Docker-compose部署ELK-创新互联

                 Docker-compose部署单机ELK

创新互联从2013年成立,是专业互联网技术服务公司,拥有项目网站制作、成都网站制作网站策划,项目实施与项目整合能力。我们以让每一个梦想脱颖而出为使命,1280元潼南做网站,已为上家服务,为潼南各地企业和个人服务,联系电话:13518219792

环境

主机IP 192.168.0.9

Docker version 19.03.2

docker-compose version 1.24.0-rc1

elasticsearch version 6.6.1

kibana version 6.6.1

logstash version 6.6.1

一、ELK-dockerfile文件编写及配置文件

● elasticsearch

1、elasticsearch-dockerfile

FROM centos:latest ADD elasticsearch-6.6.1.tar.gz  /usr/local/ COPY elasticsearch.yml /usr/local/elasticsearch-6.6.1/config/ COPY jdk1.8 /usr/local/ ENV JAVA_HOME=/usr/local/jdk1.8 ENV CLASSPATH=$CLASSPATH:$JAVA_HOME/lib:$JAVA_HOME/jre/lib ENV PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$PATH:$HOME/bin RUN groupadd elsearch && \ useradd elsearch -g elsearch -p elasticsearch && \ chown -R elsearch:elsearch /usr/local/elasticsearch-6.6.1 && \ cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \ echo "Asia/shanghai" > /etc/timezone && \ yum install which -y && \ mkdir /opt/data && \ mkdir /opt/logs EXPOSE 9200 9300 #主要是切换到elsearch用户启动es USER elsearch WORKDIR /usr/local/elasticsearch-6.6.1/bin/ ENTRYPOINT ["./elasticsearch"]

2、elasticsearch.yml

[root@localhost elasticsearch]# egrep  "^[^#]" elasticsearch.yml  cluster.name: es-cluster node.name: node-1 path.data: /opt/data path.logs: /opt/logs network.host: 0.0.0.0 http.port: 9200 cluster.routing.allocation.disk.threshold_enabled: true cluster.routing.allocation.disk.watermark.low: 94% cluster.routing.allocation.disk.watermark.high: 96% cluster.routing.allocation.disk.watermark.flood_stage: 98% discovery.zen.minimum_master_nodes: 1

● logstash

1、logstash-dockerfile

FROM centos:latest ADD logstash-6.6.1.tar.gz /usr/local/ COPY logstash.yml /usr/local/logstash-6.6.1/config/ COPY logstash.conf /usr/local/logstash-6.6.1/config/ COPY jdk1.8 /usr/local/ COPY start.sh /start.sh ENV JAVA_HOME=/usr/local/jdk1.8 ENV CLASSPATH=$CLASSPATH:$JAVA_HOME/lib:$JAVA_HOME/jre/lib ENV PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$PATH:$HOME/bin RUN mkdir /opt/data && \ mkdir /opt/logs && \ chmod +x /start.sh ENTRYPOINT ["/start.sh"]

2、logstash-start.sh

#!/bin/bash /usr/local/logstash-6.6.1/bin/logstash -f /usr/local/logstash-6.6.1/config/logstash.conf

3、logstash.yml

[root@localhost logstash]# egrep "^[^#]" logstash.yml  path.data: /opt/data path.logs: /opt/logs pipeline.batch.size: 200

4、logstash.conf

input {   file {     path => "/usr/local/nginx/logs/access.log"     type => "nginx"     start_position => "beginning"     sincedb_path => "/dev/null"   }   file {     path => "/var/log/secure"     type => "secure"     start_position => "beginning"     sincedb_path => "/dev/null"   } } #详细说明可以查看我之前的博客 filter {     grok {         match => {             "message" => '(?[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}) - - (?\[[0-9]{1,2}\/[A-z]+\/[0-9]{4}\:[0-9]{2}\:[0-9]{2}\:[0-9]{2} \+[0-9]*\]) "(?[A-Z]+) (?[^ ]+) (?HTTP/\d\.\d)" (?[0-9]+) (?[0-9]+) "(?[^ ]|(http|https)://[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\/)" "(?(a-Z|0-9| |.)+)"'         }          remove_field => ["message","log","beat","offset","prospector","host","@version"]     } } #output指向es容器 output {  if [type] == "nginx" {   elasticsearch {     hosts => ["es:9200"]     index => "nginx-%{+YYYY.MM.dd}"         }      }   else if [type] == "secure" {     elasticsearch {     hosts => ["es:9200"]     index => "secure-%{+YYYY.MM.dd}"         }      }   }

● kibana

1、kibana-dockerfile

FROM centos:latest ADD kibana-6.6.1-linux-x86_64.tar.gz   /usr/local/ COPY kibana.yml /usr/local/kibana-6.6.1-linux-x86_64/config/ COPY start.sh /start.sh RUN  chmod +x /start.sh EXPOSE 5601 ENTRYPOINT ["/start.sh"]

2、kibana.yml

[root@localhost kibana]# egrep "^[^#]" kibana.yml  server.port: 5601 server.host: "0.0.0.0" #指向es容器的9200端口 elasticsearch.hosts: ["http://es:9200"]

3、kibana-start.sh

#!/bin/bash /usr/local/kibana-6.6.1-linux-x86_64/bin/kibana

二、docker-compose,yml文件编写

[root@localhost elk_dockerfile]# cat docker-compose.yml 

version: '3.7' services:   elasticsearch:     image: elasticsearch:elk     container_name: es     networks:       - elk     volumes:       - /opt/data:/opt/data       - /opt/logs:/opt/logs     expose:       - 9200       - 9300     restart: always     depends_on:       - logstash       - kibana   logstash:     image: logstash:elk     container_name: logstash     networks:       - elk     volumes:       - /opt/logstash/data/:/op/data       - /opt/logstash/logs/:/opt/logs       - /opt/elk/elk_dockerfile/logstash/logstash.conf:/usr/local/logstash-6.6.1/config/logstash.conf       - /usr/local/nginx/logs:/usr/local/nginx/logs       - /var/log/secure:/var/log/secure     restart: always   kibana:     image: kibana:elk     container_name: kibana     ports:       - 5601:5601     networks:       - elk     volumes:       - /opt/elk/elk_dockerfile/kibana/kibana.yml:/usr/local/kibana-6.6.1-linux-x86_64/config/kibana.yml networks:   elk:

compose文件version版本指向

Docker-compose部署ELK

三、访问界面

Docker-compose部署ELK

另外有需要云服务器可以了解下创新互联cdcxhl.cn,海内外云服务器15元起步,三天无理由+7*72小时售后在线,公司持有idc许可证,提供“云服务器、裸金属服务器、高防服务器、香港服务器、美国服务器、虚拟主机、免备案服务器”等云主机租用服务以及企业上云的综合解决方案,具有“安全稳定、简单易用、服务可用性高、性价比高”等特点与优势,专为企业上云打造定制,能够满足用户丰富、多元化的应用场景需求。


本文名称:Docker-compose部署ELK-创新互联
文章来源:http://azwzsj.com/article/cdeeie.html