安装Elasticsearch、kibana、Logstash
1 、demo(实验)
| 一、查看 安装Elasticsearch和kibana 镜像 |
| # elasticsearch 镜像 |
| docker search Elasticsearch |
| docker search kibana |
| docker search logstash |
| docker search mobz/elasticsearch-head:5 |
| |
| 二、拉镜像(版本7.17.1) |
| docker pull elasticsearch:7.17.7 |
| docker pull kibana:7.17.7 |
| docker pull logstash:7.17.7 |
| docker pull mobz/elasticsearch-head:5 |
| |
| 三、查看镜像 |
| docker images |
| |
| 四、创建容器网络(docker network) |
| docker network create elk_net |
2、elasticsearch
| 一、启动ES |
| docker run -itd --name elasticsearch --net elk_net -p 9200:9200 -p 9300:9300 \ |
| -e "discovery.type=single-node" \ |
| -e ES_JAVA_OPTS="-Xms256m -Xmx512m" \ |
| -d elasticsearch:7.17.7 |
| |
| |
| |
| 二、创建文件夹,并复制容器镜像文件(用于文件映射) |
| |
| mkdir -p /mydata/elasticsearch/config |
| mkdir -p /mydata/elasticsearch/ |
| |
| |
| docker cp elasticsearch:/usr/share/elasticsearch/config/elasticsearch.yml /mydata/elasticsearch/config/elasticsearch.yml |
| docker cp elasticsearch:/usr/share/elasticsearch/plugins /mydata/elasticsearch/plugins |
| docker cp elasticsearch:/usr/share/elasticsearch/data /mydata/elasticsearch/data |
| docker cp elasticsearch:/usr/share/elasticsearch/logs /mydata/elasticsearch/logs |
| |
| |
| chmod -R 777 /mydata/elasticsearch/ |
| |
| 三、设置ES密码 |
| vi /mydata/elasticsearch/config/elasticsearch.yml |
| |
| 配置elasticsearch.yml |
| http.cors.enabled: true |
| http.cors.allow-origin: "*" |
| |
| xpack.security.enabled: true |
| xpack.security.audit.enabled: true |
| xpack.license.self_generated.type: basic |
| xpack.security.transport.ssl.enabled: true |
| xpack.ml.enabled: false |
| xpack.monitoring.enabled: true |
| xpack.watcher.enabled: true |
| |
| 四、重启ES(注意选择创建的网络,elk要在同一网络!)‘ |
| |
| docker stop <名称/ID> |
| |
| |
| docker rm <名称/ID> |
| |
| |
| docker run -itd --name elasticsearch --net elk_net -p 9200:9200 -p 9300:9300 \ |
| -e "discovery.type=single-node" \ |
| -e ES_JAVA_OPTS="-Xms256m -Xmx512m" \ |
| -v /mydata/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml \ |
| -v /mydata/elasticsearch/plugins:/usr/share/elasticsearch/plugins \ |
| -v /mydata/elasticsearch/data:/usr/share/elasticsearch/data \ |
| -v /mydata/elasticsearch/logs:/usr/share/elasticsearch/logs \ |
| -d elasticsearch:7.17.7 |
| |
| 五、在elasticsearch/bin下运行,输入密码(默认看不见) |
| 进入 容器: |
| docker exec -it es /bin/bash |
| |
| |
| ./elasticsearch-setup-passwords interactive |
| |
| |
| 账号:elastic |
| 密码:<密码> |
| |
| 账号:apm_system |
| 密码:<密码> |
| |
| 账号:kibana_system |
| 密码:<密码> |
| |
| 账号:logstash |
| 密码:<密码> |
| |
| 账号:beats_system |
| 密码:<密码> |
| |
| 账号:remote_user |
| 密码:<密码> |
| |
| |
| 六、安装 进入plugins目录,新建一个ik目录,使用下列命令下载 |
| |
| sudo yum install wget |
| |
| wget https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v7.17.7/elasticsearch-analysis-ik-7.17.7.zip |
| |
| |
| yum -y install unzip zip |
| |
| |
| 七、查看ElasticSearch的容器内部的ip |
| docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' elasticsearch |
3、Elasticsearch-head
| 1、运行 elasticsearch-head 容器 |
| docker run -itd --name elasticsearch-head --net elk_net -p 9100:9100 -d mobz/elasticsearch-head:5 |
| |
| 2、修改 vendor.js 主要是能让数据浏览右边显示索引数据 |
| |
| mkdir -p /mydata/elasticsearch-head |
| |
| cd /mydata/elasticsearch-head |
| |
| |
| docker cp elasticsearch-head:/usr/src/app/_site/vendor.js /mydata/elasticsearch-head |
| |
| |
| 修改 vendor.js 共有两处,重启head插件 |
| vi _site/vendor.js |
| |
| set number |
| |
| contentType: "application/x-www-form-urlencoded |
| 改成 |
| contentType: “application/json;charset=UTF-8” |
| # 7573行 |
