手把手教你使用docker一鍵搭建elk日誌系統(含源碼)
準備鏡像
此處使用 組件:
- elasticsearch:7.6.2
- kibana:7.6.2
- logstash:7.6.2
使用docker 下載鏡像
# 下載elasticsearch鏡像
docker pull elasticsearch:7.6.2
# 下載kibana鏡像
docker pull kibana:7.6.2
# 下載logstash鏡像
docker pull logstash:7.6.2
編寫配置文件
創建一個elk的文件夾,並進入(將elk的文件 都整理到這一個文件夾中 方便管理)
elasticsearch配置文件編寫:elk/elasticsearch/config/elasticsearch.yml
---
## Default Elasticsearch configuration from Elasticsearch base image.
## https://github.com/elastic/elasticsearch/blob/master/distribution/docker/src/docker/config/elasticsearch.yml
#
cluster:
name: "docker-cluster"
network:
host: 0.0.0.0
## X-Pack settings
## see https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-xpack.html
#
xpack:
license:
self_generated.type: basic
security:
enabled: true
monitoring:
collection:
enabled: true
kibana 配置文件編寫:elk/kibana/config/kibana.yml
## Default Kibana configuration from Kibana base image.
## https://github.com/elastic/kibana/blob/master/src/dev/build/tasks/os_packages/docker_generator/templates/kibana_yml.template.js
#
server.name: kibana
server.host: "0"
elasticsearch.hosts: [ "http://elasticsearch:9200" ]
xpack.monitoring.ui.container.elasticsearch.enabled: true
## X-Pack security credentials
#
elasticsearch.username: elastic
elasticsearch.password: 123456es
# 開啓中文模式/英文 en
i18n.locale: "zh-CN"
logstash配置文件編寫:
elk/logstash/config/logstash.yml
## Default Logstash configuration from Logstash base image.
## https://github.com/elastic/logstash/blob/master/docker/data/logstash/config/logstash-full.yml
#
http.host: "0.0.0.0"
xpack.monitoring.elasticsearch.hosts: [ "http://elasticsearch:9200" ]
## X-Pack security credentials
#
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: elastic
xpack.monitoring.elasticsearch.password: 123456es
elk/logstash/pipeline/logstash.conf
input {
tcp {
port => 5000
codec => json_lines
}
}
## Add your filters / logstash plugins configuration here
output {
elasticsearch {
hosts => "elasticsearch:9200"
user => "elastic"
password => "123456es"
index => "beauty-log-%{+YYYY.MM.dd}"
}
}
創建elk 容器
-
編寫 doker-compose.yml 配置文件
version: '3.2' services: elasticsearch: image: elasticsearch:7.6.2 container_name: elk-es volumes: - type: bind source: ./elasticsearch/config/elasticsearch.yml target: /usr/share/elasticsearch/config/elasticsearch.yml read_only: true # - type: volume # source: elasticsearch # target: /usr/share/elasticsearch/data - "./elasticsearch/data:/usr/share/elasticsearch/data" ports: - "9200:9200" - "9300:9300" environment: ES_JAVA_OPTS: "-Xmx256m -Xms256m" ELASTIC_PASSWORD: 123456es # Use single node discovery in order to disable production mode and avoid bootstrap checks # see https://www.elastic.co/guide/en/elasticsearch/reference/current/bootstrap-checks.html discovery.type: single-node networks: - elk logstash: image: logstash:7.6.2 container_name: elk-logstash volumes: - type: bind source: ./logstash/config/logstash.yml target: /usr/share/logstash/config/logstash.yml read_only: true - type: bind source: ./logstash/pipeline target: /usr/share/logstash/pipeline read_only: true ports: - "5000:5000/tcp" - "5000:5000/udp" - "9600:9600" environment: LS_JAVA_OPTS: "-Xmx256m -Xms256m" networks: - elk depends_on: - elasticsearch kibana: image: kibana:7.6.2 container_name: elk-kibana volumes: - type: bind source: ./kibana/config/kibana.yml target: /usr/share/kibana/config/kibana.yml read_only: true ports: - "5601:5601" networks: - elk depends_on: - elasticsearch networks: elk: driver: bridge-
一鍵創建 容器
docker-compose up -d
-
到此elk系統已經構建完成,訪問 http://localhost:5601/ 輸入配置文件的賬戶密碼 即可查看 kibana 界面
源碼地址:
https://gitee.com/twelfthLunarMonthFourteen/pub_beauty/tree/hotfix/env-build (hotfix 分支)