hljs-preprocessor" style="color: rgb(68, 68, 68); box-sizing: border-box;"># 第一段 supervsord 配置软件本身,使用 nodaemon 参数来运行。</span>
<span class="hljs-preprocessor" style="color: rgb(68, 68, 68); box-sizing: border-box;"># 第二段包含要控制的 2 个服务。每一段包含一个服务的目录和启动这个服务的命令。</span>
[supervisord]
nodaemon=<span class="hljs-literal" style="color: rgb(0, 102, 102); box-sizing: border-box;">true</span>
[program:sshd]
command=/usr/sbin/sshd -D
[program:elasticsearch]
command=/bin/bash -c <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"exec ${ES_HOME}/bin/elasticsearch -DFOREGROUND"</span>
[program:logstash]
<span class="hljs-preprocessor" style="color: rgb(68, 68, 68); box-sizing: border-box;"># 指定配置文件时,一定要使用绝对路径,相对路径是不好用的,这个坑已经踩过两次了。。</span>
command=/software/logstash-<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">1.5</span><span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">.4</span>/bin/logstash -f /logstash/logstash.conf
[program:kibana]
command=/software/kibana-<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">4.1</span><span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">.2</span>/bin/kibana</code><ul class="pre-numbering" style="box-sizing: border-box; position: absolute; width: 50px; top: 0px; left: 0px; margin: 0px; padding: 6px 0px 40px; border-right-width: 1px; border-right-style: solid; border-right-color: rgb(221, 221, 221); list-style: none; text-align: right; background-color: rgb(238, 238, 238);"><li style="box-sizing: border-box; padding: 0px 5px;">1</li><li style="box-sizing: border-box; padding: 0px 5px;">2</li><li style="box-sizing: border-box; padding: 0px 5px;">3</li><li style="box-sizing: border-box; padding: 0px 5px;">4</li><li style="box-sizing: border-box; padding: 0px 5px;">5</li><li style="box-sizing: border-box; padding: 0px 5px;">6</li><li style="box-sizing: border-box; padding: 0px 5px;">7</li><li style="box-sizing: border-box; padding: 0px 5px;">8</li><li style="box-sizing: border-box; padding: 0px 5px;">9</li><li style="box-sizing: border-box; padding: 0px 5px;">10</li><li style="box-sizing: border-box; padding: 0px 5px;">11</li><li style="box-sizing: border-box; padding: 0px 5px;">12</li><li style="box-sizing: border-box; padding: 0px 5px;">13</li><li style="box-sizing: border-box; padding: 0px 5px;">14</li><li style="box-sizing: border-box; padding: 0px 5px;">15</li><li style="box-sizing: border-box; padding: 0px 5px;">16</li><li style="box-sizing: border-box; padding: 0px 5px;">17</li><li style="box-sizing: border-box; padding: 0px 5px;">18</li><li style="box-sizing: border-box; padding: 0px 5px;">19</li></ul><ul class="pre-numbering" style="box-sizing: border-box; position: absolute; width: 50px; top: 0px; left: 0px; margin: 0px; padding: 6px 0px 40px; border-right-width: 1px; border-right-style: solid; border-right-color: rgb(221, 221, 221); list-style: none; text-align: right; background-color: rgb(238, 238, 238);"><li style="box-sizing: border-box; padding: 0px 5px;">1</li><li style="box-sizing: border-box; padding: 0px 5px;">2</li><li style="box-sizing: border-box; padding: 0px 5px;">3</li><li style="box-sizing: border-box; padding: 0px 5px;">4</li><li style="box-sizing: border-box; padding: 0px 5px;">5</li><li style="box-sizing: border-box; padding: 0px 5px;">6</li><li style="box-sizing: border-box; padding: 0px 5px;">7</li><li style="box-sizing: border-box; padding: 0px 5px;">8</li><li style="box-sizing: border-box; padding: 0px 5px;">9</li><li style="box-sizing: border-box; padding: 0px 5px;">10</li><li style="box-sizing: border-box; padding: 0px 5px;">11</li><li style="box-sizing: border-box; padding: 0px 5px;">12</li><li style="box-sizing: border-box; padding: 0px 5px;">13</li><li style="box-sizing: border-box; padding: 0px 5px;">14</li><li style="box-sizing: border-box; padding: 0px 5px;">15</li><li style="box-sizing: border-box; padding: 0px 5px;">16</li><li style="box-sizing: border-box; padding: 0px 5px;">17</li><li style="box-sizing: border-box; padding: 0px 5px;">18</li><li style="box-sizing: border-box; padding: 0px 5px;">19</li></ul>
注意
