1.elasticsearch
1.1.docker pull elasticsearch:7.13.0
(docker pull elasticsearch:latest会报错,可以去https://hub.docker.com/查找最新的elcsticsearch,tags最新是7.13.0)
1.2.docker run elasticsearch
对挂载的文件夹授权
chmod -R 777 /home/workspace/elk/elasticsearch/data/
docker stop elasticsearch
docker rm elasticsearch
docker run -idt \
--name elasticsearch \
-p 9200:9200 \
-v /home/workspace/elk/elasticsearch/data:/usr/share/elasticsearch/data \
-e "discovery.type=single-node" \
elasticsearch:7.13.0
2.kibana
docker pull kibana:7.13.0
docker stop kibana
docker rm kibana
docker run -idt \
--restart=always \
--name kibana \
--link elasticsearch:elasticsearch \
-p 5601:5601 \
-e "I18N_LOCALE=zh-CN" \
kibana:7.13.0
3.logstash
以nginx的访问日志为例,配置logstash读取nginx的access.log,然后把日志转发到elasticsearch
首先编译一个logstash配置文件logstash.conf,内容如下:
input{
file{
path=>"/tmp/nginx/logs/access.log"
}
}
output{
stdout{
}#日志输出到控制台#输出到eselasticsearch{
hosts=>"100.100.x.231"
}
}
启动容器,这里把nginx的日志放在/tmp/nginx/logs/access.log,为了让容器能读到这个日志,需要把日志目录映射到容器里面
docker run -idt \
--name logstash \
--rm \
-v /tmp/nginx/logs/access.log:/tmp/nginx/logs/access.log \
logstash:7.13.0 -f /config-dir/logstash.conf
接下来我们可以全流程测试一下日志收集展示过程,首先在ngin里面造点访问日志,比如直接curl调nginx服务端口,或者直接往access,log里面写数据也行