| var inspectData = s.contentType === “application/x-www-form-urlencoded” && |
| 改成 |
| var inspectData = s.contentType === “application/json;charset=UTF-8” && |
| |
| |
| 3、再次运行Elasticsearch-head容器 |
| # 删除容器 |
| docker rm -f elasticsearch-head |
| |
| # 运行容器 |
| docker run -itd --name elasticsearch-head --net elk_net -p 9100:9100 \ |
| -v /mydata/elasticsearch-head/vendor.js:/usr/src/app/_site/vendor.js \ |
| -d mobz/elasticsearch-head:5 |
| |
4、kibana
| 一、启动kibana |
| docker run -d --name kibana --net elk_net -p 5601:5601 -e "ELASTICSEARCH_HOSTS=http://<ElasticSearch的容器内部的ip>:<映射端口>" kibana:7.17.7 |
| |
| 二、复制容器镜像文件(用于文件映射) |
| mkdir -p /mydata/kibana/config |
| docker cp kibana:/usr/share/kibana/config/kibana.yml /mydata/kibana/config/kibana.yml |
| |
| 三、配置kibana.yml(添加es账号密码) |
| |
| |
| server.name: kibana |
| server.host: "0" |
| elasticsearch.hosts: ["http://<ElasticSearch的容器内部的ip>:<映射端口>"] |
| xpack.monitoring.ui.container.elasticsearch.enabled: true |
| |
| i18n.locale: "zh-CN" |
| |
| |
| elasticsearch.username: "elastic" |
| elasticsearch.password: [es密码] |
| |
| 四、重启kibana |
| docker stop <name or ID> |
| docker rm <name or ID> |
| |
| docker run -d --name kibana --net elk_net -p 5601:5601 \ |
| -e "ELASTICSEARCH_HOSTS=http://<ElasticSearch的容器内部的ip>:<映射端口>" \ |
| -v /mydata/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml \ |
| -d kibana:7.17.7 |
| |
5、logstash
| 一、启动logstash |
| docker run -itd --name logstash --net elk_net -p 5044:5044 logstash:7.17.7 |
| |
| 二、复制容器镜像文件(用于文件映射) |
| mkdir -p /mydata/logstash/config |
| mkdir -p /mydata/logstash/pipeline |
| |
| docker cp logstash:/usr/share/logstash/config/logstash.yml /mydata/logstash/config/logstash.yml |
| docker cp logstash:/usr/share/logstash/pipeline/logstash.conf /mydata/logstash/pipeline/logstash.conf |
| |
| 三、配置logstash.yml(添加es账号密码) |
| xpack.monitoring.enabled: true |
| xpack.monitoring.elasticsearch.username: "elastic" |
| xpack.monitoring.elasticsearch.password: [es账号密码] |
| |
| 四、配置logstash.conf (消费kafka数据到es,个人需求) |
| input { |
| kafka{ |
| bootstrap_servers => ["[kafkaIP]:9092"] |
| auto_offset_reset => "latest" |
| consumer_threads => 1 |
| decorate_events => "true" |
| topics => ["test"] |
| type => "kafka-to-elasticsearch" |
| tags => ["test"] |
| codec => json |
| } |
| } |
| |
| filter { |
| prune { |
| whitelist_names => [] |
| blacklist_names => [] |
| } |
| } |
| |
| output { |
| stdout { |
| codec => rubydebug |
| } |
| elasticsearch { |
| hosts => ["http://<ElasticSearch的容器内部的ip>:<映射端口>"] |
| index => "%{[@metadata][kafka][topic]}" |
| user => "elastic" |
| password => "[es密码]" |
| } |
| } |
| |
| 五、重启logstash |
| docker run -itd --name logstash --net elk_net -p 5044:5044 \ |
| -e "ELASTICSEARCH_HOSTS=http://<ElasticSearch的容器内部的ip>:<映射端口>" \ |
| -v /mydata/logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml \ |
| -v /mydata/logstash/pipeline/logstash.conf:/usr/share/logstash/pipeline/logstash.conf \ |
| -d logstash:7.17.7 |
| |
设置 ELK 开机自动启动
| # 设置 elasticsearch |
| docker update elasticsearch |
| |
| # 设置 kibana |
| docker update kibana |
| |
| # 设置 logstash |
| docker update logstash |
6、IK分词器安装
1. 在Linux下面安装 unzip
| |
| |
| |
| |
| |
| yum -y install unzip zip |
| |
| |
| yum remove unzip zip |
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 记一次.NET内存居高不下排查解决与启示
· 探究高空视频全景AR技术的实现原理
· 理解Rust引用及其生命周期标识(上)
· 浏览器原生「磁吸」效果!Anchor Positioning 锚点定位神器解析
· 没有源码,如何修改代码逻辑?
· 全程不用写代码,我用AI程序员写了一个飞机大战
· DeepSeek 开源周回顾「GitHub 热点速览」
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 记一次.NET内存居高不下排查解决与启示
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了