<code class="hljs livecodeserver has-numbering" style="display: block; padding: 0px; color: inherit; box-sizing: border-box; font-family: 'Source Code Pro', monospace;font-size:undefined; white-space: pre; border-radius: 0px; word-wrap: normal; background: transparent;"><span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;"># 之前一直在supervisor使用如下配置来启动logstash,但是发现logstash刚启动起来自己就挂了,然后不断的在尝试重启。后来发现是配置文件没有找到,因为使用supervisor来配置服务的命令时,指定配置文件时,一定要使用绝对路径,相对路径是不好用的,这个坑已经踩过两次了。。这里再次鄙视一下自己。。</span> INFO success: logstash entered RUNNING state, <span class="hljs-built_in" style="color: rgb(102, 0, 102); box-sizing: border-box;">process</span> has stayed up <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">for</span> > than <span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">1</span> <span class="hljs-built_in" style="color: rgb(102, 0, 102); box-sizing: border-box;">seconds</span> (startsecs) INFO exited: logstash (exit status <span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">1</span>; <span class="hljs-operator" style="box-sizing: border-box;">not</span> expected) INFO spawned: <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">'logstash'</span> <span class="hljs-operator" style="box-sizing: border-box;">with</span> pid <span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">12</span> INFO exited: logstash (exit status <span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">1</span>; <span class="hljs-operator" style="box-sizing: border-box;">not</span> expected) INFO spawned: <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">'logstash'</span> <span class="hljs-operator" style="box-sizing: border-box;">with</span> pid <span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">13</span> INFO exited: logstash (exit status <span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">1</span>; <span class="hljs-operator" style="box-sizing: border-box;">not</span> expected) INFO gave up: logstash entered FATAL state, too many start retries too quickly <span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;"># 这里使用supervisorctl status查看supervisor监控的所有服务,就会发现ES没有处于被监控状态</span> $ supervisorctl status logstash FATAL Exited too quickly (<span class="hljs-built_in" style="color: rgb(102, 0, 102); box-sizing: border-box;">process</span> <span class="hljs-built_in" style="color: rgb(102, 0, 102); box-sizing: border-box;">log</span> may have details) sshd RUNNING pid <span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">6</span>, uptime <span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">0</span>:<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">01</span>:<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">49</span> elasticsearch RUNNING pid <span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">8</span>, uptime <span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">0</span>:<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">01</span>:<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">49</span></code><ul class="pre-numbering" style="box-sizing: border-box; position: absolute; width: 50px; top: 0px; left: 0px; margin: 0px; padding: 6px 0px 40px; border-right-width: 1px; border-right-style: solid; border-right-color: rgb(221, 221, 221); list-style: none; text-align: right; background-color: rgb(238, 238, 238);"><li style="box-sizing: border-box; padding: 0px 5px;">1</li><li style="box-sizing: border-box; padding: 0px 5px;">2</li><li style="box-sizing: border-box; padding: 0px 5px;">3</li><li style="box-sizing: border-box; padding: 0px 5px;">4</li><li style="box-sizing: border-box; padding: 0px 5px;">5</li><li style="box-sizing: border-box; padding: 0px 5px;">6</li><li style="box-sizing: border-box; padding: 0px 5px;">7</li><li style="box-sizing: border-box; padding: 0px 5px;">8</li><li style="box-sizing: border-box; padding: 0px 5px;">9</li><li style="box-sizing: border-box; padding: 0px 5px;">10</li><li style="box-sizing: border-box; padding: 0px 5px;">11</li><li style="box-sizing: border-box; padding: 0px 5px;">12</li><li style="box-sizing: border-box; padding: 0px 5px;">13</li><li style="box-sizing: border-box; padding: 0px 5px;">14</li><li style="box-sizing: border-box; padding: 0px 5px;">15</li></ul><ul class="pre-numbering" style="box-sizing: border-box; position: absolute; width: 50px; top: 0px; left: 0px; margin: 0px; padding: 6px 0px 40px; border-right-width: 1px; border-right-style: solid; border-right-color: rgb(221, 221, 221); list-style: none; text-align: right; background-color: rgb(238, 238, 238);"><li style="box-sizing: border-box; padding: 0px 5px;">1</li><li style="box-sizing: border-box; padding: 0px 5px;">2</li><li style="box-sizing: border-box; padding: 0px 5px;">3</li><li style="box-sizing: