環境 win10 docker
最終效果:如下圖 點擊實時流傳輸之後就像 tail 日誌 一樣 😅
過程:
elastic 官網安裝docker形式。 elasticsearch 7.5.1集羣,kibana 7.5.1,filebeat 7.5.1(非docker安裝,日誌在哪裏安裝到哪裏確保通過配置路徑可以讀取到日誌 ,例如本機是win10 )
elasticsearch 參考自:https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html
出現問題:地址異常 es0*,看 docker-compose.yml 配置了網絡。而我的docker裏沒有這個網絡 。新建一個名爲elastic的docker網絡 命令 docker network create elastic。OK了
kibana 參考自https://www.elastic.co/guide/en/kibana/7.5/docker.html
出現問題 訪問不到 es。原因 與es所在docker容器間網絡不通。修改 docker-compose配置重新生成 容器解決。
filebeat 參考自https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-getting-started.html
遇到問題: 配置怎麼修改都不生效 ,Loading and starting Inputs completed. Enabled inputs: 0 爲啥是0?明明配置都是官網拷下來的只是修改了具體的日誌路徑。最後我靠 配置在d盤下,filebeat在c盤下倆份混了。
遇到問題2:官網的註冊成服務命令會報錯。.\install-service-filebeat.ps1 : File C:\Program Files\Filebeat\install-service-filebeat.ps1 cannot be loaded because r
unning scripts is disabled on this system. For more information, see about_Execution_Policies at https:/go.microsoft.co
m/fwlink/?LinkID=135170. 先沒有解決直接 .\filebeat.exe -e -c .\filebeat.yml命令啓動。
附件
es docker 配置 文件
version: '3.3'
services:
es01:
image: docker.elastic.co/elasticsearch/elasticsearch:7.5.1
container_name: es01
environment:
- node.name=es01
- cluster.name=es-docker-cluster
- discovery.seed_hosts=es02,es03
- cluster.initial_master_nodes=es01,es02,es03
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- data01:/usr/share/elasticsearch/data
ports:
- 9200:9200
networks:
- elastic
es02:
image: docker.elastic.co/elasticsearch/elasticsearch:7.5.1
container_name: es02
environment:
- node.name=es02
- cluster.name=es-docker-cluster
- discovery.seed_hosts=es01,es03
- cluster.initial_master_nodes=es01,es02,es03
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- data02:/usr/share/elasticsearch/data
networks:
- elastic
es03:
image: docker.elastic.co/elasticsearch/elasticsearch:7.5.1
container_name: es03
environment:
- node.name=es03
- cluster.name=es-docker-cluster
- discovery.seed_hosts=es01,es02
- cluster.initial_master_nodes=es01,es02,es03
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- data03:/usr/share/elasticsearch/data
networks:
- elastic
volumes:
data01:
driver: local
data02:
driver: local
data03:
driver: local
networks:
elastic:
driver: bridge
kibana docker配置文件
version: '3.3'
services:
kibana:
image: docker.elastic.co/kibana/kibana:7.5.1
environment:
# SERVER_NAME: kibana
ELASTICSEARCH_HOSTS: http://es01:9200
I18N_LOCALE: zh-CN
ports:
- 5601:5601
networks:
- elastic
networks:
elastic:
driver: bridge
filebeat win10 配置文件( 刪除掉大部分官網註釋後)
filebeat.inputs:
- type: log
enabled: true
# Paths that should be crawled and fetched. Glob based paths.
paths:
# - /var/log/*.log
- D:\logs\swagger_study\swaggerStudy.log
#- c:\programdata\elasticsearch\logs\*
filebeat.config.modules:
# Glob pattern for configuration loading
path: ${path.config}/modules.d/*.yml
# Set to true to enable config reloading
reload.enabled: false
# Period on which files under path should be checked for changes
#reload.period: 10s
#==================== Elasticsearch template setting ==========================
setup.template.settings:
index.number_of_shards: 1
#index.codec: best_compression
#_source.enabled: false
host: "localhost:5601"
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["localhost:9200"]
processors:
- add_host_metadata: ~
- add_cloud_metadata: ~
- add_docker_metadata: ~
- add_kubernetes_metadata: ~