docker-elasticsearch-kibana-logstash-filebeat

原創

2021-02-20 21:10

1. 自定義網絡

docker network create elk

2. docker elasticsearch

2.1. 拉取鏡像

docker pull docker.elastic.co/elasticsearch/elasticsearch:7.9.2

2.2. 創建用戶、目錄

useradd elasticsearch -d /data/elasticsearch
mkdir -p /data/elasticsearch/config
mkdir -p /data/elasticsearch/data

2.3. 創建容器 - 不映射目錄

docker run --name es -e "discovery.type=single-node" -d docker.elastic.co/elasticsearch/elasticsearch:7.9.2

2.4. 拷貝容器內配置

docker cp -a es:/usr/share/elasticsearch/config/ /data/elasticsearch/

2.5. 刪除容器

docker rm -f es

2.6. 修改目錄屬組

chown -R elasticsearch:root /data/elasticsearch

2.7. 創建容器 - 映射目錄

docker run -d \
--name es \
-h es \
--net elk \
-p 9200:9200 \
-p 9300:9300 \
-v "/data/elasticsearch/data":/usr/share/elasticsearch/data \
-v "/data/elasticsearch/config":/usr/share/elasticsearch/config \
-e "discovery.type=single-node" \
-e ES_JAVA_OPTS="-Xms4G -Xmx4G" \
--restart always \
docker.elastic.co/elasticsearch/elasticsearch:7.9.2

2.8. 設置密碼

設置 x-pack

# vim /data/elasticsearch/config/elasticsearch.yml
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true

執行命令，按提示如下輸入密碼

docker exec -it es /bin/bash /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive

賬號: elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user 密碼: 12345678

3. kibana

3.1. 使用手冊

https://www.elastic.co/guide/cn/kibana/current/index.html

3.2. 創建目錄

mkdir -p /data/kibana/config

3.3. 拉取鏡像

docker pull docker.elastic.co/kibana/kibana:7.9.2

3.4. 創建容器 - 不映射目錄

docker run \
--name kibana \
--net elk \
-p 5601:5601 \
--link es:elasticsearch \
-e ELASTICSEARCH_USERNAME="elastic" \
-e ELASTICSEARCH_PASSWORD="12345678" \
-d docker.elastic.co/kibana/kibana:7.9.2

3.5. 拷貝容器內配置

docker cp -a kibana:/usr/share/kibana/config /data/kibana/

3.6. 刪除容器

docker rm -f kibana

3.7. 創建容器 - 映射目錄

docker run \
--name kibana \
-h kibana \
--net elk \
-p 5601:5601 \
--link es:elasticsearch \
-e ELASTICSEARCH_USERNAME="elastic" \
-e ELASTICSEARCH_PASSWORD="12345678" \
-v /data/kibana/config:/usr/share/kibana/config \
--restart always \
-d docker.elastic.co/kibana/kibana:7.9.2

3.8. 修改配置

# vim /data/kibana/config/kibana.yml
server.name: kibana
server.host: "0.0.0.0"
xpack.monitoring.ui.container.elasticsearch.enabled: true
elasticsearch.hosts: ["http://localhost:9200/"]
elasticsearch.username: "elastic"
elasticsearch.password: "12345678"
i18n.locale: "zh-CN"

3.9. 重啓容器

docker restart kibana

3.10. 訪問

http://kibana.abc.com
賬號: elastic
密碼: 12345678

4. logstash

4.1. 創建目錄

docker pull logstash:7.9.2

4.2. 拉取鏡像

mkdir -p /data/logstash/config
mkdir -p /data/logstash/conf.d
mkdir -p /data/logstash/logs

4.3. 編寫 logstash.yml

# vim /data/logstash/config/logstash.yaml
path.config: /usr/share/logstash/conf.d/*.conf
path.logs: /var/log/logstash

4.4. 編寫 default.conf

# vim /data/logstash/conf.d/default.conf
input {
   beats {
       port => 5044
   }
	
	redis {
		host => "192.168.1.100"
		port => 6379
		password => "123456"
		db => 7
		data_type => "list"
		key => "filebeat:list"
		threads => 1
	}
}

output {
	elasticsearch {
		hosts => ["http://elasticsearch:9200"]
		user => "elastic"
		password => "12345678"
		index => "%{[host][name]}-%{[fields][logtype]}-%{+YYYYMMdd}"
	}
}

4.5. 創建容器 - 映射目錄

docker run \
--name logstash \
-h logstash \
--net elk \
-p 19600:9600 \
-p 15044:5044 \
-v "/data/logstash/config/logstash.yaml":/usr/share/logstash/config/logstash.yml \
-v "/data/logstash/conf.d":/usr/share/logstash/conf.d \
-v "/data/logstash/logs":/var/log/logstash \
--link es:elasticsearch \
--restart always \
-d logstash:7.9.2

5. filebeat

5.1. 下載安裝

wget https://mirrors.huaweicloud.com/filebeat/7.9.0/filebeat-7.9.0-x86_64.rpm
rpm -ivh filebeat-7.9.0-x86_64.rpm

5.2. 設置自啓

systemctl enable filebeat
or
chkconfig --add filebeat

# cd /etc/filebeat/
# cp -a filebeat.yml filebeat.yml.bak
# vim filebeat.yml

filebeat.inputs:
    - type: log
      enabled: true
      paths:
          - "/usr/local/openresty/nginx/logs/access.log"
      fields:
          logtype: "nginx-access"

    - type: log
      enabled: true
      paths:
          - "/usr/local/openresty/nginx/logs/error.log"
      fields:
          logtype: "nginx-error"

setup.template.settings:
  index.number_of_shards: 3

setup.kibana:
    host: "host-1:5601"

#output.logstash:
    #hosts: ["host-1:5044"]
	
output.redis:
    hosts: ["192.168.1.100:6379"]
    password: "123456"
    key: "filebeat:list"
    db: 7
    timeout: 10

output.logstash 和 output.redis 二選一

5.3. 啓動服務

service filebeat start

發表評論

所有評論

還沒有人評論，想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.