border-box; padding: 0px 5px;">4</li><li style="box-sizing: border-box; padding: 0px 5px;">5</li><li style="box-sizing: border-box; padding: 0px 5px;">6</li><li style="box-sizing: border-box; padding: 0px 5px;">7</li><li style="box-sizing: border-box; padding: 0px 5px;">8</li><li style="box-sizing: border-box; padding: 0px 5px;">9</li><li style="box-sizing: border-box; padding: 0px 5px;">10</li><li style="box-sizing: border-box; padding: 0px 5px;">11</li><li style="box-sizing: border-box; padding: 0px 5px;">12</li><li style="box-sizing: border-box; padding: 0px 5px;">13</li><li style="box-sizing: border-box; padding: 0px 5px;">14</li><li style="box-sizing: border-box; padding: 0px 5px;">15</li></ul>
控制台终端
<code class="hljs ruby has-numbering" style="display: block; padding: 0px; color: inherit; box-sizing: border-box; font-family: 'Source Code Pro', monospace;font-size:undefined; white-space: pre; border-radius: 0px; word-wrap: normal; background: transparent;"><span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;"># 构建镜像</span> <span class="hljs-variable" style="color: rgb(102, 0, 102); box-sizing: border-box;">$ </span>docker build -t=<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"birdben/elk:v1"</span> . <span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;"># 执行已经构件好的镜像</span> <span class="hljs-variable" style="color: rgb(102, 0, 102); box-sizing: border-box;">$ </span>docker run -p <span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">9999</span><span class="hljs-symbol" style="color: rgb(0, 102, 102); box-sizing: border-box;">:</span><span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">22</span> -p <span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">9200</span><span class="hljs-symbol" style="color: rgb(0, 102, 102); box-sizing: border-box;">:</span><span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">9200</span> -p <span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">9300</span><span class="hljs-symbol" style="color: rgb(0, 102, 102); box-sizing: border-box;">:</span><span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">9300</span> -p <span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">5601</span><span class="hljs-symbol" style="color: rgb(0, 102, 102); box-sizing: border-box;">:</span><span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">5601</span> -t -i -v /docker/<span class="hljs-symbol" style="color: rgb(0, 102, 102); box-sizing: border-box;">logstash:</span>/logstash <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"birdben/elk:v1"</span></code><ul class="pre-numbering" style="box-sizing: border-box; position: absolute; width: 50px; top: 0px; left: 0px; margin: 0px; padding: 6px 0px 40px; border-right-width: 1px; border-right-style: solid; border-right-color: rgb(221, 221, 221); list-style: none; text-align: right; background-color: rgb(238, 238, 238);"><li style="box-sizing: border-box; padding: 0px 5px;">1</li><li style="box-sizing: border-box; padding: 0px 5px;">2</li><li style="box-sizing: border-box; padding: 0px 5px;">3</li><li style="box-sizing: border-box; padding: 0px 5px;">4</li></ul><ul class="pre-numbering" style="box-sizing: border-box; position: absolute; width: 50px; top: 0px; left: 0px; margin: 0px; padding: 6px 0px 40px; border-right-width: 1px; border-right-style: solid; border-right-color: rgb(221, 221, 221); list-style: none; text-align: right; background-color: rgb(238, 238, 238);"><li style="box-sizing: border-box; padding: 0px 5px;">1</li><li style="box-sizing: border-box; padding: 0px 5px;">2</li><li style="box-sizing: border-box; padding: 0px 5px;">3</li><li style="box-sizing: border-box; padding: 0px 5px;">4</li></ul>
测试Logstash
<code class="hljs coffeescript has-numbering" style="display: block; padding: 0px; color: inherit; box-sizing: border-box; font-family: 'Source Code Pro', monospace;font-size:undefined; white-space: pre; border-radius: 0px; word-wrap: normal; background: transparent;"><span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;"># 这里我们要测试几种方式的logstash输入和输出</span>
logstash启动的参数
-e:代表控制台以字符串的方式输入conf配置
-f:代表指定文件的方式conf配置
<span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;">######</span><span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;">######</span><span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;">## logstash从控制台读取 ##############</span>
