使用docker搭建elk
mkdir -p /mydata/elasticsearch/config mkdir -p /mydata/elasticsearch/data echo "http.host: 0.0.0.0">>/mydata/elasticsearch/config/elasticsearch.yml docker pull elasticsearch:5.6.11 docker run --name elasticsearch -p 9200:9200 -p 9300:9300 \ -e "discovery.type=single-node" \ -e "ES_JAVA_OPTS=-Xms256m -Xmx256m" \ -v /mydata/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml \ -v /mydata/elasticsearch/data:/usr/share/elasticsearch/data \ -d elasticsearch:5.6.11 docker ps 9200:http restful接口 9300:elasticsearch集群内部通讯接口 # 设置初始内存和最大内存 -e "ES_JAVA_OPTS=-Xms256m -Xmx256m" free -m =====================logstash======================== mkdir -p /mydata/logstash/ cd /mydata/logstash/ vim logstash.conf input { tcp { #host =>"192.168.95.128" port => 4560 codec => json_lines } } output { stdout { codec => rubydebug } elasticsearch { #action => "index" hosts => ["192.168.20.130:9200"] index => "applog" } } docker pull logstash:5.6.15 docker run -d -p 4560:4560 \ -v /mydata/logstash/logstash.conf:/etc/logstash.conf \ --link elasticsearch:elasticsearch \ --name logstash logstash:5.6.15 \ logstash -f /etc/logstash.conf # 安装插件 docker exec -it logstash /bin/bash cd /usr/share/logstash/bin(不知道目录的使用whereis logstash查找) logstash-plugin list|grep json_lines(查找如果没有json_lines,执行如下安装) logstash-plugin install logstash-codec-json_lines =====================kibana======================= # 一定与elasticsearch版本对应 docker pull kibana:5.6.11 docker run -p 5601:5601 --name kibana \ --link elasticsearch:elasticsearch \ -e ELASTICSEARCH_URL=http://192.168.20.130:9200 \ -d kibana:5.6.11 #容器开机自动启动 docker update id --restart=always docker中 启动所有的容器命令 docker start $(docker ps -a | awk '{ print $1}' | tail -n +2) docker中 关闭所有的容器命令 docker stop $(docker ps -a | awk '{ print $1}' | tail -n +2) docker中 删除所有的容器命令 docker rm $(docker ps -a | awk '{ print $1}' | tail -n +2) docker中 删除所有的镜像 docker rmi $(docker images | awk '{print $3}' |tail -n +2) tail -n +2 表示从第二行开始读取