暂无图片
暂无图片
暂无图片
暂无图片
暂无图片
首页 / ELK容器部署运行

ELK容器部署运行

孤岛鱼夫 2020-08-18
470

【历史库存文档】用容器方式运行,将elk的环境使用容器编排的方式来实现。过程如下:

filebeat =>> redis =>> logstash =>> elasticsearch =>> kibana

服务编排目录结构:

  1. tree ./
  2. ./
  3. ├── docker-compose.yml
  4. ├── elasticsearch
  5.    └── elasticsearch.yml
  6. ├── logstash
  7.    └── logstash.conf
  8. └── redis
  9.     └── redis.conf

docker-compose.yml 内容:

  1. version: '3'

  3. services:

  5.   elasticsearch:
  6.     image: elasticsearch:6.4.2
  7.     container_name: elasticsearch
  8.     hostname: elasticsearch

  10.     ports:
  11.       - "9200:9200"
  12.       - "9300:9300"

  14.     volumes:
  15.       - ./elasticsearch/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro
  16.     environment:
  17.       ES_JAVA_OPTS: "-Xmx1024m -Xms1024m"
  18.     networks:
  19.       - elk

  21.   logstash:
  22.     image: logstash:6.4.2
  23.     container_name: logstash
  24.     hostname: logstash
  25.     command: logstash -f /etc/logstash/conf.d/logstash.conf
  26.     volumes:
  27.       - ./logstash:/etc/logstash/conf.d
  28.     ports:
  29.       - "5000:5000"
  30.     networks:
  31.       - elk


  34.   kibana:
  35.     image: kibana:6.4.2
  36.     container_name: kibana
  37.     hostname: kibana
  38.     environment: #在kibana中指定es地址,使用容器名称进行连接
  39.       - ELASTICSEARCH_URL=http://elasticsearch:9200
  40.     ports:
  41.       - "5601:5601"
  42.     networks:
  43.       - elk

  45.   redis:
  46.     container_name: redis
  47.     hostname: redis
  48.     image: redis
  49.     ports:
  50.       - "6379:6379"
  51.     volumes:
  52. #      - /data/redis:/data/redis
  53.       - ./redis/redis.conf:/opt/server/redis/redis.conf
  54.     command: redis-server /opt/server/redis/redis.conf

  56.     networks:
  57.       - elk


  60. networks:
  61.   elk:
  62.     driver: bridge

elasticsearch.yml 内容:

  1. cluster.name: "docker-cluster"
  2. network.host: 0.0.0.0
  3. discovery.zen.minimum_master_nodes: 1
  4. discovery.type: single-node

logstash.conf 内容:

  1. input {

  3.         redis {

  5.         host => "192.168.2.134"
  6.         port => "6379"
  7.         key  => "filebeat"
  8.         data_type => "list"
  9.         password => "123456789"
  10.         threads   => "5"


  13. }

  15. }

  17. filter {

  19.         date {
  20.         match => [ "timestamp","dd/MMM/YYYY:H:m:s Z" ]
  21.         remove_field => "timestamp"
  22.         }


  25. }

  27. output {

  29.         elasticsearch {

  31.                 hosts => "elasticsearch:9200"
  32.                 index => "logstash-%{+YYYY.MM.dd}"
  33.                 document_type => "java_logs"
  34.         }

  36. }

redis.conf 内容:redis配置只修改几个选项,其他保持了默认,修改内容如下:

  1. bind 0.0.0.0             #可连接地址段,这里设置允许所有
  2. requirepass 123456789  #密码

远程数据源节点日志收集工具部署使用filebeat。同样采用容器来运行。

filebeat的部署内容如下:

  1. version: '3'

  3. services:

  5.   filebeat:
  6.     image: elastic/filebeat:6.4.2
  7.     container_name: filebeat
  8.     hostname: filebeat
  9.     privileged: true
  10.     volumes:
  11.       - ./filebeat.yml:/usr/share/filebeat/filebeat.yml
  12.       - /logs/app:/logs/app

filebeat.yml 内容如下:

  1. filebeat.inputs:
  2. - type: log
  3.   enabled: true
  4.   paths:
  5.     - "/logs/app/*.log"
  6.   document_type: "java_logs"
  7.   path: ${path.config}/modules.d/*.yml
  8.   reload.enabled: true
  9. #  tail_files: true   #如果不收集以前的历史日志,这里要启用该选项,只收集最新的日志。

  11. output.redis:
  12.   hosts: ["192.168.2.134:6379"]
  13.   port: 6379
  14.   password: "123456789"   #这里密码要和redis中设置的一样,否则连不上
  15.   key: "filebeat"
  16.   db: 0
  17.   timeout: 5







                     

数据库
文章转载自孤岛鱼夫,如果涉嫌侵权,请发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。

评论