<span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;"># 只在CMD启动的进程export设置变量,而不是将变量赋值命令写入/etc/profile等脚本里,因此通过ssh方式登录容器获得的shell是没有这个变量的,所以ssh登录要提前设置JAVA_HOME环境变量</span>
$ <span class="hljs-reserved" style="box-sizing: border-box;">export</span> JAVA_HOME=/software/jdk7
<span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;"># 测试运行前端输出</span>
$ {LOGSTASH_HOME}/bin/logstash -e <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">'input { stdin { } } output { stdout {} }'</span>
Logstash startup completed
hello
<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">2015</span>-<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">12</span>-<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">20</span><span class="hljs-attribute" style="box-sizing: border-box; color: rgb(0, 136, 0);">T08</span>:<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">17</span>:<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">06.312</span>Z c7f05b587d11 hello
<span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;"># 也可以使用rubydebug的形式输出到控制台</span>
$ {LOGSTASH_HOME}/bin/logstash -e <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">'input { stdin { } } output { stdout {codec=>rubydebug} }'</span>
Logstash startup completed
hello
{
<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"message"</span><span class="hljs-function" style="box-sizing: border-box;"> =></span> <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"hello"</span>,
<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"@version"</span><span class="hljs-function" style="box-sizing: border-box;"> =></span> <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"1"</span>,
<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"@timestamp"</span><span class="hljs-function" style="box-sizing: border-box;"> =></span> <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"2015-12-20T13:35:38.996Z"</span>,
<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"host"</span><span class="hljs-function" style="box-sizing: border-box;"> =></span> <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"40421a32fbc5"</span>
}
<span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;"># 还可以将控制台的输入,输出到ES并且创建对应的索引</span>
$ {LOGSTASH_HOME}/bin/logstash -e <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">'input { stdin { type => "web" codec => "json" } } output { stdout { codec => rubydebug } elasticsearch { embedded => false codec => "json" protocol => "http" host => "10.211.55.4" port => 9200 } }'</span>
Logstash startup completed
{<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"name"</span>:<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"bird"</span>}
{
<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"name"</span><span class="hljs-function" style="box-sizing: border-box;"> =></span> <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"bird"</span>,
<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"@version"</span><span class="hljs-function" style="box-sizing: border-box;"> =></span> <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"1"</span>,
<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"@timestamp"</span><span class="hljs-function" style="box-sizing: border-box;"> =></span> <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"2015-12-20T13:35:38.996Z"</span>,
<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"type"</span><span class="hljs-function" style="box-sizing: border-box;"> =></span> <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"web"</span>,
<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"host"</span><span class="hljs-function" style="box-sizing: border-box;"> =></span> <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"40421a32fbc5"</span>
}
<span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;"># 执行之后,可以查询ES的索引,会自动创建一个logstash的索引,并且会有一个对应的属性name,它的值是bird</span>
$ curl -XPOST <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">'http://10.211.55.4:9200/_search?pretty'</span> -d <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">'{"query":{"match_all":{}}}'</span>
<span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;">######</span><span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;">######</span><span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;">## logstash从文件中读取 ##############</span>
$ {LOGSTASH_HOME}/bin/logstash -f /logstash/logstash.conf
