efk日志收集系统配置模板
一、被收集日志端服务器的配置:
1. docker-compose.yaml的配置:
#version: '2'
services:
filebeat:
image: docker.elastic.co/beats/filebeat:8.10.2
container_name: filebeat
networks:
- logging
volumes:
- ./filebeat/filebeat.yml:/usr/share/filebeat/filebeat.yml
- /chana-mazda/microservice-log:/chana-mazda/microservice-log
user: root
command: filebeat -e -strict.perms=false
networks:
logging:
========================================
2.配置文件filebeat.yml的配置:
# 输入配置部分
filebeat.inputs:
# API网关日志输入配置
- type: log
enabled: true
paths:
- /chana-mazda/microservice-log/api-gateway/**/*.log # 使用更灵活的通配符,可匹配多级子目录下的.log文件
fields:
project: cm-app
app: api-gateway
environment: production # 添加环境字段,方便区分不同环境下的日志
fields_under_root: true # 将自定义字段提升到顶级,方便在Elasticsearch中查询
# 商城中心日志输入配置
- type: log
enabled: true
paths:
- /chana-mazda/microservice-log/mall-center/**/*.log
fields:
project: cm-app
app: mall-center
environment: production
fields_under_root: true
# 用户中心日志输入配置
- type: log
enabled: true
paths:
- /chana-mazda/microservice-log/user-center/**/*.log
fields:
project: cm-app
app: user-center
environment: production
fields_under_root: true
# 认证服务器日志输入配置
- type: log
enabled: true
paths:
- /chana-mazda/microservice-log/auth-server/**/*.log
fields:
project: cm-app
app: auth-server
environment: production
fields_under_root: true
# 基础服务中心日志输入配置
- type: log
enabled: true
paths:
- /chana-mazda/microservice-log/base-center/**/*.log
fields:
project: cm-app
app: base-center
environment: production
fields_under_root: true
# 业务消息队列生产者日志输入配置
- type: log
enabled: true
paths:
- /chana-mazda/microservice-log/biz-mq-producer/**/*.log
fields:
project: cm-app
app: biz-mq-producer
environment: production
fields_under_root: true
# 商品中心日志输入配置
- type: log
enabled: true
paths:
- /chana-mazda/microservice-log/commodity-center/**/*.log
fields:
project: cm-app
app: commodity-center
environment: production
fields_under_root: true
# 内容中心日志输入配置
- type: log
enabled: true
paths:
- /chana-mazda/microservice-log/content-center/**/*.log
fields:
project: cm-app
app: content-center
environment: production
fields_under_root: true
# 文件中心日志输入配置
- type: log
enabled: true
paths:
- /chana-mazda/microservice-log/file-center/**/*.log
fields:
project: cm-app
app: file-center
environment: production
fields_under_root: true
# 消息中心日志输入配置
- type: log
enabled: true
paths:
- /chana-mazda/microservice-log/message-center/**/*.log
fields:
project: cm-app
app: message-center
environment: production
fields_under_root: true
# 服务注册中心日志输入配置
- type: log
enabled: true
paths:
- /chana-mazda/microservice-log/service-center/**/*.log
fields:
project: cm-app
app: service-center
environment: production
fields_under_root: true
# 短信中心日志输入配置
- type: log
enabled: true
paths:
- /chana-mazda/microservice-log/sms-center/**/*.log
fields:
project: cm-app
app: sms-center
environment: production
fields_under_root: true
# Spring Boot监控服务器日志输入配置
- type: log
enabled: true
paths:
- /chana-mazda/microservice-log/springboot-admin-server/**/*.log
fields:
project: cm-app
app: springboot-admin-server
environment: production
fields_under_root: true
# 企业微信服务中心日志输入配置
- type: log
enabled: true
paths:
- /chana-mazda/microservice-log/wecom-center/**/*.log
fields:
project: cm-app
app: wecom-center
environment: production
fields_under_root: true
# 索引模板配置部分
setup.template:
name: "filebeat"
pattern: "filebeat-*"
settings:
index.number_of_shards: 3 # 根据实际数据量和集群情况调整分片数量
index.number_of_replicas: 1 # 设置副本数量
index.refresh_interval: "5s" # 调整索引刷新间隔,平衡实时性和性能
mappings:
properties:
project:
type: keyword # 将project字段设置为keyword类型,适合精确查询
app:
type: keyword
environment:
type: keyword
message:
type: text # message字段通常用于存储日志内容,设置为text类型以便进行全文搜索
timestamp:
type: date # 假设日志中有时间戳字段,将其设置为date类型
# 输出配置部分
output.elasticsearch:
hosts: ["http://172.16.56.60:9200"]
index: "%{[project]}-%{[app]}-%{+yyyy.MM.dd}" # 简化索引命名,直接使用提升后的字段
connection.timeout: "30s" # 设置连接超时时间
max_retries: 3 # 设置连接重试次数
username: "your_username" # 如果Elasticsearch启用了认证,添加用户名
password: "your_password" # 添加密码
compression: true # 开启数据压缩,减少网络传输量
======================================================================================
二、收集日志端服务器的配置:
docker-compose.yaml的配置:
#version: '2'
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:8.10.2
container_name: elasticsearch
networks:
- logging
volumes:
- elasticsearch-data:/home/efk/elasticsearch/data
environment:
- discovery.type=single-node
- xpack.security.enabled=false
- ES_JAVA_OPTS=-Xms512m -Xmx512m
ports:
- "9200:9200"
kibana:
image: docker.elastic.co/kibana/kibana:8.10.2
container_name: kibana
networks:
- logging
environment:
- ELASTICSEARCH_HOSTS=http://elasticsearch:9200
- I18N_LOCALE=zh-CN
ports:
- "5601:5601"
networks:
logging:
volumes:
elasticsearch-data:
driver: local