Docker-compose部署ELK-創(chuàng)新互聯(lián)

? ? ? ? ? ? ? ? ?Docker-compose部署單機(jī)ELK

創(chuàng)新互聯(lián)從2013年成立，是專業(yè)互聯(lián)網(wǎng)技術(shù)服務(wù)公司，擁有項(xiàng)目網(wǎng)站制作、成都網(wǎng)站制作網(wǎng)站策劃，項(xiàng)目實(shí)施與項(xiàng)目整合能力。我們以讓每一個(gè)夢(mèng)想脫穎而出為使命，1280元潼南做網(wǎng)站,已為上家服務(wù),為潼南各地企業(yè)和個(gè)人服務(wù),聯(lián)系電話:13518219792

環(huán)境

主機(jī)IP 192.168.0.9

Docker version 19.03.2

docker-compose version 1.24.0-rc1

elasticsearch version 6.6.1

kibana version 6.6.1

logstash version 6.6.1

一、ELK-dockerfile文件編寫及配置文件

● elasticsearch

1、elasticsearch-dockerfile

FROM?centos:latest ADD?elasticsearch-6.6.1.tar.gz??/usr/local/ COPY?elasticsearch.yml?/usr/local/elasticsearch-6.6.1/config/ COPY?jdk1.8?/usr/local/ ENV?JAVA_HOME=/usr/local/jdk1.8 ENV?CLASSPATH=$CLASSPATH:$JAVA_HOME/lib:$JAVA_HOME/jre/lib ENV?PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$PATH:$HOME/bin RUN?groupadd?elsearch?&&?\ useradd?elsearch?-g?elsearch?-p?elasticsearch?&&?\ chown?-R?elsearch:elsearch?/usr/local/elasticsearch-6.6.1?&&?\ cp?/usr/share/zoneinfo/Asia/Shanghai?/etc/localtime?&&?\ echo?"Asia/shanghai"?>?/etc/timezone?&&?\ yum?install?which?-y?&&?\ mkdir?/opt/data?&&?\ mkdir?/opt/logs EXPOSE?9200?9300 #主要是切換到elsearch用戶啟動(dòng)es USER?elsearch WORKDIR?/usr/local/elasticsearch-6.6.1/bin/ ENTRYPOINT?["./elasticsearch"]

2、elasticsearch.yml

[root@localhost?elasticsearch]#?egrep??"^[^#]"?elasticsearch.yml? cluster.name:?es-cluster node.name:?node-1 path.data:?/opt/data path.logs:?/opt/logs network.host:?0.0.0.0 http.port:?9200 cluster.routing.allocation.disk.threshold_enabled:?true cluster.routing.allocation.disk.watermark.low:?94% cluster.routing.allocation.disk.watermark.high:?96% cluster.routing.allocation.disk.watermark.flood_stage:?98% discovery.zen.minimum_master_nodes:?1

● logstash

1、logstash-dockerfile

FROM?centos:latest ADD?logstash-6.6.1.tar.gz?/usr/local/ COPY?logstash.yml?/usr/local/logstash-6.6.1/config/ COPY?logstash.conf?/usr/local/logstash-6.6.1/config/ COPY?jdk1.8?/usr/local/ COPY?start.sh?/start.sh ENV?JAVA_HOME=/usr/local/jdk1.8 ENV?CLASSPATH=$CLASSPATH:$JAVA_HOME/lib:$JAVA_HOME/jre/lib ENV?PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$PATH:$HOME/bin RUN?mkdir?/opt/data?&&?\ mkdir?/opt/logs?&&?\ chmod?+x?/start.sh ENTRYPOINT?["/start.sh"]

2、logstash-start.sh

#!/bin/bash /usr/local/logstash-6.6.1/bin/logstash?-f?/usr/local/logstash-6.6.1/config/logstash.conf

3、logstash.yml

[root@localhost?logstash]#?egrep?"^[^#]"?logstash.yml? path.data:?/opt/data path.logs:?/opt/logs pipeline.batch.size:?200