<span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;"># 从文件中读取日志,可能会遇到下面的问题</span>
<span class="hljs-attribute" style="box-sizing: border-box; color: rgb(0, 136, 0);">NotImplementedError</span>: block device detection unsupported <span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">or</span> <span class="hljs-reserved" style="box-sizing: border-box;">native</span> support failed to load
from org/jruby/RubyFileTest.<span class="hljs-attribute" style="box-sizing: border-box; color: rgb(0, 136, 0);">java</span>:<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">67</span>:<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">in</span> `<span class="javascript" style="box-sizing: border-box;">blockdev?<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">'
from (irb):1:in </span></span>`evaluate<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">'
from org/jruby/RubyKernel.java:1107:in `eval'</span>
from org/jruby/RubyKernel.<span class="hljs-attribute" style="box-sizing: border-box; color: rgb(0, 136, 0);">java</span>:<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">1507</span>:<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">in</span> `<span class="javascript" style="box-sizing: border-box;">loop<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">'
from org/jruby/RubyKernel.java:1270:in </span></span>`<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">catch</span><span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">'
from org/jruby/RubyKernel.java:1270:in `catch'</span>
from /home/ubuntu/logstash-<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">1.5</span><span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">.0</span>-rc3/lib/logstash/runner.<span class="hljs-attribute" style="box-sizing: border-box; color: rgb(0, 136, 0);">rb</span>:<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">77</span>:<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">in</span> `<span class="javascript" style="box-sizing: border-box;">run<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">'
from org/jruby/RubyProc.java:271:in </span></span>`call<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">'
from /home/ubuntu/logstash-1.5.0-rc3/lib/logstash/runner.rb:131:in `run'</span>
from org/jruby/RubyProc.<span class="hljs-attribute" style="box-sizing: border-box; color: rgb(0, 136, 0);">java</span>:<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">271</span>:<span class="hljs-keyword" style="color: rgb(0, 0, 136); box-sizing: border-box;">in</span> `<span class="javascript" style="box-sizing: border-box;">call<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">'
from /home/ubuntu/logstash-1.5.0-rc3/vendor/bundle/jruby/1.9/gems/stud-0.0.19/lib/stud/task.rb:12:in </span></span>`initialize<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">'
# 上面的问题原因是环境问题,解决方案是先执行下面的语句,然后在运行logstash
ln -s /lib/x86_64-linux-gnu/libcrypt.so.1 /usr/lib/x86_64-linux-gnu/libcrypt.so
# 参考文章:
https://github.com/elastic/logstash/issues/3127#issuecomment-101068714
# 改好上面的问题之后logstash就会将文件的内容读取并输出到ES,使用下面的语句进行查询,就可以看到之前test.log中的3行记录,被ES创建了3条索引记录
$ curl -XPOST '</span><span class="hljs-attribute" style="box-sizing: border-box; color: rgb(0, 136, 0);">http</span>:<span class="hljs-regexp" style="color: rgb(0, 136, 0); box-sizing: border-box;">//</span><span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">10.211</span><span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">.55</span><span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">.4</span>:<span class="hljs-number" style="color: rgb(0, 102, 102); box-sizing: border-box;">9200</span>/_search?pretty<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">' -d '</span>{<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"query"</span>:{<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"match_all"</span>:{}}}<span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">'</span></code><ul class="pre-numbering" style="box-sizing: border-box; position: absolute; width: 50px; top: 0px; left: 0px; margin: 0px; padding: 6px 0px 40px; border-right-width: 1px; border-right-style: solid; border-right-color: rgb(221, 221, 221); list-style: none; text-align: right; background-color: rgb(238, 238, 238);"><li style="box-sizing: border-box; padding: 0px 5px;">1</li><li style="box-sizing: border-box; padding: 0px 5px;">2</li><li style="box-sizing: border-box; padding: 0px 5px;">3</li><li