docker搭建ELK监控

作者: andrewkk | 来源:发表于2020-06-08 09:03 被阅读0次

docker搭建ELK监控
基于docker搭建elk ， filebeat采集日志
ELK日志管理系统搭建
docker-compose搭建ELK环境
基于 ELK + Filebeat 搭建日志中心
spring-boot简单的监控
Docker搭建ELK开发环境教程
docker container monitor
docker 搭建elk
ELK 监控平台搭建

准备一台测试机配置如下：

linux系统版本：CentOS Linux release 7.8.2003 (Core)

1.安装docker环境(本人采用官方最新安装方式也可指定版本安装)!!

sudo yum update

curl -sSL https://get.docker.com/ | sh

sudo service docker start

sudo service docker status

测试docker安装是否完成：

docker run hello-world

docker images

查看docker版本：

docker version

yum -y install epel-release

yum -y install python-pip

sudo pip install --upgrade pip

pip -V

sudo pip install docker-compose

!!#ff0000 2.安装ELK(Elasticsearch.Logstash.Kibana)!!

docker search elasticsearch

docker pull docker.elastic.co/elasticsearch/elasticsearch:7.6.0

docker run -d --name es -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" docker.elastic.co/elasticsearch/elasticsearch:7.6.0

docker exec -it es /bin/bash

vi elasticsearch.yml ###修改配置然后重启

!!#ff0000 加入跨域配置!!

http.cors.enabled: true

http.cors.allow-origin: "*"

docker restart es

http://192.168.180.130:9200/

docker pull mobz/elasticsearch-head:5

docker run -d --name es_admin -p 9100:9100 mobz/elasticsearch-head:5

http://192.168.180.130:9100/

docker run --name es_logstash docker.elastic.co/logstash/logstash:7.6.0

docker exec -it es_logstash /bin/bash

vi logstash.yml ###修改配置然后重启

http.host: "0.0.0.0"

xpack.monitoring.elasticsearch.url: http://192.168.180.130:9200

xpack.monitoring.elasticsearch.username: elastic

xpack.monitoring.elasticsearch.password: changme

docker pull kibana:7.6.0

docker run --name es_kibana -p 5601:5601 -d -e ELASTICSEARCH_URL=http://192.168.180.130:9200 kibana:7.6.0

如有报错 "Kibana server is not ready yet"

docker restart es_kibana

docker exec -it es_kibana /bin/bash

vi ./config/kibana.yml ###修改配置然后重启

server.name: kibana

server.host: "0.0.0.0"

elasticsearch.hosts: [ "http://192.168.180.130:9200" ]

xpack.monitoring.ui.container.elasticsearch.enabled: true

最后修改pipeline下的logstash.conf文件

docker exec -it es_logstash /bin/bash

vi logstash.conf

！# 原来的

！# ========================================

！# input {

！# beats {

！# port => 5044

！# }

！# }

！# output {

！# stdout {

！# codec => rubydebug

！# }

！# }

！# ========================================

！# 添加的部分

input {

file {

codec=> json

path => "/usr/local/*.json"

}

}

filter {

#定义数据的格式

grok {

match => { "message" => "%{DATA:timestamp}\|%{IP:serverIp}\|%{IP:clientIp}\|%{DATA:logSource}\|%{DATA:userId}\|%{DATA:reqUrl}\|%{DATA:reqUri}\|%{DATA:refer}\|%{DATA:device}\|%{DATA:textDuring}\|%{DATA:duringTime:int}\|\|"}

}

}

output {

elasticsearch{

hosts=> "http://192.168.180.130:9200"

}

}

！### 重启所有容器

docker restart es

docker restart es_logstash

docker restart es_kibana

docker container ls -all

netstat -tulnp

curl 192.168.180.130:9100

curl 192.168.180.130:9200

curl 192.168.180.130:5601

ES访问：http://localhost:9200/

Es-head访问： http://localhost:9100/

kibana访问：http://localhost:5601