4、logstash.conf

input?{ ??file?{ ????path?=>?"/usr/local/nginx/logs/access.log" ????type?=>?"nginx" ????start_position?=>?"beginning" ????sincedb_path?=>?"/dev/null" ??} ??file?{ ????path?=>?"/var/log/secure" ????type?=>?"secure" ????start_position?=>?"beginning" ????sincedb_path?=>?"/dev/null" ??} } #詳細(xì)說明可以查看我之前的博客 filter?{ ????grok?{ ????????match?=>?{ ????????????"message"?=>?'(?<clientip>[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})?-?-?(?<requesttime>\[[0-9]{1,2}\/[A-z]+\/[0-9]{4}\:[0-9]{2}\:[0-9]{2}\:[0-9]{2}?\+[0-9]*\])?"(?<requesttype>[A-Z]+)?(?<requesturl>[^?]+)?(?<requestv>HTTP/\d\.\d)"?(?<requestnode>[0-9]+)?(?<requestsize>[0-9]+)?"(?<content>[^?]|(http|https)://[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\/)"?"(?<ua>(a-Z|0-9|?|.)+)"' ????????} ?????????remove_field?=>?["message","log","beat","offset","prospector","host","@version"] ????} } #output指向es容器 output?{ ?if?[type]?==?"nginx"?{ ??elasticsearch?{ ????hosts?=>?["es:9200"] ????index?=>?"nginx-%{+YYYY.MM.dd}" ????????} ?????} ??else?if?[type]?==?"secure"?{ ????elasticsearch?{ ????hosts?=>?["es:9200"] ????index?=>?"secure-%{+YYYY.MM.dd}" ????????} ?????} ??}

● kibana

1、kibana-dockerfile

FROM?centos:latest ADD?kibana-6.6.1-linux-x86_64.tar.gz???/usr/local/ COPY?kibana.yml?/usr/local/kibana-6.6.1-linux-x86_64/config/ COPY?start.sh?/start.sh RUN??chmod?+x?/start.sh EXPOSE?5601 ENTRYPOINT?["/start.sh"]

2、kibana.yml

[root@localhost?kibana]#?egrep?"^[^#]"?kibana.yml? server.port:?5601 server.host:?"0.0.0.0" #指向es容器的9200端口 elasticsearch.hosts:?["http://es:9200"]

3、kibana-start.sh

#!/bin/bash /usr/local/kibana-6.6.1-linux-x86_64/bin/kibana

二、docker-compose,yml文件編寫

[root@localhost elk_dockerfile]# cat docker-compose.yml?

version:?'3.7' services: ??elasticsearch: ????image:?elasticsearch:elk ????container_name:?es ????networks: ??????-?elk ????volumes: ??????-?/opt/data:/opt/data ??????-?/opt/logs:/opt/logs ????expose: ??????-?9200 ??????-?9300 ????restart:?always ????depends_on: ??????-?logstash ??????-?kibana ??logstash: ????image:?logstash:elk ????container_name:?logstash ????networks: ??????-?elk ????volumes: ??????-?/opt/logstash/data/:/op/data ??????-?/opt/logstash/logs/:/opt/logs ??????-?/opt/elk/elk_dockerfile/logstash/logstash.conf:/usr/local/logstash-6.6.1/config/logstash.conf ??????-?/usr/local/nginx/logs:/usr/local/nginx/logs ??????-?/var/log/secure:/var/log/secure ????restart:?always ??kibana: ????image:?kibana:elk ????container_name:?kibana ????ports: ??????-?5601:5601 ????networks: ??????-?elk ????volumes: ??????-?/opt/elk/elk_dockerfile/kibana/kibana.yml:/usr/local/kibana-6.6.1-linux-x86_64/config/kibana.yml networks: ??elk:

compose文件version版本指向

三、訪問界面

另外有需要云服務(wù)器可以了解下創(chuàng)新互聯(lián)cdcxhl.cn，海內(nèi)外云服務(wù)器15元起步，三天無理由+7*72小時(shí)售后在線，公司持有idc許可證，提供“云服務(wù)器、裸金屬服務(wù)器、高防服務(wù)器、香港服務(wù)器、美國服務(wù)器、虛擬主機(jī)、免備案服務(wù)器”等云主機(jī)租用服務(wù)以及企業(yè)上云的綜合解決方案，具有“安全穩(wěn)定、簡(jiǎn)單易用、服務(wù)可用性高、性價(jià)比高”等特點(diǎn)與優(yōu)勢(shì)，專為企業(yè)上云打造定制，能夠滿足用戶豐富、多元化的應(yīng)用場(chǎng)景需求。

名稱欄目：Docker-compose部署ELK-創(chuàng)新互聯(lián)
網(wǎng)頁網(wǎng)址：http://bm7419.com/article4/cdeeie.html

成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián)，為您提供微信公眾號(hào)、虛擬主機(jī)、服務(wù)器托管、品牌網(wǎng)站制作、域名注冊(cè)、響應(yīng)式網(wǎng)站

廣告

聲明：本網(wǎng)站發(fā)布的內(nèi)容（圖片、視頻和文字）以用戶投稿、用戶轉(zhuǎn)載內(nèi)容為主，如果涉及侵權(quán)請(qǐng)盡快告知，我們將會(huì)在第一時(shí)間刪除。文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng)，如需處理請(qǐng)聯(lián)系客服。電話：028-86922220；郵箱：631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載，或轉(zhuǎn)載時(shí)需注明來源： 創(chuàng)新互聯(lián)