style="box-sizing: border-box; padding: 0px 5px;">4</li><li style="box-sizing: border-box; padding: 0px 5px;">5</li><li style="box-sizing: border-box; padding: 0px 5px;">6</li><li style="box-sizing: border-box; padding: 0px 5px;">7</li><li style="box-sizing: border-box; padding: 0px 5px;">8</li><li style="box-sizing: border-box; padding: 0px 5px;">9</li><li style="box-sizing: border-box; padding: 0px 5px;">10</li><li style="box-sizing: border-box; padding: 0px 5px;">11</li><li style="box-sizing: border-box; padding: 0px 5px;">12</li><li style="box-sizing: border-box; padding: 0px 5px;">13</li><li style="box-sizing: border-box; padding: 0px 5px;">14</li><li style="box-sizing: border-box; padding: 0px 5px;">15</li><li style="box-sizing: border-box; padding: 0px 5px;">16</li><li style="box-sizing: border-box; padding: 0px 5px;">17</li><li style="box-sizing: border-box; padding: 0px 5px;">18</li><li style="box-sizing: border-box; padding: 0px 5px;">19</li><li style="box-sizing: border-box; padding: 0px 5px;">20</li><li style="box-sizing: border-box; padding: 0px 5px;">21</li><li style="box-sizing: border-box; padding: 0px 5px;">22</li><li style="box-sizing: border-box; padding: 0px 5px;">23</li><li style="box-sizing: border-box; padding: 0px 5px;">24</li><li style="box-sizing: border-box; padding: 0px 5px;">25</li><li style="box-sizing: border-box; padding: 0px 5px;">26</li><li style="box-sizing: border-box; padding: 0px 5px;">27</li><li style="box-sizing: border-box; padding: 0px 5px;">28</li><li style="box-sizing: border-box; padding: 0px 5px;">29</li><li style="box-sizing: border-box; padding: 0px 5px;">30</li><li style="box-sizing: border-box; padding: 0px 5px;">31</li><li style="box-sizing: border-box; padding: 0px 5px;">32</li><li style="box-sizing: border-box; padding: 0px 5px;">33</li><li style="box-sizing: border-box; padding: 0px 5px;">34</li><li style="box-sizing: border-box; padding: 0px 5px;">35</li><li style="box-sizing: border-box; padding: 0px 5px;">36</li><li style="box-sizing: border-box; padding: 0px 5px;">37</li><li style="box-sizing: border-box; padding: 0px 5px;">38</li><li style="box-sizing: border-box; padding: 0px 5px;">39</li><li style="box-sizing: border-box; padding: 0px 5px;">40</li><li style="box-sizing: border-box; padding: 0px 5px;">41</li><li style="box-sizing: border-box; padding: 0px 5px;">42</li><li style="box-sizing: border-box; padding: 0px 5px;">43</li><li style="box-sizing: border-box; padding: 0px 5px;">44</li><li style="box-sizing: border-box; padding: 0px 5px;">45</li><li style="box-sizing: border-box; padding: 0px 5px;">46</li><li style="box-sizing: border-box; padding: 0px 5px;">47</li><li style="box-sizing: border-box; padding: 0px 5px;">48</li><li style="box-sizing: border-box; padding: 0px 5px;">49</li><li style="box-sizing: border-box; padding: 0px 5px;">50</li><li style="box-sizing: border-box; padding: 0px 5px;">51</li><li style="box-sizing: border-box; padding: 0px 5px;">52</li><li style="box-sizing: border-box; padding: 0px 5px;">53</li><li style="box-sizing: border-box; padding: 0px 5px;">54</li><li style="box-sizing: border-box; padding: 0px 5px;">55</li><li style="box-sizing: border-box; padding: 0px 5px;">56</li><li style="box-sizing: border-box; padding: 0px 5px;">57</li><li style="box-sizing: border-box; padding: 0px 5px;">58</li><li style="box-sizing: border-box; padding: 0px 5px;">59</li><li style="box-sizing: border-box; padding: 0px 5px;">60</li><li style="box-sizing: border-box; padding: 0px 5px;">61</li><li style="box-sizing: border-box; padding: 0px 5px;">62</li><li style="box-sizing: border-box; padding: 0px 5px;">63</li><li style="box-sizing: border-box; padding: 0px 5px;">64</li><li style="box-sizing: border-box; padding: 0px 5px;">65</li><li style="box-sizing: border-box; padding: 0px 5px;">66</li><li style="box-sizing: border-box; padding: 0px 5px;">67</li><li style="box-sizing: border-box; padding: 0px 5px;">68</li></ul><ul class="pre-numbering" style="box-sizing: border-box; position: absolute; width: 50px; top: 0px; left: 0px; margin: 0px; padding: 6px 0px 40px; border-right-width: 1px; border-right-style: solid; border-right-color: rgb(221, 221, 221); list-style: none; text-align: right; background-color: rgb(238, 238, 238);"><li style="box-sizing: border-box; padding: 0px 5px;">1</li><li style="box-sizing: border-box; padding: 0px 5px;">2</li><li style="box-sizing: border-box; padding: 0px 5px;">3</li><li style="box-sizing: border-box; padding: 0px 5px;">4</li><li style="box-sizing: border-box; padding: 0px 5px;">5</li><li style="box-sizing: border-box; padding: 0px 5px;">6</li><li style="box-sizing: border-box; padding: 0px 5px;">7</li><li style="box-sizing: border-box; padding: 0px 5px;">8</li><li style="box-sizing: border-box; padding: 0px 5px;">9</li><li style="box-sizing: border-box; padding: 0px 5px;">10</li><li style="box-sizing: border-box; padding: 0px 5px;">11</li><li style="box-sizing: border-box; padding: 0px 5px;">12</li><li style="box-sizing: border-box; padding: 0px 5px;">13</li><li style="box-sizing: border-box; padding: 0px 5px;">14</li><li style="box-sizing: border-box; padding: 0px 5px;">15</li><li style="box-sizing: border-box; padding: 0px 5px;">16</li><li style="box-sizing: border-box; padding: 0px 5px;">17</li><li style="box-sizing: border-box; padding: 0px 5px;">18</li><li style="box-sizing: border-box; padding: 0px 5px;">19</li><li style="box-sizing: border-box; padding: 0px 5px;">20</li><li style="box-sizing: border-box; padding: 0px 5px;">21</li><li style="box-sizing: border-box; padding: 0px 5px;">22</li><li style="box-sizing: border-box; padding: 0px 5px;">23</li><li style="box-sizing: border-box; padding: 0px 5px;">24</li><li style="box-sizing: border-box; padding: 0px 5px;">25</li><li style="box-sizing: border-box; padding: 0px 5px;">26</li><li style="box-sizing: border-box; padding: 0px 5px;">27</li><li style="box-sizing: border-box; padding: 0px 5px;">28</li><li style="box-sizing: border-box; padding: 0px 5px;">29</li><li style="box-sizing: border-box; padding: 0px 5px;">30</li><li style="box-sizing: border-box; padding: 0px 5px;">31</li><li style="box-sizing: border-box; padding: 0px 5px;">32</li><li style="box-sizing: border-box; padding: 0px 5px;">33</li><li style="box-sizing: border-box; padding: 0px 5px;">34</li><li style="box-sizing: border-box; padding: 0px 5px;">35</li><li style="box-sizing: border-box; padding: 0px 5px;">36</li><li style="box-sizing: border-box; padding: 0px 5px;">37</li><li style="box-sizing: border-box; padding: 0px 5px;">38</li><li style="box-sizing: border-box; padding: 0px 5px;">39</li><li style="box-sizing: border-box; padding: 0px 5px;">40</li><li style="box-sizing: border-box; padding: 0px 5px;">41</li><li style="box-sizing: border-box; padding: 0px 5px;">42</li><li style="box-sizing: border-box; padding: 0px 5px;">43</li><li style="box-sizing: border-box; padding: 0px 5px;">44</li><li style="box-sizing: border-box; padding: 0px 5px;">45</li><li style="box-sizing: border-box; padding: 0px 5px;">46</li><li style="box-sizing: border-box; padding: 0px 5px;">47</li><li style="box-sizing: border-box; padding: 0px 5px;">48</li><li style="box-sizing: border-box; padding: 0px 5px;">49</li><li style="box-sizing: border-box; padding: 0px 5px;">50</li><li style="box-sizing: border-box; padding: 0px 5px;">51</li><li style="box-sizing: border-box; padding: 0px 5px;">52</li><li style="box-sizing: border-box; padding: 0px 5px;">53</li><li style="box-sizing: border-box; padding: 0px 5px;">54</li><li style="box-sizing: border-box; padding: 0px 5px;">55</li><li style="box-sizing: border-box; padding: 0px 5px;">56</li><li style="box-sizing: border-box; padding: 0px 5px;">57</li><li style="box-sizing: border-box; padding: 0px 5px;">58</li><li style="box-sizing: border-box; padding: 0px 5px;">59</li><li style="box-sizing: border-box; padding: 0px 5px;">60</li><li style="box-sizing: border-box; padding: 0px 5px;">61</li><li style="box-sizing: border-box; padding: 0px 5px;">62</li><li style="box-sizing: border-box; padding: 0px 5px;">63</li><li style="box-sizing: border-box; padding: 0px 5px;">64</li><li style="box-sizing: border-box; padding: 0px 5px;">65</li><li style="box-sizing: border-box; padding: 0px 5px;">66</li><li style="box-sizing: border-box; padding: 0px 5px;">67</li><li style="box-sizing: border-box; padding: 0px 5px;">68</li></ul>
测试Kibana
<code class="hljs vala has-numbering" style="display: block; padding: 0px; color: inherit; box-sizing: border-box; font-family: 'Source Code Pro', monospace;font-size:undefined; white-space: pre; border-radius: 0px; word-wrap: normal; background: transparent;"><span class="hljs-preprocessor" style="color: rgb(68, 68, 68); box-sizing: border-box;"># 浏览器直接访问</span>
http:<span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;">//10.211.55.4:5601</span>
<span class="hljs-preprocessor" style="color: rgb(68, 68, 68); box-sizing: border-box;"># 如果ES还没有索引,你需要告诉它你打算探索哪个 Elasticsearch 索引。第一次访问 Kibana 的时候,你会被要求定义一个 index pattern 用来匹配一个或者多个索引名。好了。这就是你需要做的全部工作。以后你还可以随时从 Settings 标签页添加更多的 index pattern。</span>
<span class="hljs-preprocessor" style="color: rgb(68, 68, 68); box-sizing: border-box;"># 因为我们在Logstash配置了从log文件中读取数据并且输出到ES的索引上,配置文件中已经指定了索引的名称"birdlogstash",这样我们在Kibana只要指定这个索引名称就可以了,同理我们也可以在Logstash中改成按照日期分割的方式,Kibana也可以按照这种方式来配置。</span>
<span class="hljs-preprocessor" style="color: rgb(68, 68, 68); box-sizing: border-box;"># 指定创建的索引名称</span>
index => <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"birdlogstash"</span>
<span class="hljs-preprocessor" style="color: rgb(68, 68, 68); box-sizing: border-box;"># 指定创建的索引名称(按照索引类型和日期分割)</span>
index => <span class="hljs-string" style="color: rgb(0, 136, 0); box-sizing: border-box;">"logstash-%{type}-%{+YYYY.MM.dd}"</span>
<span class="hljs-preprocessor" style="color: rgb(68, 68, 68); box-sizing: border-box;"># 默认情况下,Kibana 会连接运行在 localhost 的 Elasticsearch。要连接其他 Elasticsearch 实例,修改 kibana.yml 里的 Elasticsearch URL,然后重启 Kibana。如何在生产环境下使用 Kibana,阅读生产环境部署章节。</span>
http:<span class="hljs-comment" style="color: rgb(136, 0, 0); box-sizing: border-box;">//kibana.logstash.es/content/kibana/v4/production.html</span>
</code><ul class="pre-numbering" style="box-sizing: border-box; position: absolute; width: 50px; top: 0px; left: 0px; margin: 0px; padding: 6px 0px 40px; border-right-width: 1px; border-right-style: solid; border-right-color: rgb(221, 221, 221); list-style: none; text-align: right; background-color: rgb(238, 238, 238);"><li style="box-sizing: border-box; padding: 0px 5px;">1</li><li style="box-sizing: border-box; padding: 0px 5px;">2</li><li style="box-sizing: border-box; padding: 0px 5px;">3</li><li style="box-sizing: border-box; padding: 0px 5px;">4</li><li style="box-sizing: border-box; padding: 0px 5px;">5</li><li style="box-sizing: border-box; padding: 0px 5px;">6</li><li style="box-sizing: border-box; padding: 0px 5px;">7</li><li style="box-sizing: border-box; padding: 0px 5px;">8</li><li style="box-sizing: border-box; padding: 0px 5px;">9</li><li style="box-sizing: border-box; padding: 0px 5px;">10</li><li style="box-sizing: border-box; padding: 0px 5px;">11</li><li style="box-sizing: border-box; padding: 0px 5px;">12</li><li style="box-sizing: border-box; padding: 0px 5px;">13</li><li style="box-sizing: border-box; padding: 0px 5px;">14</li><li style="box-sizing: border-box; padding: 0px 5px;">15</li><li style="box-sizing: border-box; padding: 0px 5px;">16</li></ul><ul class="pre-numbering" style="box-sizing: border-box; position: absolute; width: 50px; top: 0px; left: 0px; margin: 0px; padding: 6px 0px 40px; border-right-width: 1px; border-right-style: solid; border-right-color: rgb(221, 221, 221); list-style: none; text-align: right; background-color: rgb(238, 238, 238);"><li style="box-sizing: border-box; padding: 0px 5px;">1</li><li style="box-sizing: border-box; padding: 0px 5px;">2</li><li style="box-sizing: border-box; padding: 0px 5px;">3</li><li style="box-sizing: border-box; padding: 0px 5px;">4</li><li style="box-sizing: border-box; padding: 0px 5px;">5</li><li style="box-sizing: border-box; padding: 0px 5px;">6</li><li style="box-sizing: border-box; padding: 0px 5px;">7</li><li style="box-sizing: border-box; padding: 0px 5px;">8</li><li style="box-sizing: border-box; padding: 0px 5px;">9</li><li style="box-sizing: border-box; padding: 0px 5px;">10</li><li style="box-sizing: border-box; padding: 0px 5px;">11</li><li style="box-sizing: border-box; padding: 0px 5px;">12</li><li style="box-sizing: border-box; padding: 0px 5px;">13</li><li style="box-sizing: border-box; padding: 0px 5px;">14</li><li style="box-sizing: border-box; padding: 0px 5px;">15</li><li style="box-sizing: border-box; padding: 0px 5px;">16</li></ul>
参考文章:
- http://kibana.logstash.es/content/logstash/plugins/output/elasticsearch.html
- http://langke.name/2014/12/18/elk-2.html
- http://blog.chinaunix.net/uid-532511-id-4836683.html
- http://www.wklken.me/posts/2015/04/26/elk-for-nginx-log.html#3-supervisor
- http://ju.outofmemory.cn/entry/108925
- http://article.yeeyan.org/view/536432/459461
- http://qindongliang.iteye.com/blog/2250776www
-
顶
- 0
-
踩
扫一扫
2190
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
